Your uploaded item disabled


#1

Dear,

I received a message this morning:

"
Unfortunately your item SpotCommerce - Blogger Shopping Template has been disabled from ThemeForest. Here’s some feedback from our Review team on why it was disabled.

Provide the decoded version http://envato.d.pr/1hriw/6GDjfinM

Please make the required changes to your item and resubmit for re-review at http://themeforest.net/item/spotcommerce-blogger-shopping-template/edit/8620221


Envato Market Team
"

I am disappointed with review team now, so please help me answering below questions properly:

  1. Please provide me a documentation of requirements from your market which required us providing non-encode (decode) version? Who did say that we must provide encode or decode version? Who?

  2. Why did you approve my item when it has encode JavaScript from beginning, but now, you disable it? Did all you guy even take a serious look into the item when reviewing?

  3. Please check in Blogging / Blogger category, all best seller templates are already encoded, why only disabled my item?

  4. SpotCommerce template is for shopping websites, which need security information and I have all rights to encode my script to protect my customers.

I am very very disappointed with Envato day by day at recent months, special with review team. Please provide properly answers before I disbelieving you.

Best regards,
Tien Nguyen


#2

I’m not sure if all other items in Blogger/Blogging category have encoded javascript, but this is very bad practice in terms of security. Main reason is that most of backdoor/trojan javascripts come in such encoded form.
Also your code seems to have eval() function call which is another bad security practice. In my opinion, these reasons are more than enough to disable an item.


#3

Thank you.

But review team approved it at beginning? Why they don’t reject this and why market place don’t add a requirement documentation about encode JavaScript?

And we are talking about Blogger, blogging platform of Google, and a javascript code can be come a backdoor and bad security of Google? Wow!!!

About trojan, when you use basic antivirus, you can see if the code has trojan or not easily. Eval is not problem, the problem is how do you use it.


#4

Have any staff here for an properly answer?


#5

After I removed the eval and only provide minified JS, they still not allow. I don’t know why?


#6

And now, after provided non-minified JS, they want me for a readable version. :slight_smile: This review team is really funny.


#7

It seems like you generally have a bad attitude towards the whole process - their rules are simple and clear, if you look for them, and everyone abides by them. They clearly state no encrypted code, so their review team has done their job and protected the buyers from your potentially malicious product.


#8

Thank for reply.

But as I said above, I already removed the encrypted code, but they still want none-minified JavaScript code. And after I providing none-minified JavaScript code, they still want readable JavaScript Code.

They want me a version for developers. With only $21, I am willing to support all customers, but I don’t want to support for all developing actions with my template from developers.

But the most important things:

  1. What’s official documentation of Envato which talked about this?
  2. Why did they approve my item from beginning when it has a lot of things which are potentially malicious for customers?

Thank you again for the opinion, but may be because you did not have any Blogger template, so you don’t understand clearly what we are discussing about.


#10

I can’t actually find a reference to encrypted code in the rules, but a classic reviewer response is as follows:

  • Please make sure the code adheres to PSR standards.
  • Make sure that the code doesn’t raise any PHP errors, notices or warnings. Please set error_reporting(E_ALL)
  • Please double check for common security vulnerabilities: SQL injection, XSS, CSRF etc
  • Please make sure the item doesn’t contain any encrypted code.
  • The documentation is a little lacking.

Some generally useful links:
https://help.market.envato.com/hc/en-us/sections/200617040-CodeCanyon-Author-Handbook



#11

Dear Sophism.

Thank you for the reply.

As I said, I accepted and provided none-encrypted code but they still want non-minified and readable JavaScript code. And this is Blogger, which has no anything related with PHP.

I am so sorry if I have bad attitude with review team, but I don’t agree with some points:

  1. We must play follow rules and review team CAN NOT provide any official documentation for the rules. We can not say this themeforest and we can follow forest rules. But if review team say this is their market and they can play as any way they want, I am willing to stop this point with no hope.

  2. With only $16 per sale for Blogger template, I don’t agree providing support service for all developing activities in 6 months. You will say I have all rights to not support developers but if I provided developer version, and some guys bought it to developer their site or their customer site, then if I not support them, they will rate 1 star.

Hope you can understand, with Blogger, none-encrypted and none-readable JavaScript is a DEVELOPER version.

Best regards,
Tien Nguyen


#13

Exactly. If you don’t agree with the terms, don’t sell here, sell it on your own terms with your own pricing elsewhere.

It’s pretty simple: When I purchase a product, I expect the full source code, not bits of it or a minified version that won’t let me customize it in any way.

Just because they approved it in the first place doesn’t mean it was the correct decision, maybe they overlooked that detail in the beginning.

I absolutely agree with them and the decision is correct. Your attitude is poor, Envato doesn’t owe you anything, you’re on their terms, not vice-versa. It’s for the benefit of their buyers.


#14

Hi Webfector.

With me, Themeforest is a place we publishing our ideas. When we have ideas, we make a product with our ideas and features and publish it. Then customers check it and if they agree with our features, they purchase. Unreadable code is a feature (with me).

If people want to buy for backend code, they must view the source code of demo and if the source code is encrypted, they will make a pre-sale question. But in case, they purchased as mistake, just refund. Everything is simple, so I am sorry that I can not agree with your first point.

The second point, I agree, that’s why Themeforest call us AUTHORs, not SELLERs. But who will hold the license? Who have duty to not provide violate copyright things in products? Who did everything? => AUTHOR. And I mean AUTHORS now are treated as WORKERS, not better.

I don’t request anything over control, the only thing I need that review team must review items following official documentation, and if the item is open for developers, they can increase the price for fair.


#15

Hi,

My answer is above. You can read more.

I also said sorry because my bad attitude to review team when I am angry. Now, please only focus on right / wrong things above.


#16

Never mind any more. I removed the item out of themeforest. The guys of review team did not do anything wrong when protecting Envato from refund problem. So I also sent sorry to them, and sell my item on my own website.

We don’t need to waste time to debate this topic. We understood more about Envato and now we can play with it better.