WordPress.org

Make WordPress Themes

Opened 3 years ago

Closed 2 years ago

#25402 closed theme (not-approved)

THEME: Corsa – 1.4.1

Reported by: woorockets Owned by: poena
Priority: theme update Keywords: theme-corsa
Cc: woorockets@…, emiluzelac

Description

Corsa - 1.4

Corsa is a responsive theme with modern flat design in bright colors and exotic typography, emphasizing clarity and usability. Corsa is made to be best suited for personal blog, business or ecommerce website, but it can be powerfully customized with visual page builder to be suitable for any other kinds of websites. Corsa comes with functions of a premium theme: One-click sample data installation; Powerful plugin WR PageBuilder integration; Google fonts collection; Shortcodes for advanced page elements and many other features. The theme is compatible with WooCommerce, WPML, bbPress and other popular plugins… Preview live demo with 5 color schemes at http://demo.woorockets.com/#corsa

Theme URL - http://www.woorockets.com/themes/corsa/
Author URL - http://www.woorockets.com/

SVN - https://themes.svn.wordpress.org/corsa/1.4
ZIP - https://wordpress.org/themes/download/corsa.1.4.zip?nostats=1

Diff with previous version: https://themes.trac.wordpress.org/changeset?old_path=corsa/1.3&new_path=corsa/1.4

History:

Ticket Summary Status Resolution Owner
#21165 THEME: Corsa - 1.0.2 closed live jugname
#22359 THEME: Corsa - 1.1 closed live karmatosed
#22781 THEME: Corsa - 1.2 closed live karmatosed
#24169 THEME: Corsa – 1.3 closed live jcastaneda
#25402 THEME: Corsa – 1.4.1 closed not-approved poena

(this ticket)

#26144 THEME: Corsa – 1.5 closed live kafleg


https://themes.svn.wordpress.org/corsa/1.4/screenshot.png

Change History (9)

#1 @poena
2 years ago

  • Owner set to poena
  • Status changed from new to reviewing

#2 @poena
2 years ago

Hi!
When I did a test run of the theme I'm afraid I found a couple of issues. Some of them are related to this update, but some are not.

Language
All theme text strings are to be translatable.
(See https://make.wordpress.org/themes/handbook/review/required/#language)
This includes the text in welcome.php, "View the collection now" etc.
Wrong text domain found in extras.php. line 295: ( 'Page %s', 'anhgreen' )

All your theme options must be escaped on output. Most seem to be escaped, like the social links,
but wr_corsa_custom_head() and wr_corsa_custom_footer() are only echoed.

-Themes are not allowed to redirect the user on activation.
-GA campaign tracking is not allowed.
-No URL shorteners should be used in the theme.
(reference: https://wordpress.slack.com/archives/themereview/p1435167249000051
https://make.wordpress.org/themes/handbook/review/required/#security-and-privacy)

-The blue top bar is way too intrusive.

-No author social links are allowed.
-You can't use your own social links as default values.
(Reference: https://wordpress.slack.com/archives/themereview/p1417460465004959)

(newsletter subscription is allowed)

In the customizer, the show comments option must correspond with the options in Settings-> Discussion since this is a core setting and functionality. The user should be able to change this per post basis.


Note:
the screenshot used on the about page does not seem to be of this theme?

#3 @poena
2 years ago

Hi, any update on this? Tickets are kept open for seven days without activity.

#4 @woorockets
2 years ago

Replying to poena:

Hi, any update on this? Tickets are kept open for seven days without activity.

Hi @poena,

Sorry for my late reply as I've just come back from my holiday. I'm working on it right now and will update new version very soon.

Regards,
WooRockets Team.

Last edited 2 years ago by woorockets (previous) (diff)

#5 @themetracbot
2 years ago

  • Summary changed from THEME: Corsa – 1.4 to THEME: Corsa – 1.4.1

Corsa - 1.4.1

Corsa is a responsive theme with modern flat design in bright colors and exotic typography, emphasizing clarity and usability. Corsa is made to be best suited for personal blog, business or ecommerce website, but it can be powerfully customized with visual page builder to be suitable for any other kinds of websites. Corsa comes with functions of a premium theme: One-click sample data installation; Powerful plugin WR PageBuilder integration; Google fonts collection; Shortcodes for advanced page elements and many other features. The theme is compatible with WooCommerce, WPML, bbPress and other popular plugins… Preview live demo with 5 color schemes at http://demo.woorockets.com/#corsa

Theme URL - http://www.woorockets.com/themes/corsa/
Author URL - http://www.woorockets.com/

SVN - https://themes.svn.wordpress.org/corsa/1.4.1
ZIP - https://wordpress.org/themes/download/corsa.1.4.1.zip?nostats=1

Diff with previous version: https://themes.trac.wordpress.org/changeset?old_path=corsa/1.4&new_path=corsa/1.4.1

History:

Ticket Summary Status Resolution Owner
#21165 THEME: Corsa - 1.0.2 closed live jugname
#22359 THEME: Corsa - 1.1 closed live karmatosed
#22781 THEME: Corsa - 1.2 closed live karmatosed
#24169 THEME: Corsa – 1.3 closed live jcastaneda
#25402 THEME: Corsa – 1.4.1 closed not-approved poena

(this ticket)

#26144 THEME: Corsa – 1.5 closed live kafleg


https://themes.svn.wordpress.org/corsa/1.4.1/screenshot.png

#6 @poena
2 years ago

  • Cc emiluzelac added

Great, Looks like most problems were fixed, thank you.

