This week has been quite good on my end until today (0) .. Hopefully, the sales could catch up tomorrow.
42 Sales so far.. But I’m surprised to see that 2 days have pass and I got zero sales.. XD
I recently updated my theme. First day after update 0 sales, the next day 4, the next day 1, the next day 7, and now 0. Its so unstable this days. I don’t know what is happening XD
There are things you need to escape and there are some things you don’t need to. For example, adding esc_attr() to the following statement is not necessary:
<?php echo _e(‘The Menu’, ‘textdomain’); ?>
The above statement has a direct parameter (‘The Menu’) which is opted by the developer and doesn’t need to be escape for safe keeping. Why? First you need to ask yourself why you need to escape this? What do you want to prevent? In this case, you don’t need any esc_attr function because it will return the same type and the same value as you provided. No one can alter this.
While adding an esc_attr to the following is a must:
<?php echo get_post_meta(1, ‘key’, true); ?>
What if the user enters malicious scripts like ”—;”, this can easily break your SQL statement if the variable is not escaped properly. So it should be like the following:
<?php echo esc_attr(get_post_meta(1,’key’, true); ?>
<?php echo intval(get_post_meta(1,’key’, true)); ?> //integer
I am also wondering about the necessity to escape everything. If that’s the case, WordPress should just add data validation to all output functions including _e() and _() but even twentyfifteen theme uses those without escaping if the string does not contain variables. There’s also no answers to the questions posted in another thread : http://themeforest.net/forums/thread/rereview-data-validation-issues/151569?page=2 . I hope someone can shed some light on this.
Why would you add a general escaping mechanism to this function? No. Each escaping and sanitization of data varies depending on what you are trying to achieve.
Adding a general escape statement to that function would be useless in fact. What if I want to sanitize the variable as ‘boolean’, the next one as ‘int’, and the other one as ‘string’? See, you should escape everything according to what fits your need.
Can’t live w/o mac terminal.
Just added some small amount and I really hope that it would help XD! Just a little thing to give back to the community of BuddyPress.
Hey! I am interested. Kindly pm me the price of the rights for HTML+WP.
^ Haha. That one is a hoax. LOL
Am I the only one who fantasised this?https://www.kickstarter.com/projects/142464853/hendo-hoverboards-worlds-first-real-hoverboard