Escape just input that’s generated by the user. Escaping every single variable that can’t be modified or affected by the user in any way is simply pointless, even if it would show on a echo $ search.
As for the theme, it’s a standard WordPress blog theme with nothing special, if you want something like this to be approved, you’ll need something to really stand out from the crowd, if not by the unique elements, then by typography. For blog themes typography is probably the most important thing, right now your theme looks ordinary, just like any other theme from the official wordpress.org directory.
@off You might want to consider using another username, I’m sure there are hundreds of other alternatives than the original username of @stylishthemes elite author.
Sure, but it’s a tip, not mandatory. I prefer to parse the forms before outputting anything and validating everything so I’m pretty sure that when I’ll output them they’ll be sanitized. I understand that it may take up more time, but it’s their job and instead of soft-rejecting it to make their life easier, they could check if the variable is indeed properly escaped or not. (in the end I think it would be better for them too, as they’d avoid reviewing the same items over and over again for each small issue they find)
I see all kind of new stuff being added by the reviewers like every week now, I think they should put up a page of their steps so we don’t get soft-rejected 10 times with 20 different reasons because each time they find something new.
As an author with 38 items here and 15,000 sales, I’m still shocked when I see some of the “new” requirements.
There’s a problem, though. If they’re only searching for echo $, what if we do something like this(I do this a lot):
$variable = esc_attr($_POST['something']); echo $variable;
$variable is properly escaped yet it will show up on a echo $ search. It’s not what I’d expect and any hour or day is crucial, we can’t afford to lose them just because someone can’t check if that variable was properly escaped or not. Assuming it was not without even checking is NOT okay.
I’m waiting for my 500k package since October 2014 and it’s still not here. I got some mails from Akshay in February and that was all, still no update, no package, no nada.
I know, I’m not out. Got kicked out twice, but right now I’m still in the program.
Weird thing, I had like one job a day for some time now and since the new experiment, I had none. Zero. Nada. Not something to actually concern me, because I do it mostly as a hobby and some extra income for my fun, but I thought there would be way more requests.
The concept is cool, but the implementation is very poor, sorry, the design is far far far far away from a premium design.
Oh, sorry, my mistake.
Well, yes, but still those money will stay in your account, if he doesn’t show up, ultimately it’s your product, you won’t have anywhere to send them anyway.
Also, redesigning it won’t make any difference as long as it’s based on the original design. Even if you change it completely. Design it yourself from 0 if you don’t want to be tied with anyone else.