I will need to check with an admin if ent2ncr() is enough to escape these. Can you define "code"? I mean is it intended to let both javascript and css through or..?

When I wrote that no author social links are allowed, I meant that the "Share Corsa" tweet and the two "follow us" links needs to be removed.

#7 @emiluzelac
2 years ago

ent2ncr is a convertor and does this:

function ent2ncr($text) {
 
    /**
     * Filter text before named entities are converted into numbered entities.
     *
     * A non-null string must be returned for the filter to be evaluated.
     *
     * @since 3.3.0
     *
     * @param null   $converted_text The text to be converted. Default null.
     * @param string $text           The text prior to entity conversion.
     */
    $filtered = apply_filters( 'pre_ent2ncr', null, $text );
    if( null !== $filtered )
        return $filtered;
 
    $to_ncr = array(
        '"' => '"',
        '&' => '&',
        '<' => '<',
        '>' => '>',
        '|' => '|',
        ' ' => ' ',
        '¡' => '¡',
        '¢' => '¢',
        '£' => '£',
        '¤' => '¤',
        '¥' => '¥',
        '¦' => '¦',
        '&brkbar;' => '¦',
        '§' => '§',
        '¨' => '¨',
        '¨' => '¨',
        '©' => '©',
        'ª' => 'ª',
        '«' => '«',
        '¬' => '¬',
        '­' => '­',
        '®' => '®',
        '¯' => '¯',
        '&hibar;' => '¯',
        '°' => '°',
        '±' => '±',
        '²' => '²',
        '³' => '³',
        '´' => '´',
        'µ' => 'µ',
        '¶' => '¶',
        '·' => '·',
        '¸' => '¸',
        '¹' => '¹',
        'º' => 'º',
        '»' => '»',
        '¼' => '¼',
        '½' => '½',
        '¾' => '¾',
        '¿' => '¿',
        'À' => 'À',
        'Á' => 'Á',
        'Â' => 'Â',
        'Ã' => 'Ã',
        'Ä' => 'Ä',
        'Å' => 'Å',
        'Æ' => 'Æ',
        'Ç' => 'Ç',
        'È' => 'È',
        'É' => 'É',
        'Ê' => 'Ê',
        'Ë' => 'Ë',
        'Ì' => 'Ì',
        'Í' => 'Í',
        'Î' => 'Î',
        'Ï' => 'Ï',
        'Ð' => 'Ð',
        'Ñ' => 'Ñ',
        'Ò' => 'Ò',
        'Ó' => 'Ó',
        'Ô' => 'Ô',
        'Õ' => 'Õ',
        'Ö' => 'Ö',
        '×' => '×',
        'Ø' => 'Ø',
        'Ù' => 'Ù',
        'Ú' => 'Ú',
        'Û' => 'Û',
        'Ü' => 'Ü',
        'Ý' => 'Ý',
        'Þ' => 'Þ',
        'ß' => 'ß',
        'à' => 'à',
        'á' => 'á',
        'â' => 'â',
        'ã' => 'ã',
        'ä' => 'ä',
        'å' => 'å',
        'æ' => 'æ',
        'ç' => 'ç',
        'è' => 'è',
        'é' => 'é',
        'ê' => 'ê',
        'ë' => 'ë',
        'ì' => 'ì',
        'í' => 'í',
        'î' => 'î',
        'ï' => 'ï',
        'ð' => 'ð',
        'ñ' => 'ñ',
        'ò' => 'ò',
        'ó' => 'ó',
        'ô' => 'ô',
        'õ' => 'õ',
        'ö' => 'ö',
        '÷' => '÷',
        'ø' => 'ø',
        'ù' => 'ù',
        'ú' => 'ú',
        'û' => 'û',
        'ü' => 'ü',
        'ý' => 'ý',
        'þ' => 'þ',
        'ÿ' => 'ÿ',
        'Œ' => 'Œ',
        'œ' => 'œ',
        'Š' => 'Š',
        'š' => 'š',
        'Ÿ' => 'Ÿ',
        'ƒ' => 'ƒ',
        'ˆ' => 'ˆ',
        '˜' => '˜',
        'Α' => 'Α',
        'Β' => 'Β',
        'Γ' => 'Γ',
        'Δ' => 'Δ',
        'Ε' => 'Ε',
        'Ζ' => 'Ζ',
        'Η' => 'Η',
        'Θ' => 'Θ',
        'Ι' => 'Ι',
        'Κ' => 'Κ',
        'Λ' => 'Λ',
