Add an extra column with the ID term to your taxonomies (Tags, Catgeories or Custom Taxonomies) so you can sort your terms by date.
↧
IDATERMS
↧
Merchant e-Solutions for WooCommerce
The easy to use payment gateway plugin for Merchant E-Solutions. The plugin is fully certified and endorsed by Merchant E-Solutions.
↧
↧
HTTP Authentication By KIMoFy
HTTP Authentication lets you make a site without letting anyone view it without valid credentials. This can protect the full site or only admin pages.
↧
Shortcode Simplex
This lightweight plugin permit to create and manage easily user define Shortcode inside Wordpress.
↧
Shortcode Simplex
Emailed Author: There are issues with your plugin code.
Please read this ENTIRE email, address all listed issues, and reply to this email with your corrected code attached. It is required for you to read and reply to these emails, and failure to do so will result in significant delays with your plugin being accepted.
Also please remember in addition to code quality, security and functionality, we require all plugins adhere to our guidelines. If you have not yet, please read them:
* https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/
## Generic function (and/or define) names
All plugins must have unique function names, defines, and classnames. This prevents your plugin from conflicting with other plugins or themes.
For example, if your plugin is called "Easy Custom Post Types", then you might prefix your functions with ecpt_{your function name here}. Similarly a define of LICENSE would be better done as ECPT_LICENSE. You can use namespaces instead, however make sure that those also are unique. A namespace or class of 'MyPlugin' is NOT actually all that unique.
This extends to anything in a define. For example, if you were to use this, it would be a bad idea:
define( 'PLUGIN_PATH', plugins_url( __FILE__ ) );
That define is a global, so PLUGIN_PATH could conflict with a number of other things.
Don't try to use two letter slugs anymore. As of 2016, all the good ones are taken. Instead consider easy_cpts_ (from the first example).
Similarly, don't use __ (double underscores), wp_ , or _ (single underscore) as a prefix. Those are reserved for WordPress itself. You can use them inside your classes, but not as stand-alone function.
Please update your plugin to use more unique function and class names.
Some examples from your plugin:
define( 'URL_WP',"//".$_SERVER['HTTP_HOST']."/wp-admin/admin.php?page=".PLUGIN_NAME);
define( 'MAX_RES',10);
define( 'CHAR_FILTER',"/[^A-Za-z0-9 ]/");
function populate_form_if_exist
function get_Shortcode_count()
## Allowing Direct File Access to plugin files
Direct file access is when someone directly queries your file. This can be done by simply entering the complete path to the file in the URL bar of the browser but can also be done by doing a POST request directly to the file. For files that only contain a PHP class the risk of something funky happening when directly accessed is pretty small. For files that contain procedural code, functions and function calls, the chance of security risks is a lot bigger.
You can avoid this by putting this code at the top of all php files:
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
## Not using Nonces and/or checking permissions
Please add a nonce to your POST calls to prevent unauthorized access.
Keep in mind, check_admin_referer alone is NOT bulletproof security. Do not rely on nonces for authorization purposes. Use current_user_can() in order to prevent users without the right permissions from accessing things.
https://codex.wordpress.org/WordPress_Nonces
## Please sanitize, escape, and validate your POST calls
When you include POST/GET/REQUEST calls in your plugin, it's important to sanitize, validate, and escape them. The goal here is to prevent a user from accidentally sending trash data through the system, as well as protecting them from potential security issues.
SANITIZE: All instances where generated content is inserted into the database, or into a file, or being otherwise processed by WordPress, the data MUST be properly sanitized for security. By sanitizing your POST data when used to make action calls or URL redirects, you will lessen the possibility of XSS vulnerabilities. You should never have a raw data inserted into the database, even by a update function, and even with a prepare() call.
VALIDATE: In addition to sanitization, you should validate all your calls. If a $_POST call should only be a number, ensure it's an int() before you pass it through anything. Even if you're sanitizing or using WordPress functions to ensure things are safe, we ask you please validate for sanity's sake. Any time you are adding data to the database, it should be the right data.
ESCAPE: Similarly, when you're outputting data, make sure to escape it properly, so it can't hijack admin screens. There are many esc_*() functions you can use to make sure you don't show people the wrong data.
In all cases, using stripslashes or strip_tags is not enough. You need to use the most appropriate method associated with the type of content you're processing. Check that a URL is a URL and don't just be lazy and use sanitize_text please. The ultimate goal is that you should ensure that invalid and unsafe data is NEVER processed or displayed. Clean everything, check everything, escape everything, and never trust the users to always have input sane data.
