Not to beat a dead horse, but I think it’s important that people using extensions understand that it’s a two-way street. You’re blaming the theme’s extensions, but the other extensions you installed are modifying the same core code or else you wouldn’t be having a conflict. Both are responsible here, and neither could have legitimate bugs. Installing both creates a state which requires integration to mediate, and that’s not a bug.
I don’t know anything about the code quality of the products you’re mentioning, but if the theme rewrites are breaking extensions then they’re also rewriting the same core code. You just happen to be blaming the theme.
In 9/10 cases an extension has higher authority (and last opportunity) to override the core than a theme. Any extension can add hooks that modify the theme’s assembly, which makes themes powerless to prevent many layout/block modifications.
If the theme didn’t work as demoed in a fresh Magento install that would be a bug. But that isn’t the scenario you’re describing. You do need integration to mesh two custom packages. That isn’t the theme’s or extension’s job. All they can do is minimize potential conflicts and document how it might happen (they may or may not).
In many cases, it’s easy to resolve but sometimes it’s not. It depends what you’re trying to modify. Just keep in mind that you ultimately need to be able to support any code you add into the system. Depending on perfect integration out-of-box from everyone else is a recipe for disaster in any platform.
For the record: this is not a Magento exploit or Magento vulnerability. It’s only a security risk if your admin password is breached or you install a malicious extension. Obviously in either case, security can be compromised but this is not a flaw in Magento’s architecture. It’s bad behavior on the administrator’s part for not maintaining their password securely or performing a code review of any extension installed.
Nexcess is one of the best places to host Magento by the way, as proven by that article and the steps they took to scan all clients using their infrastructure.
Has anyone ever had an item update rejected?
First ask the author if they’re available for customization work. Nobody is better suited to help you efficiently.
First, don’t assume the theme is broken and the extension isn’t. Second, don’t assume either is broken. Third, what you probably need is integration so both can work fine together.
There are over 6500 extensions and themes listed on Magento Connect alone. It’s impossible to expect zero collisions when pushing two independently developed sets of code together.
Be realistic. Themes can’t test with thousands of extensions. Extensions can’t test with thousands of themes. Both extensions and themes can do things that break the other even when all best practices are followed. That’s the nature of modifying or extending core code in any platform.
You need to work with a developer to resolve conflicts from integration. It’s not the extension or theme developer’s job to complete your project’s integration. It’s your job to retain someone who can do that because your project requires it. Requesting a refund because you didn’t do that is not a bug in those products.
All I see is green. It’s kind of distracting because it looks like one author dominating every thread. Was much better when the grey default avatar receded into the background (like a user without any avatar should).
I would be dollars to pesos for almost any website that Safari for Windows has fewer users than IE7.
Don’t waste your time testing all browsers. Test relevant browsers. When a project has specific needs then test further.
Have the client buy it, or make an account for them and hand it over. It saves a huge headache when they want to update later and aren’t working with you (it happens more than you think). If they own the license and have a valid purchase code it clears away so much frustration vetting them.