WordPress Theme Soft-Rejected

Envato Authors Theme Authors
,
1

Hi all,
Im working on my first wp theme and i have some issues, Can someone to help me ?

  1. All theme text strings are to be translatable and properly escaped. https://gist.github.com/kailoon/01fa8e95d2e910e666c6
<?php _e('Skip to content', 'venus');?>
  1. Data Validation issues have been found in your theme. All dynamic data must be correctly escaped for the context where it is rendered. - All dynamic data must be escaped with esc_attr() before rendered in an html attribute. - Whenever you are rendering a url to the screen its value must be passed through esc_url() first. - If dynamic data is rendered inside an attribute that triggers a JavaScript event, it must be escaped with esc_js().

Please make sure you read these articles:
https://make.wordpress.org/themes/tags/writing-secure-themes/ http://codex.wordpress.org/Data_Validation http://developer.wordpress.com/themes/escaping/ http://code.tutsplus.com/articles/data-sanitization-and-validation-with-wordpress--wp-25536 https://vip.wordpress.com/documentation/best-practices/security/validating-sanitizing-escaping/

For examples and there are more: http://envato.d.pr/103V1/4uMbZqWQ

<?php echo ro_get_option ('footer_copyright_text'); ?>
2

Please replace _e(‘Skip to content’, ‘venus’) to esc_html_e(‘Skip to content’, ‘venus’).
Good Luck!

3

Hi thank you, i tried first time with esc_html_e …

For second can you help me?

4

Must be esc_html_e( ‘Skip to content’, ‘venus’ );

echo ( esc_html( ro_get_option (‘footer_copyright_text’) ) );

BTW, why you didn’t read articles?

1 Like
5

Uh… i got it. Manny thanks.
One question:

  • i use redux as framework, they said that i need to fix some issues (checked with theme check plugin) like:
    in redux venus/admin/ReduxCore/framework.php this line:include_once ‘core/dashboard.php’; with get_template_directory()

But this is redux, i need to change all this in framework? Is not better to let redux as it is?

Thanks again.

6

Can you show me please, this

<?php $email_text = ro_get_option('email_text'); how will be? Again thanks
7

I didn’t use Redux, so I’m not sure I can help you. The code must be:

require_once get_template_directory() . ‘core/dashboard.php’;

It’s depend on what you want to use in this option. If only text strings then you need to use esc_html() . If you need to use html tags too, then you need to use wp_kses()

8

Hi,

With this <?php $email_text = ro_get_option(‘email_text’);

i enable from redux admin options text email like: Email:site@site.com

In this case, can you show me how will be <?php $email_text = ro_get_option(‘email_text’);
Where i need to add esc_html()
?

Thank you

9

My friend, if you’re developer of WordPress theme, then you need to read articles provided by reviewer. You need to understand what and where you need to use by yourself.

Is it so hard? You can find all answers.

10

Use redux as plugin

11

Hi and thanks,
yes i read , but i dont understand this:

<?php $email_text = ro_get_option('email_text'); how has to be ,, .
12

Because,
this

<?php echo ro_get_option('email_text'); i know that will be like <?php echo ( esc_html( ro_get_option ('email_text') ) );?>

but i dont understand how will be because here <?php $email_text = ro_get_option(‘email_text’); i have

<?php $email_text =
13

It’s not funny. I think you’re not a developer of ‘your theme’. Seems like you trying to approve someone’s theme.

14

No,
I’m Joomla developer , designer and for wp is on first theme. I know how to make wp themes, i made some, but for tf is hard because i need to make on highest standards.

theme is made on redux builder and underscore_ . I just add theme options, some customs but in php files you can find only _e( and like i sent. are not escaping