WordPress.org

Make WordPress Themes

Opened 14 months ago

Closed 9 months ago

Last modified 6 months ago

#29988 closed theme (not-approved)

THEME: Suffusion – 4.4.9

Reported by: sayontan Owned by: jcastaneda
Priority: previously reviewed Keywords: theme-suffusion
Cc: sayontan@…

Description

Suffusion - 4.4.9

An elegant, responsive and versatile theme with a power-packed set of options and semantic HTML5-based markup. It supports Mega-Menus, custom layout templates, advanced support for custom post types, customizable drop-down menus, featured sliders, tabbed sidebars, a magazine layout and lots of enhanced widgets for Twitter, Flickr, Google etc. It has 19 widget areas, one-column, two-column and three-column responsive, fixed-width and flexible-width layouts, 9 pre-defined templates and 19 pre-defined color schemes. Responsive capabilities are switched on by a single click. RTL support is built-in and translations in many languages are available. Custom Post Types and Custom Taxonomies are integrated. Compatibility packs for BuddyPress, bbPress, Jigoshop and WooCommerce are available as plugins for smooth integration. Support forum at http://www.aquoid.com/forum.

Theme URL - http://aquoid.com/news/themes/suffusion/
Author URL - http://mynethome.net/blog

SVN - https://themes.svn.wordpress.org/suffusion/4.4.9
ZIP - https://wordpress.org/themes/download/suffusion.4.4.9.zip?nostats=1

Diff with previous version: https://themes.trac.wordpress.org/changeset?old_path=suffusion/4.4.8&new_path=suffusion/4.4.9

History:

