Awesome! The permission system sounds good. It’s mostly what we wanted for forum logins (posted here).
Are there any plans to add a “Share email address” permission too? It would be good to have a verified email address to send email notifications for events such as a new response to a ticket. It’s definitely not a deal breaker, but that would save one extra step in this use-case.
ThemeForest Authors: What kind of effect have you seen in your Analytics with this change? It seems like the item page visits have dropped a bit and demo visits have increased.
The requirement might have to do with the legal side. It’s because the Documentation is guaranteed to be included in the package once it’s mentioned in the item details page. Envato can’t control externally hosted / online documentations.
For those using knowledge-based docs, it might be enough to use a web scraper to create a local version of the docs, to satisfy the requirement.
It would be awesome if this requirement were to go away though.
It’s interesting to note that nobody is likely to require an offline copy for the reason that they don’t have internet access. Because then they won’t even see proper fonts as most themes use Google Web Fonts. But there are all kind of users in the world. We have heard from at least 2 users that they print out the documentation. Yes, physical paper version of WordPress theme docs a la an instruction manual of a physical product.
Everyone agrees this isn’t ideal, yet Envato only provide us with comments or emails, so there’s no real solution unfortunately other than external support sites.
Envato’s new API is getting there with oAuth support. All it needs now is better permission management and access to user email. You don’t want to give full permission to all apps – it should be selective and listed like with Facebook Connect. Currently the permission given seems to be full – even private data such as balance (but not email?). And email address is definitely required for notification of replies.
If Envato does that, we will soon have “Login with Envato” everywhere so remembering forum passwords will no longer be required.
It’s already fixed in 4.2.1: https://wordpress.org/news/2015/04/wordpress-4-2-1/
This is Awesome news.
Out of curiosity, are you guys using a Payment processor and are all the fraud checks in place? Increased fraud rate is always an issue when accepting cards directly.
It would be great if Envato could expand on the author terms to actually allow edge-cases like this. How would the author possibly sell the external dependencies, not under author’s control, on CC. For instance, the WooCommerce plugins at WooThemes. You can’t expect everything to be on Envato Market. And to make the potential buyers aware of an external dependency’s source is really an obligation. As long as it’s just a small mention in form of a link, rather than prominently advertising the dependency, it should be allowed.
The reasoning is quite simple. It’s in-line with the WordPress philosophies of separating what belongs to plugin territory. It’s also what a lot of authors want here with all the hue and cry over “mega themes”.
Efforts like these are exactly what we need if we are to get away from encouraging bundling “100 themes+plugins in one”. It’s only in the best interests of authors – and even buyers when the external plugins are much higher quality and supported by the plugin author.
- wp_kses has a performance impact.
It’s a common micro-optimization misconception spread by the purists who would be disgusted to see usage of double quotes vs single quotes. The reality is it depends on your content length. Relevant post: http://themeforest.net/forums/thread/what-to-use-instead-of-wp_kses/165526?page=1&message_id=1225350#1225350
It depends on where you’re using it. You have to think about the use-case, however. If you’re using it on large content, sure it will not have good enough performance.
But if you are going to use it on small chunks of text spanning to a few lines at max, then it’s perfectly acceptable to use it when you have to preserve some HTML tags. The performance impact of such usage is negligible. You’re better off optimizing your querying in such a case.
A good read reviewer might be interested in: https://www.tollmanz.com/wp-kses-performance/
To re-iterate, you can use wp_kses* functions even on the front-end functionality, as long as you don’t over-do it.
The alternative is the violate the suggestion of “always escape late”, and sanitize using wp_kses pre-save via hooks. Personally, I am not a fan of this method and the reviewers will get further confused when you sanitize early. It’s also easy to miss escaping/sanitization when you’re sanitizing early.
The current method employed by Envato to collect feedback on pressing matters is lackluster. A better process would be to conduct long-term surveys. While your previous effort to conduct surveys was a fine attempt, the sample size was too low for a market of this size. If you need help, you can always ask us authors to encourage our buyers to provide feedback.
It will be hazardous to misconstrue opinions of the vocal minority as representative of the whole. While in theory it can be argued that the same group will be answering the surveys, given the right strategy and time, the data collected can be representative.