Problems with an Envato reviewer.

Hello Envato authors.
I need help with my article, this since I do not understand the suggestions of a reviewer. I have let him know, but I have felt ignored. I feel like this person is not “doing” their job right by reviewing articles and making suggestions.
I hope I am wrong about that. A few days ago I sent an article to update it and received a suggestion / comment to improve my script. At one point I thought it was part of my problem, and it could be, but after taking the necessary time I realized that his suggestions didn’t make sense.

Immediately I put what he sent me.

  1. Don’t suppress errors:

  2. Remove all unused code:

  3. Keep libraries up-to-date, and don’t load from CDN:

  4. Sanitize all input data:

  5. All JavaScript should be written with “use strict” mode on.

For example, you can do this with jQuery as follows:

(function($) {
“use strict”;
// Author code here

  1. Use .on() rather than .click(), .bind(), .hover(), .submit() etc…

  2. md5() is cryptographically broken and should not be used.

  3. Data Validation issues have been found. Do a global search for “echo $”.

All dynamic data must be correctly escaped for the context where it is rendered.

To this I responded with the following message that was clearly ignored, the person sent me the same message again. I think he didn’t even take the time to read my answer.

Hello Envato team, I appreciate you taking the time to review my article. I am in favor of suggestion number 3 that the reviewer / you have given me. You are right with this because of the loading times, I hope you take the following suggestion into account; you took screenshots to show me the code errors. But you forgot to take full screen shot of the code editor being used, this for me to know the file name and path.
This is done to avoid searching a word among hundreds of lines of code and files.
Next tip related to number one; in certain cases the developer can suppress errors for an optimal operation of the functions that are going to be used or are being used.

Next suggestion related to number two; you did not take the entire capture, just the line, and thus it is impossible to find the line of code that you are asking me to remove.

Suggestion number three related to number four, which in turn is related to number two; remove codes without knowing the origin.

Suggestion number four related to number five of the reviewer; I can’t find sense in the paragraph he wrote.

Tip number five related to your number six; you cannot demand a function that does not correspond to the action that I want to do.

Suggestion number six from reviewer’s observation number seven; I am using a dictation function, yes I accept. But it works with random and time codes, only for the security token, unless you have a quantum computer it would be almost impossible to break the token.

Suggestion number seven from observation number eight made by the reviewer; I did the revisions and found no errors in the error file, on what basis does it say this?

Those were my points, I hope they will be taken into account to avoid problems with me or with other authors. I will reload the same files from the previous time, this because their platform is paused when uploading the files, or it is carrying an infinite time

This morning I received an ultimatum; If I did not follow their “suggestions”, they would deactivate my account.
This is my complaint.

While it would be certainly cool if the reviewer would provide you exact file paths, you can just use a search within folder functionality of your editor to easily find all those. Saying that you are not able to find them without reviewer giving you exact files is nonsense. I mean how hard is to do a mass search for something like “@$upload” in any modern code editor? BTW the reviewer is totally right that you should not suppress those, you are just making harder to bugfix it in case of any issues.

If you re-uploaded the item without any of these changes then you shouldn’t be surprised with the response you got. It is not worth to argue with a reviewer unless he want something which doesn’t make any sense and honestly all of these seem rational and up to current code requirements.

So if your complain is that the reviewers should be more descriptive about found issues then that’s fair request, but it would result in lengthening the review queue. However if you complain is about the ultimatum because you refused to fix issues then I am sorry, reviewer is in the right on that.

If you want to discuss any of these issues and why they make sense then feel free to use this forum for it. No point in arguing about it with the reviewer, it is not really his job to explain that stuff to you as all that is explained in the official ThemeForest WP theme requirements and official WordPress coding standards. You should take it as an opportunity to improve your item, not an opportunity to attack the reviewer who is only doing his job.

1 Like

Hi @Zhareiv

  1. you should avoide @ (suppress errors)
  2. you should make your coding clean. so you should remove all comments code
  3. third party assets should load from your script folder
  4. you should sanitize all data: $titlesite= filter_var($_POST['titlesite'], FILTER_SANITIZE_STRING);
  5. reviewer has explained and gave you sample code
  6. you can follow this coding
    $(’.scrollup’).on(‘click’, ‘’, function(event){
  7. you should use Good Password Hashing technique for encription data
  8. you should escape all data before render

with respect as an author I always think it is author responsibility to find the bugs and fix those.

reviewer sometimes use example screenshot but author should to check overall full script to fix such type of error. so, please fix all the 8 points if already not done and upload the update with a comments to the reviewer what changes you have made.

Good Luck!

1 Like

Sometimes it’s really required to suppress errors, such as dns_get_record sometimes throws warning, if I just use @dns_get_record, there is no warning I need to handle, why isn’t it allowed? I saw a script using @mysqli_connect to check db information before installation. If it is strictly disallowed, how did the item get approved?

Yes, @ is sometimes necessary due to core functions that throw notices/warnings upon expected failures (another great example of this is json_decode). But in OP’s case, they are completely abusing this operator.


That means it’s not strictly disallowed and reviewer takes decision about @ depending on how and where it is being used, right??

All of the items I’ve ever had approved used the @ operator here and there. It’s a genuine operator that has genuine use cases, as long as you use it appropriately you’re fine.

If you get rejected for @json_decode() followed by a json_last_error call, then the reviewer isn’t qualified to review PHP code haha. :stuck_out_tongue_winking_eye:

1 Like

You saved the day! If it was disallowed I would need to spend another day to clean up “@” :expressionless:

Thanks man :heart:

1 Like

He is not making suggestions, he is telling you the REQUIREMENTS you need to follow if you want to be accepted. All authors follow these requirements.

Stop arguing with the reviewer and do the modifications so you can start selling.

I have been offering top notch solutions at Envato for more than 4 years now and as per the code and standards as followed make sure it’s all done in the same way as mentioned

  • simply just avoid suppressing errors
  • for the unused code make sure it’s not commented. Simply just remove it
  • Sanitation of products is really important so make sure all of your products code is been sanitized in the right way
  • For the JS code it should be under the use strict mode as on

Sometime the reviewers take a bit more time than usual in order to consider the sanitized code but keep pushing it and keep requesting to have it accepted and approved and hopefully when the reviewer is all satisfied he will approve.