Ticket Summary Status Resolution Owner
#49 THEME: Suffusion - 3.5.4 closed not-approved pross
#252 THEME: Suffusion - 3.5.5 closed closed-newer-version-uploaded
#324 THEME: Suffusion - 3.5.6 closed live
#340 THEME: Suffusion - 3.5.7 closed live
#391 THEME: Suffusion - 3.5.8 closed closed-newer-version-uploaded
#456 THEME: Suffusion - 3.5.9 closed closed-newer-version-uploaded
#589 THEME: Suffusion - 3.6.0 closed not-approved cais
#598 THEME: Suffusion - 3.6.1 closed closed-newer-version-uploaded
#604 THEME: Suffusion - 3.6.2 closed not-approved Frumph
#656 THEME: Suffusion - 3.6.3 closed suggest-approval Frumph
#966 THEME: Suffusion - 3.6.4 closed suggest-approval Frumph
#975 THEME: Suffusion - 3.6.5 closed live
#1094 THEME: Suffusion - 3.6.6 closed suggest-approval Fingli
#1936 THEME: Suffusion - 3.6.7 closed live cais
#1937 THEME: Suffusion - 3.6.8 closed live chipbennett
#1981 THEME: Suffusion - 3.6.9 closed live chipbennett
#2169 THEME: Suffusion - 3.7.0 closed not-approved Fingli
#2180 THEME: Suffusion - 3.7.1 closed live Fingli
#2302 THEME: Suffusion - 3.7.2 closed live Frumph
#2319 THEME: Suffusion - 3.7.3 closed live furciferrising
#3029 THEME: Suffusion - 3.7.4 closed not-approved emiluzelac
#3036 THEME: Suffusion - 3.7.5 closed live emiluzelac
#3048 THEME: Suffusion - 3.7.6 closed live emiluzelac
#3057 THEME: Suffusion - 3.7.7 closed live cais
#3123 THEME: Suffusion - 3.7.8 closed live chipbennett
#4407 THEME: Suffusion - 3.7.9 closed live ArnoldGoodway
#4414 THEME: Suffusion - 3.8.0 closed live ArnoldGoodway
#4455 THEME: Suffusion - 3.8.1 closed live emiluzelac
#4622 THEME: Suffusion - 3.8.2 closed live garinungkadol
#5268 THEME: Suffusion - 3.8.3 closed live SeizedPropaganda
#5395 THEME: Suffusion - 3.8.4 closed closed-newer-version-uploaded
#5396 THEME: Suffusion - 3.8.5 closed closed-newer-version-uploaded
#5403 THEME: Suffusion - 3.8.6 closed closed-newer-version-uploaded
#5404 THEME: Suffusion - 3.8.7 closed closed-newer-version-uploaded
#5407 THEME: Suffusion - 3.8.8 closed closed-newer-version-uploaded SeizedPropaganda
#5430 THEME: Suffusion - 3.8.9 closed live SeizedPropaganda
#5499 THEME: Suffusion - 3.9.0 closed live chipbennett
#5608 THEME: Suffusion - 3.9.1 closed live chipbennett
#5647 THEME: Suffusion - 3.9.2 closed live chipbennett
#5879 THEME: Suffusion - 3.9.3 closed closed-newer-version-uploaded emiluzelac
#5975 THEME: Suffusion - 3.9.4 closed live emiluzelac
#5984 THEME: Suffusion - 3.9.5 closed live chipbennett
#6083 THEME: Suffusion - 3.9.6 closed live garinungkadol
#6477 THEME: Suffusion - 4.0.0 closed live life.object
#6614 THEME: Suffusion - 4.0.1 closed live life.object
#6629 THEME: Suffusion - 4.0.2 closed live Fingli
#6722 THEME: Suffusion - 4.0.3 closed not-approved kobenland
#6733 THEME: Suffusion - 4.0.4 closed live kobenland
#7218 THEME: Suffusion - 4.0.5 closed live jason-g
#7347 THEME: Suffusion - 4.0.6 closed live kobenland
#7467 THEME: Suffusion - 4.0.7 closed live kobenland
#7582 THEME: Suffusion - 4.2.0 closed live life.object
#8143 THEME: Suffusion - 4.2.1 closed live emiluzelac
#8159 THEME: Suffusion - 4.2.2 closed live emiluzelac
#8300 THEME: Suffusion - 4.2.3 closed live kobenland
#8408 THEME: Suffusion - 4.2.4 closed live kobenland
#8507 THEME: Suffusion - 4.2.5 closed live kobenland
#8604 THEME: Suffusion - 4.2.6 closed live pseudoxiah
#8776 THEME: Suffusion - 4.2.7 closed live kobenland
#8908 THEME: Suffusion - 4.2.8 closed live sixhours
#9152 THEME: Suffusion - 4.2.9 closed live emiluzelac
#9172 THEME: Suffusion - 4.3.0 closed live applextrent
#9273 THEME: Suffusion - 4.3.1 closed live nishasingh
#9453 THEME: Suffusion - 4.3.2 closed live kobenland
#9568 THEME: Suffusion - 4.3.3 closed live emiluzelac
#9998 THEME: Suffusion - 4.4.0 closed live
#10028 THEME: Suffusion - 4.4.1 closed live max2501
#10048 THEME: Suffusion - 4.4.2 closed live applextrent
#10188 THEME: Suffusion - 4.4.3 closed live nishasingh
#10320 THEME: Suffusion - 4.4.4 closed live nishasingh
#10649 THEME: Suffusion - 4.4.5 closed live
#10782 THEME: Suffusion - 4.4.6 closed live tskk
#13739 THEME: Suffusion - 4.4.7 closed live emiluzelac
#28485 THEME: Suffusion – 4.4.8 closed live karmatosed
#29988 THEME: Suffusion – 4.4.9 closed not-approved jcastaneda

(this ticket)


https://themes.svn.wordpress.org/suffusion/4.4.9/screenshot.png

Change History (8)

#1 @emiluzelac
14 months ago

  • Owner set to emiluzelac
  • Status changed from new to reviewing

#2 @emiluzelac
14 months ago

  • Resolution set to live
  • Status changed from reviewing to closed

Theme updates.

#3 @jcastaneda
9 months ago

  • Resolution live deleted
  • Status changed from closed to reopened

Hi!

Wanted to post and let you know that I am getting a fatal error when activating the theme. For this reason I have de-listed the theme from the repo.

PHP Fatal error:  Call to undefined function suffusion_sc_audio() suffusion/post-formats/content-audio.php on line 20

Taking a closer look I can tell you there are a lot of things that would also need to be fixed per the theme review requirements:
https://make.wordpress.org/themes/handbook/review/required

The biggest one being the fatal error, followed by the redirect upon activation. What worries me is that this theme has been using an options page and not the customizer. This has been a requirement since October 21, 2015. The post was made in April 2015 that all themes would need to meet this requirement.

What this means now is that the theme will now have to undergo a more thorough review to verify it meets all the requirements. I will assign this to me and will conduct the review. Expect another comment later today with a more extensive review.

