Get WordPress

Make WordPress Themes

Opened 11 years ago

Closed 11 years ago

#15917 closed theme (not-approved)

THEME: Covera Lite - 2.0.6

Reported by: inkthemescom's profile InkThemes.com Owned by: cryout-creations's profile Cryout Creations
Priority: new theme Keywords: theme-covera-lite
Cc: support@…

Description

Covera Lite - 2.0.4

The Covera theme for WordPress is stylish, customizable, simple, and readable -- make it yours with a custom menu, header image, and background. Your Site can be easily built using the Themes Options Panel. Covera Theme is simple to use, SEO Optimized and very stylish.

Theme URL - http://www.inkthemes.com/covera-wordpress-org/
Author URL - http://www.inkthemes.com

SVN - http://themes.svn.wordpress.org/covera-lite/2.0.4
ZIP - http://wordpress.org/themes/download/covera-lite.2.0.4.zip?nostats=1

History:

Ticket Summary Status Resolution Owner
#15917 THEME: Covera Lite - 2.0.6 closed not-approved Cryout Creations

(this ticket)
#18724 THEME: Covera Lite - 2.0.9 closed not-approved poena


https://themes.svn.wordpress.org/covera-lite/2.0.4/screenshot.png

Change History (10)

#1 @Cryout Creations
11 years ago

  • Owner set to Cryout Creations
  • Status changed from new to reviewing

#2 @Cryout Creations
11 years ago

Hi!

A few 'major' things before the actual review can begin.

  1. Shortcodes are no longer supported in themes, they've become plugin territory only. Please remove all shortcode functions.
  1. Themes are required to use theme-slug ( or a reasonably unique slug) as a prefix for anything in the public namespace, including all custom function names, classes, hooks, public/global variables, database entries (Theme options, post custom metadata, etc.)

In /functions/inkthemes-functions.php under Theme Options you have a few functions without theme-slug

  1. Upon activation the theme returns a few notices: 
Notice: Undefined variable: output in /wp-content/themes/covera-lite/functions/inkthemes-functions.php on line 38
6
Notice: Undefined variable: id in /wp-content/themes/covera-lite/functions/inkthemes-functions.php on line 184

Notice: Undefined index: host in /wp-content/themes/covera-lite/functions/dynamic-image.php on line 62


Notice: Undefined variable: extension in /wp-content/themes/covera-lite/functions/dynamic-image.php on line 124

Notice: Use of undefined constant url - assumed 'url' in /wp-content/themes/covera-lite/functions/inkthemes-functions.php on line 192

There may be more. Please test your themes with wp_debug mode activated and make sure such notices don't exist.

  1. TEMPLATEPATH was found in the file inkthemes-functions.php. Use get_template_directory() instead.

Themes are required to use get_template_directory() rather than TEMPLATEPATH to return the template path

  1. get_bloginfo(url) was found in the file inkthemes-functions.php. Use home_url() instead.
 get_bloginfo(template_directory) was found in the file theme-options.php. Use get_template_directory_uri() instead.
 get_bloginfo(template_directory) was found in the file functions.php. Use get_template_directory_uri() instead.
 bloginfo(url) was found in the file header.php. Use echo home_url() instead.
 bloginfo(template_url) was found in the file header.php. Use get_template_directory_uri() instead.
 bloginfo(template_url) was found in the file front-page.php. Use get_template_directory_uri() instead.
 bloginfo(template_directory) was found in the file inkthemes-functions.php. Use get_template_directory_uri() instead.

Themes are required to use *_url() template tags, rather than bloginfo() equivalents.

  1. <?php /* ?><link rel="stylesheet" href="<?php echo get_template_directory_uri(); ?>/css/960_24_col.css" /><?php */ ?>

I see the line is commented out, but if you're planning to use it in the future remember that

No CSS files other than style.css are hard-coded into the document head. (These files must either be enqueued and hooked in appropriately, or added using IE conditional tags.)

After these issues are fixed we'll move forward with the review.

#3 @themetracbot
11 years ago

  • Summary changed from THEME: Covera Lite - 2.0.4 to THEME: Covera Lite - 2.0.5

Covera Lite - 2.0.5

The Covera theme for WordPress is stylish, customizable, simple, and readable -- make it yours with a custom menu, header image, and background. Your Site can be easily built using the Themes Options Panel. Covera Theme is simple to use, SEO Optimized and very stylish.

