Posts by kotofey

128 posts I know Chuck
  • Elite Author
  • Author Level 8
  • 5 Years of Membership
  • Exclusive Author
+5 more
kotofey
says

Many plugins already have this.

Revolution slider: set_revslider_as_theme();

Visual Composer: vc_set_as_theme(true);

+1

Seems like nobody didn’t read user’s manual of these plugins.

128 posts I know Chuck
  • Elite Author
  • Author Level 8
  • 5 Years of Membership
  • Exclusive Author
+5 more
kotofey
says

the problem is that customers don’t click on it and end up asking us the same questions as we have in the FAQ and it makes us waste a lot of time to keep referring them there

The problem is they are don’t read this section at all.

128 posts I know Chuck
  • Elite Author
  • Author Level 8
  • 5 Years of Membership
  • Exclusive Author
+5 more
kotofey
says

So you’re saying that most of our buyers are from USA? I doubt that. This is not just about long weekend in USA, we know that.

Top 3 ( countries 2014 – 2015)

1. USA
2. Germany
3. India

Top 3 ( transactions 2014 – 2015)
1. USA
2. Germany
3. United Kingdom

128 posts I know Chuck
  • Elite Author
  • Author Level 8
  • 5 Years of Membership
  • Exclusive Author
+5 more
kotofey
says


@UXbarn: surely, you must use esc_html instead. I fall asleep :)

Hmm. I don’t think this is what I can use because I need to print out that HTML to be rendered on screen. If I use “esc_html()” for the ”$output” variable, I will get the plain string on screen (escaped HTML).

Are there any reviewers or staff can give a clear answer about this? What method do I need to use to validate the final echo here? Or, in other words, what method to validate the entire “HTML output” when echoing it?

Yep :) Ok, let’s start again. I’m not sure is that a good idea to output html using variables.

Better way:
$text = ot_get_option( 'text_option' ); // From Theme Options
$class = ot_get_option( 'class_option' ); // From Theme Options

<!--- somewhere in the html structure --->
<span class="<?php echo esc_attr( $class ); ?>"><?php echo esc_html( $text ); ?></span>

In this example you’re ‘escaping’ the final output. This is a best practice.

128 posts I know Chuck
  • Elite Author
  • Author Level 8
  • 5 Years of Membership
  • Exclusive Author
+5 more
kotofey
says


Hi UXbarn,

Test this code and you’ll find an answer ;)

$text = ot_get_option( 'text_option' ); // From Theme Options
$class = '"><script>alert("Greetings! You have been hacked.");</script>"<' ;
$output = '<span class="' . esc_attr( $class ) . '">' . $text . '</span>';

echo $output;

Then, test this:

$text = ot_get_option( 'text_option' ); // From Theme Options
$class = '"><script>alert("Greetings! You have been hacked.");</script>"<' ;
$output = '<span class="' . esc_attr( $class ) . '">' . $text . '</span>';

echo esc_attr( $output ) ;

;)

UPD: Sorry, it’s wrong example. I didn’t sleep about 20 hours. :) But I would recommend escaping in the final output.
So you’re telling me the hacker can change the PHP code? If he gained ftp or ssh access, why the heck would you consider escaping attributes?

My example telling why you need to use escaping (and as I say earlier, my example is wrong in our situation).

128 posts I know Chuck
  • Elite Author
  • Author Level 8
  • 5 Years of Membership
  • Exclusive Author
+5 more
kotofey
says

@UXbarn: surely, you must use esc_html instead. I fall asleep :)

128 posts I know Chuck
  • Elite Author
  • Author Level 8
  • 5 Years of Membership
  • Exclusive Author
+5 more
kotofey
says

You do not need any validation for the final output.

You’re wrong.

128 posts I know Chuck
  • Elite Author
  • Author Level 8
  • 5 Years of Membership
  • Exclusive Author
+5 more
kotofey
says

Hi UXbarn,

Test this code and you’ll find an answer ;)

$text = ot_get_option( 'text_option' ); // From Theme Options
$class = '"><script>alert("Greetings! You have been hacked.");</script>"<' ;
$output = '<span class="' . esc_attr( $class ) . '">' . $text . '</span>';

echo $output;

Then, test this:

$text = ot_get_option( 'text_option' ); // From Theme Options
$class = '"><script>alert("Greetings! You have been hacked.");</script>"<' ;
$output = '<span class="' . esc_attr( $class ) . '">' . $text . '</span>';

echo esc_attr( $output ) ;

;)

UPD: Sorry, it’s wrong example. I didn’t sleep about 20 hours. :) But I would recommend escaping in the final output.

128 posts I know Chuck
  • Elite Author
  • Author Level 8
  • 5 Years of Membership
  • Exclusive Author
+5 more
kotofey
says


- Ensure your theme works properly even without Redux Framework deactivated, there’s no plugin that should be really required, so ensure your theme fallback if even Redux is not activated.

Hi, I’m just curious what kind of ‘fallback’ are you providing for themes using Redux? For instance, if authors are using it to load custom fonts, configure theme layout / display etc., what other methods can be used as fallback for those?

Of course many of those settings could now be set using WordPress’s Theme Customization API but how about those which are not in the API?

Thanks.

You can easily define default variables

128 posts I know Chuck
  • Elite Author
  • Author Level 8
  • 5 Years of Membership
  • Exclusive Author
+5 more
kotofey
says
Why do you think that selling digital goods is different? If you would like to sell in EU it’s just like opening a shop or restaurant there. If you don’t want to respect EU law – then sell your items elsewhere.

Envato sells digital goods in the Internet. Internet it’s a Worldwide market. No matter from EU you or not, you’re in the Internet. So, the question is: Why EU collect VAT from Internet? The simplest answer is: ‘EU need money”.

by
by
by
by
by
by