Posts by crossroad

305 posts
  • Has been part of the Envato Community for over 2 years
  • Sells items exclusively on Envato Market
crossroad says

305 posts
  • Has been part of the Envato Community for over 2 years
  • Sells items exclusively on Envato Market
crossroad says

Firefox is throwing this warning on all pages on themeforest

305 posts
  • Has been part of the Envato Community for over 2 years
  • Sells items exclusively on Envato Market
crossroad says

That means you will probably see a lot more of me on these forums

6 months = 2 posts

305 posts
  • Has been part of the Envato Community for over 2 years
  • Sells items exclusively on Envato Market
crossroad says

305 posts
  • Has been part of the Envato Community for over 2 years
  • Sells items exclusively on Envato Market
crossroad says

I cannot login, it says incorrect password but it is not. Is anyone else facing difficulties to login?

305 posts
  • Has been part of the Envato Community for over 2 years
  • Sells items exclusively on Envato Market
crossroad says

@LoveThemes:

IMO, this is pointless. As you see _e only echoes, it doesn’t do anything else. So if an attacker just want to ECHO anything why would he even need to target _e or php echo function? Why dont you just inject anything in the html?

Also check the Wordpress.org themes directory and see how many themese use esc_html_e instead of _e for the translation strings.

305 posts
  • Has been part of the Envato Community for over 2 years
  • Sells items exclusively on Envato Market
crossroad says

Take this example of yours:
<span><?php _e('Written by:', 'virtuti'); ?> <?php the_author(); ?></span>
Now imagine a user compromised your site and managed to inject some malicious Javascript in there:
<span><?php _e('<script>BAD CODE</script>', 'virtuti'); ?> <?php the_author(); ?></span>

That script will execute when that page is loaded. BAD!

Using esc_html_e instead:
<span><?php esc_html_('Written by:', 'virtuti'); ?> <?php the_author(); ?></span>

There’s not even a single reference of that in the WordPress official codex, neither I could find any other link which tells that using _e is unsafe. Could you refer to some documentation?

305 posts
  • Has been part of the Envato Community for over 2 years
  • Sells items exclusively on Envato Market
crossroad says

Thanks for the quick reply :)

305 posts
  • Has been part of the Envato Community for over 2 years
  • Sells items exclusively on Envato Market
crossroad says

Does anyone know which text editor it is? Really liked the syntax highlighting colors:

305 posts
  • Has been part of the Envato Community for over 2 years
  • Sells items exclusively on Envato Market
crossroad says

Permitted or not, this is really a bad idea to create so many different image sizes. You are creating 12 custom image sizes, WordPress will create 3 default sizes + 1 original image. So you will be creating 16 image copies for a single image, which is A LOT, as it will be using lots of server reources.

Also note, many users might not even use the features. For example if someone is using 3 columns masonry layout, s/he wont be using 4 columns layout as well. Similarly with the portfolio, blog grid, team image sizes. You are generating too many extra image sizes which will never be used by a user.

by
by
by
by
by
by