Please review this document and update your code accordingly: http://codex.wordpress.org/Validating_Sanitizing_and_Escaping_User_Data
----
Please make sure you've addressed ALL issues brought up in this email. When you've corrected your code, reply to this email with the updated code attached as a zip, or provide a link to the new code for us to review. If you have questions, concerns, or need clarification, please reply to this email and just ask us.
(While we have tried to make this review as exhaustive as possible we, like you, are humans and may have missed things. As such, we will re-review the ENTIRE plugin when you send it back to us. We appreciate your patience and understanding in this.)
↧
↧
PostType-Widget
It displays the date in the format of the last "N" posts with a given PostType (options set in the widget settings)
↧
PostType-Widget
Emailed Author: There are issues with your plugin code.
Please read this ENTIRE email, address all listed issues, and reply to this email with your corrected code attached. It is required for you to read and reply to these emails, and failure to do so will result in significant delays with your plugin being accepted.
Also please remember in addition to code quality, security and functionality, we require all plugins adhere to our guidelines. If you have not yet, please read them:
* https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/
## Generic function (and/or define) names
All plugins must have unique function names, defines, and classnames. This prevents your plugin from conflicting with other plugins or themes.
For example, if your plugin is called "Easy Custom Post Types", then you might prefix your functions with ecpt_{your function name here}. Similarly a define of LICENSE would be better done as ECPT_LICENSE. You can use namespaces instead, however make sure that those also are unique. A namespace or class of 'MyPlugin' is NOT actually all that unique.
This extends to anything in a define. For example, if you were to use this, it would be a bad idea:
define( 'PLUGIN_PATH', plugins_url( __FILE__ ) );
That define is a global, so PLUGIN_PATH could conflict with a number of other things.
Don't try to use two letter slugs anymore. As of 2016, all the good ones are taken. Instead consider easy_cpts_ (from the first example).
Similarly, don't use __ (double underscores), wp_ , or _ (single underscore) as a prefix. Those are reserved for WordPress itself. You can use them inside your classes, but not as stand-alone function.
Please update your plugin to use more unique function and class names.
Some examples from your plugin:
function my_shortcode_function()
----
Please make sure you've addressed ALL issues brought up in this email. When you've corrected your code, reply to this email with the updated code attached as a zip, or provide a link to the new code for us to review. If you have questions, concerns, or need clarification, please reply to this email and just ask us.
(While we have tried to make this review as exhaustive as possible we, like you, are humans and may have missed things. As such, we will re-review the ENTIRE plugin when you send it back to us. We appreciate your patience and understanding in this.)
↧
My WP
My WP is powerful admin and fronend customize and debug and extendable plugin.
↧
WP Better Calendar
A Better Calendar for sidebar widgets.
↧
↧
WP Better Calendar
Emailed Author: There are issues with your plugin code.
Please read this ENTIRE email, address all listed issues, and reply to this email with your corrected code attached. It is required for you to read and reply to these emails, and failure to do so will result in significant delays with your plugin being accepted.
Also please remember in addition to code quality, security and functionality, we require all plugins adhere to our guidelines. If you have not yet, please read them:
* https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/
## Don’t use ‘if exists’ like a silver bullet
Using if (!function_exists(‘NAME ‘)) { around all your functions and classes sounds like a great idea until you realize the fatal flaw. What happens IF someone else has a function with the same name and their plugin or theme loads first?
Your plugin breaks. And that would suck. Please only use if-exists checks for SHARED libraries.
## Please sanitize, escape, and validate your POST calls
When you include POST/GET/REQUEST calls in your plugin, it's important to sanitize, validate, and escape them. The goal here is to prevent a user from accidentally sending trash data through the system, as well as protecting them from potential security issues.
SANITIZE: All instances where generated content is inserted into the database, or into a file, or being otherwise processed by WordPress, the data MUST be properly sanitized for security. By sanitizing your POST data when used to make action calls or URL redirects, you will lessen the possibility of XSS vulnerabilities. You should never have a raw data inserted into the database, even by a update function, and even with a prepare() call.
VALIDATE: In addition to sanitization, you should validate all your calls. If a $_POST call should only be a number, ensure it's an int() before you pass it through anything. Even if you're sanitizing or using WordPress functions to ensure things are safe, we ask you please validate for sanity's sake. Any time you are adding data to the database, it should be the right data.
ESCAPE: Similarly, when you're outputting data, make sure to escape it properly, so it can't hijack admin screens. There are many esc_*() functions you can use to make sure you don't show people the wrong data.
