3439 posts
  • Author Level 4
  • Collector Level 2
  • Community Superstar
  • United States
+2 more
organicbee
says



.... WordPress – April 23, 2013 – JavaScript files need to be placed at the bottom, barring critical exclusion. [Modernizr, for instance] You can do this with the $in_footer argument …..
thanx for the heads up, so in order to use $in_footer parameter, what do you specify for $deps and $ver params if you need those as default? jayc
array() for $deps and false for $ver.

not necessarily

if it requires a lib then the $dep would be something like array('jquery')

You want to put a $ver to help if its cached so if its a jQuery plugin, use the version number it has. if its doesnt have a version number or its a custom script use something like wp_get_theme()->display('Version')(WP 3.4+)

1565 posts
  • Affiliate Level 1
  • Author Level 5
  • Collector Level 2
  • Featured Author
+2 more
OriginalEXE
says




.... WordPress – April 23, 2013 – JavaScript files need to be placed at the bottom, barring critical exclusion. [Modernizr, for instance] You can do this with the $in_footer argument …..
thanx for the heads up, so in order to use $in_footer parameter, what do you specify for $deps and $ver params if you need those as default? jayc
array() for $deps and false for $ver.

not necessarily

if it requires a lib then the $dep would be something like array('jquery')

You want to put a $ver to help if its cached so if its a jQuery plugin, use the version number it has. if its doesnt have a version number or its a custom script use something like wp_get_theme()->display('Version')(WP 3.4+)

He asked for defaults, that’s exactly what I wrote.

10 posts
  • 5 Years of Membership
  • Collector Level 2
borisvs
says

2. The WordPress theme should make use of the following inbuilt functions to validate or santize content on input or escape any questionable content for put. http://codex.wordpress.org/Data_Validation

My theme is soft rejected, and this is the message I’ve received from the reviewer. But I don’t have any idea what to fix. Does somebody has an example of what is wrong and what is the correct way? I would really appreciate it!

1565 posts
  • Affiliate Level 1
  • Author Level 5
  • Collector Level 2
  • Featured Author
+2 more
OriginalEXE
says


2. The WordPress theme should make use of the following inbuilt functions to validate or santize content on input or escape any questionable content for put. http://codex.wordpress.org/Data_Validation
My theme is soft rejected, and this is the message I’ve received from the reviewer. But I don’t have any idea what to fix. Does somebody has an example of what is wrong and what is the correct way? I would really appreciate it!

Example:

wrong:
$postmeta = $_POST['fieldname'];
update_post_meta( $post->ID, 'fieldkey', 'fieldname' );
correct:
$postmeta = sanitize_text_field( $_POST['fieldname'] );
update_post_meta( $post->ID, 'fieldkey', 'fieldname' );

That’s just an example, actual function depends on the type of data you are expecting.

667 posts WordPress Gurus!
  • Author Level 9
  • Elite Author
  • Featured Author
  • Weekly Top Seller
+7 more
ThemeBeans
says

1. Don’t unregister default widgets, even if they are replaced with better versions.

Yea this is pretty stupid imo.

709 posts
  • Affiliate Level 2
  • Author Level 5
  • Beta Tester
  • Collector Level 2
+2 more
ChillThemes
says


1. Don’t unregister default widgets, even if they are replaced with better versions.
Yea this is pretty stupid imo.

The ‘rule’ or unregistering widgets?

2065 posts Don't Worry, Be Happy
  • Trendsetter
  • Weekly Top Seller
  • Exclusive Author
  • Elite Author
+9 more
FinalDestiny
says

Your global variables should always be named in such a way as to NOT cause conflicts. Try to use a prefix for that. http://crappycode.wordpress.com/2012/12/30/global-data/

10 posts
  • 5 Years of Membership
  • Collector Level 2
borisvs
says



2. The WordPress theme should make use of the following inbuilt functions to validate or santize content on input or escape any questionable content for put. http://codex.wordpress.org/Data_Validation
My theme is soft rejected, and this is the message I’ve received from the reviewer. But I don’t have any idea what to fix. Does somebody has an example of what is wrong and what is the correct way? I would really appreciate it!

Example:

wrong:
$postmeta = $_POST['fieldname'];
update_post_meta( $post->ID, 'fieldkey', 'fieldname' );
correct:
$postmeta = sanitize_text_field( $_POST['fieldname'] );
update_post_meta( $post->ID, 'fieldkey', 'fieldname' );
That’s just an example, actual function depends on the type of data you are expecting.

Ok, thanks for the example. Do I also have to validate all the content from my theme options panel and meta boxes itself?

Example:
$tagline = get_post_meta($post->ID, 'meta_tagline', true);
echo $tagline;
Should this be something like this:
echo esc_html($tagline);
?? Or isn’t this required?
1565 posts
  • Affiliate Level 1
  • Author Level 5
  • Collector Level 2
  • Featured Author
+2 more
OriginalEXE
says

Yes, for any html output, use esc_html

163 posts
  • 6 Years of Membership
  • Affiliate Level 2
  • Author Level 8
  • Collector Level 2
+6 more
starshade
says

Just a heads up here since no one posted for some time. Here is what our soft rejection contained:

wp_footer needs to be immediately before the end of the body tag. http://codex.wordpress.org/Function_Reference/wp_footer

All your styles and scripts must be enqueued in functions.php during the wp_enqueue_script action. http://codex.wordpress.org/Function_Reference/wp_enqueue_script

Enqueue the main stylesheet (style.css) during the wp_enqueue_script action:

/**
 * Enqueue main stylesheet.
 */
function mytheme_style() {
  wp_enqueue_style( 'mytheme-style', get_bloginfo( 'stylesheet_url' ), array(), '20130312' );
}
add_action( 'wp_enqueue_scripts', 'mytheme_style' );

Cheers to everyone and good luck wp-theming!

by
by
by
by
by
by