Updated WordPress Requirements

This is the way I go…
I have a doubt that will be accepted but I wasted way to much time trying to find a way to do it a “right” way.
Or is this, or I’ll cut off the idea of customization for my themes and the end user will have do write the css by themselves.

And I got this on my other account on an soft-reject.

  1. Scripts and styles should not be hardcoded anywhere in your theme or added any other way but with wp_enqueue_* hook and to be added from the functions file. This includes custom JS/CSS.
    For inline styles use: https://developer.wordpress.org/reference/functions/wp_add_inline_style/ and for scripts https://developer.wordpress.org/reference/functions/wp_add_inline_script/

How can I use wp_add_inline_style() in a shortcode? Is there any other method to let me give the end user a easy option to customize the theme easily?

So, how am I supposed to give the end user the ability to customize some of the shortcode elements? Like a color for a paragraph or add some margin? Most of my clients depends on those kind of things.

I don’t know if this is the correct to post this, but since is has to do with the inline style rule for plugins, I think this deserve more to discuss on it.

1 Like

You can run the wp_add_inline_style function within the shortcode action, just call the function e.g. (not tested)

function myfunctionname( $atts ) {
 $atts = shortcode_atts(
   'color' => '#000',
  get_template_directory_uri() . '/css/custom_script.css'
 $color = $atts['color'];
 $custom_css = "
   background: {$color};
  wp_add_inline_style( 'custom-style', $custom_css );
add_shortcode( 'shortcode', 'myfunctionname' );

That won’t work.
Styles must be enqueued in the <head> and when the shortcode runs it is too late.

1 Like

Sounds good, if im understanding is right de-clutter and remove old themes making a better user experience for the buyer. Thats a lot of theme reviewing!

Dear Sir , I have some warning when using the latest version of envato theme check
WARNING: Found add_meta_boxes in the file framework/metabox/wd_custom_fields.php. Custom meta box functions are allowed for design only. Ensure this is a valid use case.
Line 18: add_action(‘add_meta_boxes’, array($this,‘generate_customfields’));

WARNING: Found add_meta_box in the file framework/metabox/wd_custom_fields.php. Custom meta box functions are allowed for design only. Ensure this is a valid use case.
Line 18: add_action(‘add_meta_boxes’, array($this,‘generate_customfields’));
Line 54: add_meta_box($meta_box[‘id’], $meta_box[‘title’], $meta_box[‘callback’], $m

So with this warning , I have to need fix it because I’m using a lot of add_meta_box

I can’t update my WP themes because there is no proper explanation about Gutenberg on forums. I asked a question here

and nobody answered.

Is anyone willing to help me with that question?

@jamesgiroux ?

1 Like

What about sanitization? Is it safe enough to print the style this way?

as far as I am aware you can, WP lets you use sanitization functions in the function so you can do something like:

$mycss = esc_attr( $atts[‘color’] );

But on WordPress Codex page they inform that it’s not 100% secure:

You can use wp_kses( $data, array( “’”, ‘"’ ) ); or wp_strip_all_tags( $data ); or esc_html( $data ); but this is NOT 100% secure.

Source - https://codex.wordpress.org/Function_Reference/wp_add_inline_style

If you want more secure CSS then I would suggest to look at that https://github.com/mattrude/Custom-CSS/blob/master/safecss.php#L687

This a good question as serious XSS attacks can happen from CSS also Cross Domain attacks can happen from your CSS with many other possible attacks that’s includes stealing information, Tracking, Hijacking trojans.

Can i use theme specific shortcodes in theme file?

@jamesgiroux ?

No, all shortcodes have to be registered in a plugin

theme specific shortcodes need to work when user switch theme?

Yes, a shortcode should still function when you switch themes, it doesn’t have to be styled but it shouldn’t break

1 Like

ok thank you

Are authors allowed to provide automatic updates using 3rd party websites?
Example wp-updates.com

Hi, if we create WordPress themes with redux admin panel and loading redux as a plugin will break the site and layout will be distorted until redux is installed. So for this reason we would get rejection or is it permissible.

Thanks in advance.

That’s a rejection, a theme must be able to run basic functions without any plugins, that’s blog, posts and pages.

Oh okay, i wonder why envato theme check plugin still showing errors in redux framework as its already been santized previously. They have already escape for instance, a button url and text inputs already santize and then they echo the variable, but envato theme check flagging it a warning.

I have another question, somewhere above i read we face rejection if we use if_plugin_exist so we should use if class_exis, but for the custom admin screen it is necessary and we can’t use the suggested function. So is it okay to use where there is no another option we would have?