Opened 11 years ago
Closed 11 years ago
#15917 closed theme (not-approved)
THEME: Covera Lite - 2.0.6
Reported by: | InkThemes.com | Owned by: | Cryout Creations |
---|---|---|---|
Priority: | new theme | Keywords: | theme-covera-lite |
Cc: | support@… |
Description
Covera Lite - 2.0.4
The Covera theme for WordPress is stylish, customizable, simple, and readable -- make it yours with a custom menu, header image, and background. Your Site can be easily built using the Themes Options Panel. Covera Theme is simple to use, SEO Optimized and very stylish.
Theme URL - http://www.inkthemes.com/covera-wordpress-org/
Author URL - http://www.inkthemes.com
SVN - http://themes.svn.wordpress.org/covera-lite/2.0.4
ZIP - http://wordpress.org/themes/download/covera-lite.2.0.4.zip?nostats=1
History:
Ticket | Summary | Status | Resolution | Owner |
---|---|---|---|---|
#15917 | THEME: Covera Lite - 2.0.6 | closed | not-approved | |
#18724 | THEME: Covera Lite - 2.0.9 | closed | not-approved |
Change History (10)
#3
@
11 years ago
- Summary changed from THEME: Covera Lite - 2.0.4 to THEME: Covera Lite - 2.0.5
Covera Lite - 2.0.5
The Covera theme for WordPress is stylish, customizable, simple, and readable -- make it yours with a custom menu, header image, and background. Your Site can be easily built using the Themes Options Panel. Covera Theme is simple to use, SEO Optimized and very stylish.
Theme URL - http://www.inkthemes.com/covera-wordpress-org/
Author URL - http://www.inkthemes.com
SVN - http://themes.svn.wordpress.org/covera-lite/2.0.5
ZIP - http://wordpress.org/themes/download/covera-lite.2.0.5.zip?nostats=1
Diff with previous version: http://themes.trac.wordpress.org/changeset?old_path=/covera-lite/2.0.4&new_path=/covera-lite/2.0.5
History:
Ticket | Summary | Status | Resolution | Owner |
---|---|---|---|---|
#15917 | THEME: Covera Lite - 2.0.6 | closed | not-approved | |
#18724 | THEME: Covera Lite - 2.0.9 | closed | not-approved |
#5
@
11 years ago
Hello again.
Issues 1 through 6 mostly fixed with a few mentions:
- Variable $this->message found in translation function in plugin-activation.php. Translation function calls must NOT contain PHP variables.
Line 355: <?php if (isset($this->message)) _e(wp_kses_post($this->message), 'tgmpa'); ?>
- $theme_text_domain found in translation function in inkthemes-plugin-notify.php.
Please use the theme slug with this variable as well.
jquery_init()in functions.php is also without the theme slug.
- In the readme.txt file you must specify the actual licenses that the actual JS libraries are released under (unless they're created by you). Same goes for the icons, font(s) and any other binaries bundled with the theme.
The image must have its Public Domain CC0 licence declared as well like this:
Image: sport.png Source:http://pixabay.com/en/dirt-bike-motorcycle-exhaust-metal-171153/ Released under Public Domain CC0 licence
- Theme settings
->For checkboxes and select options, Themes are required to use the checked() and selected() functions for outputting checked=”checked” and selected=”selected”, respectively.
->Themes are required to validate and sanitize all untrusted data before entering data into the database, and to escape all untrusted data before being output in the Settings form fields or in the Theme template files (see: Data Validation - http://codex.wordpress.org/Data_Validation)
I don't see any sanitization before saving the data into the database. Also, I see you use the checked() function but not the selected() one and sanitization on output is also randomly present.
#6
@
11 years ago
Hi again!
Let me know if you're going to submit a new version or if I can close this ticket.
#7
@
11 years ago
- Summary changed from THEME: Covera Lite - 2.0.5 to THEME: Covera Lite - 2.0.6
Covera Lite - 2.0.6
The Covera theme for WordPress is stylish, customizable, simple, and readable -- make it yours with a custom menu, header image, and background. Your Site can be easily built using the Themes Options Panel. Covera Theme is simple to use, SEO Optimized and very stylish.
Theme URL - http://www.inkthemes.com/covera-wordpress-org/
Author URL - http://www.inkthemes.com
SVN - http://themes.svn.wordpress.org/covera-lite/2.0.6
ZIP - http://wordpress.org/themes/download/covera-lite.2.0.6.zip?nostats=1
Diff with previous version: http://themes.trac.wordpress.org/changeset?old_path=/covera-lite/2.0.5&new_path=/covera-lite/2.0.6
History:
Ticket | Summary | Status | Resolution | Owner |
---|---|---|---|---|
#15917 | THEME: Covera Lite - 2.0.6 | closed | not-approved | |
#18724 | THEME: Covera Lite - 2.0.9 | closed | not-approved |
#8
@
11 years ago
Helo Cryout,
Thanks for review.
Fixed all the issues you mentioned as it is possible.
#9
@
11 years ago
Hi again!
Almost all issues fixed with just one (major) issue left undone.
->Themes are required to validate and sanitize all untrusted data before entering data into the database, and to escape all untrusted data before being output in the Settings form fields or in the Theme template files (see: Data Validation - http://codex.wordpress.org/Data_Validation)
You are still not escaping URLs before output. In font-page.php you have a lot of
<a class="read-more" href="<?php echo inkthemes_get_option('inkthemes_slidelink1'); ?> <div class="slide-image fl"><img title="slideimage1" src="<?php echo inkthemes_get_option('inkthemes_slideimage1'); ?>
The echo inkthemes_get_option()
must be replaced with echo esc_url(inkthemes_get_option))
. Please check all instances and make sure no URL or any other custom setting is output without sanitization.
Also, there's no sanitization whatsoever before saving the data into the database. All I see in your saving function inkthemes_ajax_callback()
is the inkthemes_update_option()
function without any form of sanitization.
Hi!
A few 'major' things before the actual review can begin.
In /functions/inkthemes-functions.php under Theme Options you have a few functions without theme-slug
There may be more. Please test your themes with wp_debug mode activated and make sure such notices don't exist.
Themes are required to use get_template_directory() rather than TEMPLATEPATH to return the template path
Themes are required to use *_url() template tags, rather than bloginfo() equivalents.
I see the line is commented out, but if you're planning to use it in the future remember that
No CSS files other than style.css are hard-coded into the document head. (These files must either be enqueued and hooked in appropriately, or added using IE conditional tags.)
After these issues are fixed we'll move forward with the review.