        'Μ' => 'Μ',
        'Ν' => 'Ν',
        'Ξ' => 'Ξ',
        'Ο' => 'Ο',
        'Π' => 'Π',
        'Ρ' => 'Ρ',
        'Σ' => 'Σ',
        'Τ' => 'Τ',
        'Υ' => 'Υ',
        'Φ' => 'Φ',
        'Χ' => 'Χ',
        'Ψ' => 'Ψ',
        'Ω' => 'Ω',
        'α' => 'α',
        'β' => 'β',
        'γ' => 'γ',
        'δ' => 'δ',
        'ε' => 'ε',
        'ζ' => 'ζ',
        'η' => 'η',
        'θ' => 'θ',
        'ι' => 'ι',
        'κ' => 'κ',
        'λ' => 'λ',
        'μ' => 'μ',
        'ν' => 'ν',
        'ξ' => 'ξ',
        'ο' => 'ο',
        'π' => 'π',
        'ρ' => 'ρ',
        'ς' => 'ς',
        'σ' => 'σ',
        'τ' => 'τ',
        'υ' => 'υ',
        'φ' => 'φ',
        'χ' => 'χ',
        'ψ' => 'ψ',
        'ω' => 'ω',
        'ϑ' => 'ϑ',
        'ϒ' => 'ϒ',
        'ϖ' => 'ϖ',
        ' ' => ' ',
        ' ' => ' ',
        ' ' => ' ',
        '‌' => '‌',
        '‍' => '‍',
        '‎' => '‎',
        '‏' => '‏',
        '–' => '–',
        '—' => '—',
        '‘' => '‘',
        '’' => '’',
        '‚' => '‚',
        '“' => '“',
        '”' => '”',
        '„' => '„',
        '†' => '†',
        '‡' => '‡',
        '•' => '•',
        '…' => '…',
        '‰' => '‰',
        '′' => '′',
        '″' => '″',
        '‹' => '‹',
        '›' => '›',
        '‾' => '‾',
        '⁄' => '⁄',
        '€' => '€',
        'ℑ' => 'ℑ',
        '℘' => '℘',
        'ℜ' => 'ℜ',
        '™' => '™',
        'ℵ' => 'ℵ',
        '↵' => '↵',
        '⇐' => '⇐',
        '⇑' => '⇑',
        '⇒' => '⇒',
        '⇓' => '⇓',
        '⇔' => '⇔',
        '∀' => '∀',
        '∂' => '∂',
        '∃' => '∃',
        '∅' => '∅',
        '∇' => '∇',
        '∈' => '∈',
        '∉' => '∉',
        '∋' => '∋',
        '∏' => '∏',
        '∑' => '∑',
        '−' => '−',
        '∗' => '∗',
        '√' => '√',
        '∝' => '∝',
        '∞' => '∞',
        '∠' => '∠',
        '∧' => '∧',
        '∨' => '∨',
        '∩' => '∩',
        '∪' => '∪',
        '∫' => '∫',
        '∴' => '∴',
        '∼' => '∼',
        '≅' => '≅',
        '≈' => '≈',
        '≠' => '≠',
        '≡' => '≡',
        '≤' => '≤',
        '≥' => '≥',
        '⊂' => '⊂',
        '⊃' => '⊃',
        '⊄' => '⊄',
        '⊆' => '⊆',
        '⊇' => '⊇',
        '⊕' => '⊕',
        '⊗' => '⊗',
        '⊥' => '⊥',
        '⋅' => '⋅',
        '⌈' => '⌈',
        '⌉' => '⌉',
        '⌊' => '⌊',
        '⌋' => '⌋',
        '⟨' => '〈',
        '⟩' => '〉',
        '←' => '←',
        '↑' => '↑',
        '→' => '→',
        '↓' => '↓',
        '↔' => '↔',
        '◊' => '◊',
        '♠' => '♠',
        '♣' => '♣',
        '♥' => '♥',
        '♦' => '♦'
    );
 
    return str_replace( array_keys($to_ncr), array_values($to_ncr), $text );
}

#8 @poena
2 years ago

Yes it is there in the developer section :) I think it would be fine if we could be 100% sure that the data is sanitized. It is properly sanitized: unless someone tries to manipulate or accidentally changes it before output... which is unlikely but possible, right?

#9 @poena
2 years ago

  • Resolution set to not-approved
  • Status changed from reviewing to closed

Closing as not approved since there has been no activity from the theme author in
7 days.
Please fix the remaining issues with your next update:
Author social links
escaping

Note: See TracTickets for help on using tickets.