Redux Framework VS ThemeCheck.org

I’ve used a couple of frameworks so far, but after hearing a lot of good words about the Redux Framework, I decided to give it a try. After months of experimenting I think that my first WordPress Theme based on Redux Framework is done. But ThemeCheck.org doesn’t share my opinion…

Searching the web, i see that a lot of authors are complaining about the errors that ThemeCheck shows on almost every theme that uses this framework.

This are the errors *(5) that I get when I check my theme on ThemeCheck.org:

  1. Customizer : Sanitization of Customizer settings Found a Customizer setting that did not have a sanitization callback function in file extension_customizer.php. Every call to the add_setting() method needs to have a sanitization callback function passed.

  2. Security breaches : Use of base64_decode()
    Found base64_decode in file shortcodes.php.
    Line 628: $getScheme = ‘styles: ‘.rawurldecode(base64_decode($attr[‘colorscheme’])).’,’; // ignore theme check

  3. Malware : Operations on file system
    fopen was found in the file class.redux_helpers.php
    Line 657: //$fp = fopen( $file, ‘r’ );
    fread was found in the file class.redux_helpers.php
    Line 660: //$file_data = fread( $fp, 8192 );
    fclose was found in the file class.redux_helpers.php
    Line 663: //fclose( $fp );
    file_get_contents was found in the file parsers.php
    Line 66: $success = $dom->loadXML( file_get_contents( $file ) ); // ignore theme check
    Line 269: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) { // ignore theme check
    file_get_contents was found in the file parsers.php
    Line 66: $success = $dom->loadXML( file_get_contents( $file ) ); // ignore theme check
    Line 269: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) { // ignore theme check
    fopen was found in the file parsers.php
    Line 415: $fp = $this->fopen( $file, ‘r’ ); // ignore theme check
    Line 641: function fopen( $filename, $mode = ‘r’ ) { // ignore theme check
    Line 644: return fopen( $filename, $mode ); // ignore theme check
    fclose was found in the file parsers.php
    Line 464: $this->fclose($fp); // ignore theme check
    Line 659: function fclose( $fp ) { // ignore theme check
    Line 662: return fclose( $fp ); // ignore theme check
    fopen was found in the file parsers.php
    Line 415: $fp = $this->fopen( $file, ‘r’ ); // ignore theme check
    Line 641: function fopen( $filename, $mode = ‘r’ ) { // ignore theme check
    Line 644: return fopen( $filename, $mode ); // ignore theme check
    fopen was found in the file parsers.php
    Line 415: $fp = $this->fopen( $file, ‘r’ ); // ignore theme check
    Line 641: function fopen( $filename, $mode = ‘r’ ) { // ignore theme check
    Line 644: return fopen( $filename, $mode ); // ignore theme check
    fclose was found in the file parsers.php
    Line 464: $this->fclose($fp); // ignore theme check
    Line 659: function fclose( $fp ) { // ignore theme check
    Line 662: return fclose( $fp ); // ignore theme check
    fclose was found in the file parsers.php
    Line 464: $this->fclose($fp); // ignore theme check
    Line 659: function fclose( $fp ) { // ignore theme check
    Line 662: return fclose( $fp ); // ignore theme check
    file_get_contents was found in the file import.php
    Line 230: $file_contents = file_get_contents( $file ); // ignore theme check

  4. Admin menu : Themes should use add_theme_page() for adding admin pages.
    File framework.php :
    Line 1344: // wrappers and need to be appened to using add_submenu_page.
    Line 1395: $this->page = call_user_func( ‘add_submenu_page’, $page_parent, $page_title, $menu_title, $page_permission
    Line 1453: call_user_func( ‘add_submenu_page’, $this->args[‘page_slug’], $section[‘title’], $section['t
    File framework.php :
    Line 1344: // wrappers and need to be appened to using add_submenu_page.
    Line 1395: $this->page = call_user_func( ‘add_submenu_page’, $page_parent, $page_title, $menu_title, $page_permission
    Line 1453: call_user_func( ‘add_submenu_page’, $this->args[‘page_slug’], $section[‘title’], $section['t
    File framework.php :
    Line 1421: $this->page = call_user_func( ‘add_menu_page’, $this->args[‘page_title’], $this->args[‘menu_title’], $this
    File framework.php :
    Line 1344: // wrappers and need to be appened to using add_submenu_page.
    Line 1395: $this->page = call_user_func( ‘add_submenu_page’, $page_parent, $page_title, $menu_title, $page_permission
    Line 1453: call_user_func( ‘add_submenu_page’, $this->args[‘page_slug’], $section[‘title’], $section['t
    File welcome.php :
    Line 197: $page = ‘add_management_page’;
    File plugin-activation.php :
    Line 717: $this->page_hook = call_user_func( ‘add_submenu_page’, $args[‘parent_slug’], $args[‘page_title’], $args['menu_t

  5. Deprecated functions : wp_get_http
    wp_get_http found in file wordpress-importer.php. Deprecated since version 4.4. Use WP_Http instead.
    Line 905: $headers = wp_get_http( $url, $upload[‘file’] );

Now, I’ve tried to get help from the Redux Framework’s slack channel, and also thru the docs but no luck…

Is the https://docs.reduxframework.com/core/theme-check/ updated?

Did you had these or similar errors when checking your theme on themecheck.org?

Did your theme got approved to TF regardless of this errors on themecheck?

Any help at all would be appreciated.

Just don’t embed Redux into your theme but include it via TGM activation plugin. Problem solved.

Do only themes that use Redux as a plugin get approved on ThemeForest these days?

I’m asking cuz I sow a lot of themes on tf that embed it…

They’ve probably fixed those issues on their own.

Just found similar post from 2014 and back then authors advised newbies to embed them…

Now I’m confused…

Just put it as plugin and you are good to go. Requirements for themes changed a lot from 2014. They change it each month and you find it out when they soft reject item.

2014 was a while ago…
Use it as a plugin. There is nothing to be confused about.