I think it’s pretty self explanatory, this is a generic message - whenever any 1 of those 4 things listed is wrong with your item, he posts that whole thing. Really annoying haha.
Is your PHP script an actual application (in other words, does it have an interface/front end for the users) or is it simply code that someone can use in their project?
If it’s an actual application, then you don’t need to worry about PSR standards.
If it’s merely code, then you need to use PSR namespacing and comply with all of their other rules.
Check for errors, yes. A single error, warning, notice, or uncaught exception anywhere in the app means instant rejection. As mentioned, put error_reporting(E_ALL); ini_set('display_errors', true); in your script and check it entirely for any errors.
Filter all user input.
Always convert the < and > symbols in your user’s input into < and > if you plan on displaying that input anywhere in the app.
Always convert quotations (") into " if you are placing the input into an HTML attribute.
Make sure any PHP scripts that are called using AJAX are protected against other sites calling those scripts.
Always check user input to ensure it’s the type of data expected.
Always assume that the user input will contain all sorts of nasty things to try and break/exploit the application.
Use prepared statements when adding user input into SQL queries.
You must provide full source code for download. No encrypting any code.
If you have an installer in your app that requires the user to verify their license before installing, this is not allowed.
However, you can still ask for license info. What I do is let them sign into their Envato account (via OAuth) to enable updates and support, but there is a “skip” button.
yes my app has complete user front-end interface. and its php coding is OOP based, no use of any framework. So, as per your opinion i don’t have to comply with PSR?
2nd, i’ll re check for error reporting and warnings / notices.
i am using a MIT licensed bootstrap theme (AdminLTE) and in my documentation i just added a link to the themes license information .txt file declaring that its a MIT . can this be a issue as well ?
i will again check for user input validations, is accepting form as a GET method exposes for common security vulnerabilities ?
Lastly, in the email reply they wrote :
unfortunately we found it isn’t at the quality standard required to move forward, and you won’t be able to re-submit this item again.
does this mean that i should not re submit even after making changes ?
You can always try again when you fix the issues they mentioned and give your product a little bit of a revamp. Just try and work out all the possible kinks- the first submission is always the hardest one but once you know the rules and the quality that is expected it becomes a lot easier.
I think even if you are using a PHP Framework, such as CodeIgniter, then be sure you have custom written code (modules) which of course needs to be formatted as per programming rules.
I’m sure reviewers checks your custom code even if you are using a framework.