WordPress Sanitizing Escaping


Hi friends i need some help about escaping & sanitizing. My theme soft rejected and i am tried so many ways but i couldnt solve this problem.

if( ! function_exists( 'prefix_the_footer_widgets' ) ){

function prefix_the_footer_widgets() {
	$output = '';
	$footer_columns = (int)get_theme_mod( 'footer_widget_columns', 3 );
	if ( $footer_columns > 0 ) {
		$elm_footer_columns	= (int)24/$footer_columns;
		// turn on buffering
		for ($i = 1; $i <= $footer_columns; $i++) {
			if( is_active_sidebar( 'footer-widget-' . $i ) ){
					<div class="col-md-<?php echo esc_attr( $elm_footer_columns );?>">
						<?php dynamic_sidebar( 'footer-widget-' . $i );?>
		$output .= ob_get_clean();
	    <div class="footer-content">                
            <div class="container">
                <div class="row">
                    <?php echo wp_kses_post($output); ?>
        </div><!-- footer-content -->


One of reject reason — All dynamic data must be correctly escaped for the context where it is rendered. Please perform a global search for “echo $” and you will see several issues. Ref: https://vip.wordpress.com/documentation/vip/best-practices/security/validating-sanitizing-escaping/
i am using mailchimp plugin so i musnt use wp_kses_post and i have html content so i cant use esc_html . If i gonna use wp_kses its will too long (so bad practice). help me please.


Third matter: I am using Jon Masterson’s post like system. Its already coded and published on github. If i change prefix and customize for my theme can i cross some copyright issues ? thank you.

No, you are not. Every WordPress plugin should released under GPL license which is you can do everything with it, you can change the prefix but leave the copyright as it should be.

1 Like