Need advise regarding the rejected item reasons.

item-feedback

#1

Hi,
I made an item submission (my 1st item) PHP script to manage contacts. However the item was rejected by following points :

Here is the comment from your Envato Quality team reviewer:

  • Please make sure the code adheres to PSR standards.
  • Make sure that the code doesn’t raise any PHP errors, notices or warnings. Please set error_reporting(E_ALL)
  • Please double check for common security vulnerabilities: SQL injection, XSS, CSRF etc
  • Please make sure the item doesn’t contain any encrypted code or a third party licensing system.

can some one advise me regarding that , what quality improvements should i bring to meet the standards required.

Thanking in anticipation.


#2

I think it’s pretty self explanatory, this is a generic message - whenever any 1 of those 4 things listed is wrong with your item, he posts that whole thing. Really annoying haha.

  • Is your PHP script an actual application (in other words, does it have an interface/front end for the users) or is it simply code that someone can use in their project?
    • If it’s an actual application, then you don’t need to worry about PSR standards.
    • If it’s merely code, then you need to use PSR namespacing and comply with all of their other rules.
  • Check for errors, yes. A single error, warning, notice, or uncaught exception anywhere in the app means instant rejection. As mentioned, put error_reporting(E_ALL); ini_set('display_errors', true); in your script and check it entirely for any errors.
  • Filter all user input.
    • Always convert the < and > symbols in your user’s input into &lt; and &gt; if you plan on displaying that input anywhere in the app.
    • Always convert quotations (") into &quot; if you are placing the input into an HTML attribute.
    • Make sure any PHP scripts that are called using AJAX are protected against other sites calling those scripts.
    • Always check user input to ensure it’s the type of data expected.
    • Always assume that the user input will contain all sorts of nasty things to try and break/exploit the application.
    • Use prepared statements when adding user input into SQL queries.
  • You must provide full source code for download. No encrypting any code.
  • If you have an installer in your app that requires the user to verify their license before installing, this is not allowed.
    • However, you can still ask for license info. What I do is let them sign into their Envato account (via OAuth) to enable updates and support, but there is a “skip” button.

Hope that helps.


#3

thank you for the time and detailed reply. here are more elaborated details about my app.
demo link : http://wehostweb.net/envato/php/i-contact/demo/
username : master
password : master

yes my app has complete user front-end interface. and its php coding is OOP based, no use of any framework. So, as per your opinion i don’t have to comply with PSR?

2nd, i’ll re check for error reporting and warnings / notices.

i am using a MIT licensed bootstrap theme (AdminLTE) and in my documentation i just added a link to the themes license information .txt file declaring that its a MIT . can this be a issue as well ?

i will again check for user input validations, is accepting form as a GET method exposes for common security vulnerabilities ?

Lastly, in the email reply they wrote :

unfortunately we found it isn’t at the quality standard required to move forward, and you won’t be able to re-submit this item again.

does this mean that i should not re submit even after making changes ?

thank you for helping out.


#4

Unfortunately, Yes. As the email content your item has been hard rejected.

Regarding PSR question, there’re many PSR standards, if you write only one class to interact with contact form, it should follows PSR-1 and PSR-2.

See here:

Basic Coding Standard
http://www.php-fig.org/psr/psr-1/

Coding Style Guide
http://www.php-fig.org/psr/psr-2/


#5

You can always try again when you fix the issues they mentioned and give your product a little bit of a revamp. Just try and work out all the possible kinks- the first submission is always the hardest one but once you know the rules and the quality that is expected it becomes a lot easier.

Good luck!


#6

ok, what if i re code my app in code igniter framework, does this auto address the all 4 issues they pointed out?

and using phpstorm ide, does code reformatting comply to psr-1 / 2 auto ? if naming conventions are kept observed ?

thank you once again to all for helping me out to be successful.


#7

Hi there,

I think even if you are using a PHP Framework, such as CodeIgniter, then be sure you have custom written code (modules) which of course needs to be formatted as per programming rules.

I’m sure reviewers checks your custom code even if you are using a framework.

Regards