I am sorry that is has come to this but I think it will be for the better as well. For the users as well as yourself. :)

#4 @jcastaneda
9 months ago

  • Owner changed from emiluzelac to jcastaneda
  • Status changed from reopened to reviewing

#5 @jcastaneda
9 months ago

  • One of the many things I do see is you are not escaping your variables. This could lead to a lot of problems dealing with security. Things like: class="<?php echo $suf_wa_waaf_style; ?> need to be escaped properly using esc_attr() or even esc_js() where appropriate. It does worry me a little running a quick regex search for echo \$ and finding 843 results in 49 files.
  • All the custom CSS you are using needs to be properly enqueued and use the proper hooks/actions. In particular: custom-styles.php. Make sure you use wp_add_inline_style()
  • Another thing I am seeing is the use of global $post on a lot of files. There should be no need to be using that. Inside of the loop you would ideally call get_the_ID() if you need the posts ID. It sounds like you aren't resetting the post data properly after a new WP_Query.
  • One other thing I do see is that lack of validation/sanitation in your widgets. For example in your child pages widget you are using:
$instance["post_thumbnail_size"] = $new_instance["post_thumbnail_size"];

What is it you are expecting? is is a number for the width, an array of numbers, a string, a specific value? This needs to be validated and sanitized before being saved to the database.

  • The downside is that you will have to remove the Subscription widget, Google Translator widget, Query Posts widget, and Query Users widget . This is actually functionality that users don't want to lose when a theme is switched. What is good is you could turn those into standalone plugins.
  • I see that there a lot, and I mean a lot, of text strings that are not translation ready either. For example:
<?php // missing translation
array("name" => "Don't Panic!!",
        "desc" => "Welcome to Suffusion! But first...<br />
                <div class='suf-huge centered fix'>DON'T PANIC!!</div>
                <p>At first the number of options in Suffusion might alarm you, but don't panic, everything is organized well enough for you to find your way.
                You begin with the basic aspects of look-and-feel, then make your way into the more complex and innovative aspects of the theme.</p>",
        "parent" => "welcome",
        "type" => "blurb"
)

All the text strings would need to be wrapped in translation functions accordingly.

  • In your comments.php file you can actually use the core filter rather than having to rely on building your own as well. At least then you can remove lines 32 through 91 as well as 94 through 113 and simply putting those in your functions file or filter file.
  • You do have to remove suffusion_resize as that is plugin territory.
  • Please be sure to also include the un-minified version of your bundled scrips and styles as well
  • I didn't see much in the sense of license/copyright declarations for all of your bundled resources. This applies to images, CSS, JS, and PHP files.
  • The gradient file will have to be removed since you are creating content. If if it just a gradient you are looking to use, using CSS gradients would be ideal and is supported by many modern browsers as well: http://caniuse.com/#feat=css-gradients

I can tell you right off the bat this is a lot of work you will have to do. I am more than happy to help you along the way in leaving this open until you are ready to submit the revised version. :)

I'm sure we can come up with a good update plan so we don't break things along the way as well.

#6 @sayontan
9 months ago

Barring the fatal error, pretty much everything in the above can be rebutted. E.g. The "unescaped variables" are all options that are stored in the database through the standard WP Options API. There is a single options array that stores them, and they are all retrieved in one shot and named variables. If you are saying those can be compromised, you need to be looking at WP security, not the theme's.

However, given that I have always come out at the losing end of these discussions, please feel free to keep the theme suspended. I have neither the inclination nor energy to get drawn into this again, particularly since the customizer implementation is back-breaking, and the users of the theme had been perfectly happy with the theme in its current state and the once-in-a-while critical updates that they were getting.

#7 @jcastaneda
9 months ago

  • Priority changed from theme update to previously reviewed
  • Resolution set to not-approved
  • Status changed from reviewing to closed

However, given that I have always come out at the losing end of these discussions, please feel free to keep the theme suspended

If that is the case, I'll close this ticket out, but if you ever do change your mind you can still upload a revised version but it will go to the queue of tickets.

#8 @eyeswiseopen
6 months ago

This is a total disaster!!!!!
It is the best theme ever...
Nothing else really compares.
Love the ability to control every aspect of the site design it provides, like no other.
Bring it back, bring it back, bring it back....
Please please please...

Note: See TracTickets for help on using tickets.