Something like this is plugin territory?


Could you tell me if this is plugin territory? (my previous topic it was vague. you can delete it)

a contact.php file added in footer.php with get_template_part() that contains:

<form id="contact" data-url="<?php echo admin_url( 'admin-ajax.php' ); ?>">
	<textarea name="message" class="msg"></textarea>

some js code in the main js file of the theme.

$("#contact").on("submit", function(e) {
        url: $(this).attr("data-url");,
        type: $(this).attr("method");,
        data: {
            action: "my_function",
            message: $(this).find(".msg").val();
        dataType: "json",
        beforeSend: function() {
            // things
        success: function (data) {
            if(data.res === "good") {
                // things
            } else {
                // other things
        error: function() {
            // things
        complete: function() {
            // things

a function in functions.php file:

add_action('wp_ajax_nopriv_my_function', 'my_function');
add_action('wp_ajax_my_function', 'my_function');
function my_function() {
    $msg = wp_strip_all_tags($_POST['msg']);

    $res = array('status'  => 'good', 'msg' => '');

    if( empty($msg) ) {
        $res['status'] = 'notgood';
        $res['msg']['msg_msg'] = 'type something';
    } else {
        $res['msg']['msg_msg'] = 'good';
        $message = 'Message:' . $msg;

	$headers = array(
		'from' => 'From: ' . get_bloginfo('name'),
		'type' => 'Content-Type: text/html; charset=UTF-8'

	$subject = get_bloginfo('name');

    $to ='ex@am.ple';

    if($res['status'] === 'good') {
        wp_mail($to, $subject, $message, $headers);

    echo json_encode($res);


oh yeah… the envato theme check says:
REQUIRED: Found wp_mail( in the file functions.php. Mail functions are plugin territory.

So… the question… what do you think about the code :smiley: ?

Also, the envato theme check plugin said:
WARNING: Found echo $ in the file my_plugin.php. Possible data validation issues found. All dynamic data must be correctly escaped for the context where it is rendered.

Line 141: echo $args['before_widget'];
Line 162: echo $args['after_widget'];
echo $args['before_title'] . esc_html( $title ) . $args['after_title'];

ok, but how could i escape “$args[‘before_widget’]” ?

And another warning:
WARNING: Found register_widget( in the file my_plugin.php. Custom widgets are plugin territory.

but the register_widget() function is used in a plugin. and the plugin is included in the main directory of the theme.
i don’t understand what’s the problem…