Data validation issue - soft reject

wordpress

#1
  1. Data Validation issues have been found in your theme. All dynamic data must be correctly escaped for the context where it is rendered.

Please perform a global search for “echo $” and you will see several issues.

Who can I search for “echo $” ?


#2

In whichever code editor you’re using, you should be able to search the theme’s directory for echo $ and it will locate those variables that are being output without validation. For example:


#3

textmate of course


#4

Great! So you should be able to search:

Edit → Find → Find in Project… (⇧⌘F)

https://manual.macromates.com/en/working_with_multiple_files#find_and_replace_in_projects


#5

and what I should do with all of them esc_attr() ?


#6

That depends on what you’re echo’ing. Here’s a good reference of common functions you can use:

https://codex.wordpress.org/Data_Validation