Excellent WordPress Developers + “expensive employers are not welcomed”.. There’s a conflict there. You can’t expect excellent developers to be cheap, especially for ThemeForest projects, where they can code themes themselves and earn probably more than you can offer, if you wrote that statement.
Escape just input that’s generated by the user. Escaping every single variable that can’t be modified or affected by the user in any way is simply pointless, even if it would show on a echo $ search.
As for the theme, it’s a standard WordPress blog theme with nothing special, if you want something like this to be approved, you’ll need something to really stand out from the crowd, if not by the unique elements, then by typography. For blog themes typography is probably the most important thing, right now your theme looks ordinary, just like any other theme from the official wordpress.org directory.
@off You might want to consider using another username, I’m sure there are hundreds of other alternatives than the original username of @stylishthemes elite author.
Sure, but it’s a tip, not mandatory. I prefer to parse the forms before outputting anything and validating everything so I’m pretty sure that when I’ll output them they’ll be sanitized. I understand that it may take up more time, but it’s their job and instead of soft-rejecting it to make their life easier, they could check if the variable is indeed properly escaped or not. (in the end I think it would be better for them too, as they’d avoid reviewing the same items over and over again for each small issue they find)
I see all kind of new stuff being added by the reviewers like every week now, I think they should put up a page of their steps so we don’t get soft-rejected 10 times with 20 different reasons because each time they find something new.
As an author with 38 items here and 15,000 sales, I’m still shocked when I see some of the “new” requirements.
There’s a problem, though. If they’re only searching for echo $, what if we do something like this(I do this a lot):
$variable = esc_attr($_POST['something']); echo $variable;
$variable is properly escaped yet it will show up on a echo $ search. It’s not what I’d expect and any hour or day is crucial, we can’t afford to lose them just because someone can’t check if that variable was properly escaped or not. Assuming it was not without even checking is NOT okay.
I’m waiting for my 500k package since October 2014 and it’s still not here. I got some mails from Akshay in February and that was all, still no update, no package, no nada.