In all cases, using stripslashes or strip_tags is not enough. You need to use the most appropriate method associated with the type of content you're processing. Check that a URL is a URL and don't just be lazy and use sanitize_text please. The ultimate goal is that you should ensure that invalid and unsafe data is NEVER processed or displayed. Clean everything, check everything, escape everything, and never trust the users to always have input sane data.
Please review this document and update your code accordingly: http://codex.wordpress.org/Validating_Sanitizing_and_Escaping_User_Data
Example:
function wpbc_get_calendar() {
$post_type = isset( $_POST[ 'post_type' ] ) ? $_POST[ 'post_type' ] : 'post';
// month and year
{
$month = isset( $_POST[ 'month' ] ) ? $_POST[ 'month' ] : date( 'n' );
$year = isset( $_POST[ 'year' ] ) ? $_POST[ 'year' ] : date( 'Y' );
}
$calendar = wpbc_make_calendar( $post_type, $month, $year );
echo apply_filters( 'wpbc_get_calendar', $calendar, $post_type, $month, $year );
die;
}
----
Please make sure you've addressed ALL issues brought up in this email. When you've corrected your code, reply to this email with the updated code attached as a zip, or provide a link to the new code for us to review. If you have questions, concerns, or need clarification, please reply to this email and just ask us.
(While we have tried to make this review as exhaustive as possible we, like you, are humans and may have missed things. As such, we will re-review the ENTIRE plugin when you send it back to us. We appreciate your patience and understanding in this.)
↧
Admin Column Template
A VERY simple plugin to add a new column in admin post listing which shows which template is used for each post.
↧
Move to Trash from Admin Bar
Move to Trash from Admin Bar plugin adds a Move to Trash Button to delete posts or pages from the WordPress Admin Bar.
↧
Date Wise Page List
Date Wise Page List - For generate a page list between two dates also generate a csv file of it.
↧
↧
Date Wise Page List
Emailed Author: There are issues with your plugin code.
Please read this ENTIRE email, address all listed issues, and reply to this email with your corrected code attached. It is required for you to read and reply to these emails, and failure to do so will result in significant delays with your plugin being accepted.
Also please remember in addition to code quality, security and functionality, we require all plugins adhere to our guidelines. If you have not yet, please read them:
* https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/
## Generic function (and/or define) names
All plugins must have unique function names, defines, and classnames. This prevents your plugin from conflicting with other plugins or themes.
For example, if your plugin is called "Easy Custom Post Types", then you might prefix your functions with ecpt_{your function name here}. Similarly a define of LICENSE would be better done as ECPT_LICENSE. You can use namespaces instead, however make sure that those also are unique. A namespace or class of 'MyPlugin' is NOT actually all that unique.
This extends to anything in a define. For example, if you were to use this, it would be a bad idea:
define( 'PLUGIN_PATH', plugins_url( __FILE__ ) );
That define is a global, so PLUGIN_PATH could conflict with a number of other things.
Don't try to use two letter slugs anymore. As of 2016, all the good ones are taken. Instead consider easy_cpts_ (from the first example).
Similarly, don't use __ (double underscores), wp_ , or _ (single underscore) as a prefix. Those are reserved for WordPress itself. You can use them inside your classes, but not as stand-alone function.
Please update your plugin to use more unique function and class names.
Some examples from your plugin:
function my_plugin_menu()
function csv_file_ajax_fun()
----
Please make sure you've addressed ALL issues brought up in this email. When you've corrected your code, reply to this email with the updated code attached as a zip, or provide a link to the new code for us to review. If you have questions, concerns, or need clarification, please reply to this email and just ask us.
(While we have tried to make this review as exhaustive as possible we, like you, are humans and may have missed things. As such, we will re-review the ENTIRE plugin when you send it back to us. We appreciate your patience and understanding in this.)
↧
Rockon All in One Plugin
Easly manage 'breadcrumb, move script footer, content limit, add script on head/footer & enable/disable comment' in dashboard.
↧
Redirect Homepage After Logout
This plugin will enable to redirect user homepage after login.
↧
Brozzme Switch and Duplicate
A set of tools dedicated to post type, Post-type Switcher and Post Duplicate (works with any custom post-type).
↧
↧
Easy Widget Columns
Easily create fluid column layouts with your widgets.
↧
Widgetized Page Template
Automatically widgetize any page when using the Genesis Framework.
↧
Wordpress Admin10X
This plugin improves the performance of Wordpress Admin when a wordpress instance has many users.
↧