Theme URL - http://www.inkthemes.com/covera-wordpress-org/
Author URL - http://www.inkthemes.com

SVN - http://themes.svn.wordpress.org/covera-lite/2.0.5
ZIP - http://wordpress.org/themes/download/covera-lite.2.0.5.zip?nostats=1

Diff with previous version: http://themes.trac.wordpress.org/changeset?old_path=/covera-lite/2.0.4&new_path=/covera-lite/2.0.5

History:

Ticket Summary Status Resolution Owner
#15917 THEME: Covera Lite - 2.0.6 closed not-approved Cryout Creations

(this ticket)
#18724 THEME: Covera Lite - 2.0.9 closed not-approved poena


https://themes.svn.wordpress.org/covera-lite/2.0.5/screenshot.png

#4 @InkThemes.com
11 years ago

Hello Cryout,

Thanks for review.
I have fixed all above raised issues.

#5 @Cryout Creations
11 years ago

Hello again.

Issues 1 through 6 mostly fixed with a few mentions:

  1. Variable $this->message found in translation function in plugin-activation.php. Translation function calls must NOT contain PHP variables.

Line 355: <?php if (isset($this->message)) _e(wp_kses_post($this->message), 'tgmpa'); ?>

  1. $theme_text_domain found in translation function in inkthemes-plugin-notify.php.

Please use the theme slug with this variable as well.

jquery_init()in functions.php is also without the theme slug.

  1. In the readme.txt file you must specify the actual licenses that the actual JS libraries are released under (unless they're created by you). Same goes for the icons, font(s) and any other binaries bundled with the theme.

The image must have its Public Domain CC0 licence declared as well like this:

Image: sport.png Source:http://pixabay.com/en/dirt-bike-motorcycle-exhaust-metal-171153/ Released under Public Domain CC0 licence
  1. Theme settings

->For checkboxes and select options, Themes are required to use the checked() and selected() functions for outputting checked=”checked” and selected=”selected”, respectively.

->Themes are required to validate and sanitize all untrusted data before entering data into the database, and to escape all untrusted data before being output in the Settings form fields or in the Theme template files (see: Data Validation - http://codex.wordpress.org/Data_Validation)

I don't see any sanitization before saving the data into the database. Also, I see you use the checked() function but not the selected() one and sanitization on output is also randomly present.

#6 @Cryout Creations
11 years ago

Hi again!

Let me know if you're going to submit a new version or if I can close this ticket.

#7 @themetracbot
11 years ago

  • Summary changed from THEME: Covera Lite - 2.0.5 to THEME: Covera Lite - 2.0.6

Covera Lite - 2.0.6

The Covera theme for WordPress is stylish, customizable, simple, and readable -- make it yours with a custom menu, header image, and background. Your Site can be easily built using the Themes Options Panel. Covera Theme is simple to use, SEO Optimized and very stylish.

Theme URL - http://www.inkthemes.com/covera-wordpress-org/
Author URL - http://www.inkthemes.com

SVN - http://themes.svn.wordpress.org/covera-lite/2.0.6
ZIP - http://wordpress.org/themes/download/covera-lite.2.0.6.zip?nostats=1

Diff with previous version: http://themes.trac.wordpress.org/changeset?old_path=/covera-lite/2.0.5&new_path=/covera-lite/2.0.6

History:

Ticket Summary Status Resolution Owner
#15917 THEME: Covera Lite - 2.0.6 closed not-approved Cryout Creations

(this ticket)
#18724 THEME: Covera Lite - 2.0.9 closed not-approved poena


https://themes.svn.wordpress.org/covera-lite/2.0.6/screenshot.png

#8 @InkThemes.com
11 years ago

Helo Cryout,

Thanks for review.
Fixed all the issues you mentioned as it is possible.

#9 @Cryout Creations
11 years ago

Hi again!

Almost all issues fixed with just one (major) issue left undone.

->Themes are required to validate and sanitize all untrusted data before entering data into the database, and to escape all untrusted data before being output in the Settings form fields or in the Theme template files (see: Data Validation - ​http://codex.wordpress.org/Data_Validation)

You are still not escaping URLs before output. In font-page.php you have a lot of 

 <a class="read-more" href="<?php echo inkthemes_get_option('inkthemes_slidelink1'); ?> 

  <div class="slide-image fl"><img title="slideimage1" src="<?php echo inkthemes_get_option('inkthemes_slideimage1'); ?>

The echo inkthemes_get_option() must be replaced with echo esc_url(inkthemes_get_option)) . Please check all instances and make sure no URL or any other custom setting is output without sanitization.

Also, there's no sanitization whatsoever before saving the data into the database. All I see in your saving function inkthemes_ajax_callback() is the inkthemes_update_option() function without any form of sanitization.

#10 @chipbennett
11 years ago

  • Resolution set to not-approved
  • Status changed from reviewing to closed
Note: See TracTickets for help on using tickets.