SoapTheme saidI am also wondering about the necessity to escape everything. If that’s the case, WordPress should just add data validation to all output functions including _e() and _() but even twentyfifteen theme uses those without escaping if the string does not contain variables. There’s also no answers to the questions posted in another thread : http://themeforest.net/forums/thread/rereview-data-validation-issues/151569?page=2 . I hope someone can shed some light on this.
LoveThemes saidDoes this mean _e() and _() is useless? You said _e() and _() must be escaped. Then why don’t WordPress remove these functions? In my opinion you and the TF reviewers(who rejected for the reason) are wrong. I think it must be fixed.
IMO, this is pointless. As you see _e only echoes, it doesn’t do anything else. So if an attacker just want to ECHO anything why would he even need to target _e or php echo function? Why dont you just inject anything in the html?Also check the Wordpress.org themes directory and see how many themese use esc_html_e instead of _e for the translation strings.
As I said, what happens if the files are secure but they somehow manage to upload an .mo file, or attack an insecure translation plugin, or any number or scenarios?
The fact of the matter is, it doesn’t matter what you or I think, if you read the thread, it is a Themeforest requirement so data must be validated.And it’s good practise.
Have a snoop around the WordPress source, it will tell you all you need, a lot of the in-built functions are indeed already escaped such as home_url() etc…
What happens when a person from somewhere you do not usually sign-in from decides to gain access to your account, and is successful, then changes your payment details to their own and empties your balance?
This ‘feature’ makes this kind of access much harder.
@ LoveThemes – with all the respect but that design is really bad, I mean, look at margins here, there are too small fonts used, there is no symmetry even inside of boxes. Having this general layout created by Bnaimy doesn’t mean that designer had to put the content inside those boxes 1:1. To be honest, if this designer is really sort of senior designer – then he probably lost his patience and did it as fast as he could. The other option is that he maybe is not so good?
I never said it was good, just not as bad as you’re making out.
Sure the spacing, typography and hierarchy needs serious attention but nothing that dramatic.
That’s the beauty of designing live in the browser instead of via Photoshop. Easier to iterate and you see it without all the little Photoshop nuances that don’t transfer to the browser.
New thread created for just the purpose of design, as this thread not really in the right area.
Here is the thread for anyone interested in working With me and creating a design.http://themeforest.net/forums/thread/looking-for-talented-designer/152348 Thanks
Hey buddy, mailed you.
Whenever I look at the design, I feel sorrow, pain & regret. Before my eyes I can see all the bad things I’ve done and the things that keep me up at night. It’s that bad.
I think you’re going a little OTT, it isn’t THAT bad.
You just need to rethink exactly what you really NEED on the frontpage and try to cut it down a little.
Then maybe a little reorganising and work on the visual hierarchy.
Lots of content doesn’t have to mean cluttered.
Your pricing is about right, but expect to pay a little more if you plan to release this as a theme as opposed to a personal / client site, there is a little more work for a theme release.
EDIT: Scratch the theme release, just noticed you stated personal site.
Send me a message via my profile if you like, I may be interested in working with you on this.