WordPress: 6.6.2
Theme Check: 20231220
Wordfence is warning of a malicious or unsafe file.
It looks to be a false positive. Is that correct?
Should the plugin, or Wordfence correct this?
File appears to be malicious or unsafe: wp-content/languages/plugins/theme-check-en_AU.l10n.php
thank you
]]>Hi,
My theme has a custom search form included in the header, similar to the one from the codex.
I need a custom one, because I’m using it for searching through posts only.
When running Theme Check, the following warning is returned:
WARNING: role="search" was found in header.php. Use get_search_form() instead of hard coding forms. Otherwise, the form can not be filtered.I don’t like warnings, is there a solution for this? Can I fix this somehow?
Guido
]]>Hi,
i have been creating a website using the creativity hub theme and i have publish it. when some other visitor go to my site on their device they are unable to see the background.i checked everything from my side i don’t know whats the problem some mistake from my end or is it a bug.
as these is an urgent requirement please give me some solution to these.
Thanks.
Is there a way to exclude source paths when attempting to use the plugin for testing during local development. We install WordPress Core and supporting plugin in a non-committed directory path of the theme, and mount the theme in a Docker environment so when running the plugin it is essentially scanning things it shouldn’t. Being required to use this plugin in some other completely separate process is clunky and not feasible for fast turnaround and on-going maintenance of our theme.
]]>There seems to be an issue with my Wholesale Coffee Dealers page as it is not displaying properly. I am not receiving a 404 not found error message, but the page is not showing up.
]]>Hello
Error in your plugin:
Your plugin show:
WARNING: Found?echo get_theme_mod?in?file_name.?Theme options must be escaped (Opens in a new window)..
BUT, for setting definition WP have special check algorithm, as example below for define “display_excerpt_or_full_post” settings, WP use “sanitize_callback” function:
$wp_customize->add_setting(
'display_excerpt_or_full_post',
array(
'capability' => 'edit_theme_options',
'default' => 'excerpt',
'sanitize_callback' => static function( $value ) {
return 'excerpt' === $value || 'full' === $value ? $value : 'excerpt';
},
)
);so as result we need define sanitize_callback function and also add same check for by pass your plugin check
I am using WordPress 6.3 and getting
WARNING:?sanitize_url()?found in the file?helpers/class-helpers.php. Deprecated since version?2.8. Use?esc_url()?instead.
Wasn’t sanitize_url() restored in 5.9 ?
I just installed and tried running the latest Theme Check and got this fatal error:
Fatal error: Uncaught Error: Call to undefined function get_theme_data_from_contents()
in /***/public_html/wp-content/plugins/theme-check/checks/style_tags.php on line 12
Call stack:
Style_Tags::check()
wp-content/plugins/theme-check/checkbase.php:114
run_themechecks()
wp-content/plugins/theme-check/checkbase.php:83
run_themechecks_against_theme()
wp-content/plugins/theme-check/main.php:27
check_main()
wp-content/plugins/theme-check/theme-check.php:66
ThemeCheckMain::themecheck_do_page()
wp-includes/class-wp-hook.php:310
WP_Hook::apply_filters()
wp-includes/class-wp-hook.php:334
WP_Hook::do_action()
wp-includes/plugin.php:517
do_action()
wp-admin/admin.php:259
require_once()
wp-admin/themes.php:10
The following filters are available at the themes directory block-editor-patterns, block-editor-styles, style-variations, but the theme check plugin reports those tags as not available.
]]>Hello, I am running this plugin on a hosted server (LiteSpeed, PHP 8.0.28) site with no issues. However, on my LAMP server (PHP 8.0.28), I get the following fatal error:PHP Fatal error: Uncaught Error: Undefined constant "T_COMMENT" in /wp-content/plugins/theme-check/checkbase.php:281 Stack trace: 0 /wp-content/plugins/theme-check/checkbase.php(61): tc_strip_comments() 1 /wp-content/plugins/theme-check/main.php(27): run_themechecks_against_theme() 2 /wp-content/plugins/theme-check/theme-check.php(66): check_main() 3 /wp-includes/class-wp-hook.php(308): ThemeCheckMain->themecheck_do_page() 4 /wp-includes/class-wp-hook.php(332): WP_Hook->apply_filters() 5 /wp-includes/plugin.php(517): WP_Hook->do_action() 6 /wp-admin/admin.php(259): do_action() 7 /wp-admin/themes.php(10): require_once('…') 8 {main} thrown in /wp-content/plugins/theme-check/checkbase.php on line 281Any pointers about the cause of this would be appreciated.
Hi,
Plugin was updated a few days ago but you forgot to change the “Tested up to” tag.
Guido
]]>Hey there,
I’ve just installed Theme Check and run it on the parent theme and on the child theme. I’m pretty new to this topics so my question is the follwing:
The parent theme seems to be ok, but the child theme check shows a lot of warnings. Can/should I ignore them and the Theme Check is only relevant for the parent theme or not?
Hi, you may want to run Theme Check on your own plugin..(!)
Warning: Unterminated comment starting line 44 in /Users/user/DESIGN/hod_wordpress/wp-content/plugins/theme-check/checkbase.php on line 233
Hello!
We have overrides for search forms from bbPress and BuddyPress plugins in our theme.
New version gives following warnings:
WARNING: role="search" was found in buddypress/common/search/search-form.php. Use get_search_form() instead of hard coding forms. Otherwise, the form can not be filtered.
WARNING: role="search" was found in bbpress/form-topic-search.php. Use get_search_form() instead of hard coding forms. Otherwise, the form can not be filtered.Also we’re using the TGMPA for recommending plugins and there is a warning in this file:
WARNING: WP_Filesystem was found in the file inc/tgm-plugin-activation/class-tgm-plugin-activation.php WP_Filesystem should only be used for theme upgrade operations, not for all file operations. Consider using file_get_contents(), scandir(), or glob() Line 692: * Uses WP_Filesystem to process and handle the plugin installationLine 697: * @uses WP_FilesystemLine 728: // Pass necessary information via URL if WP_Filesystem is needed.Line 741: $method = ''; // Leave blank so WP_Filesystem can populate it as necessary.Line 747: if ( ! WP_Filesystem( $creds ) ) {Line 748: request_filesystem_credentials( esc_url_raw( $url ), $method, true, false, array() ); // Setup WP_Filesystem.Line 897: wp_filesystem'] ) ) {Line 902: wp_filesystem']->dirlist( $remote_source ) );Line 903: wp_filesystem']->is_dir( $source ) ) {Line 931: wp_filesystem']->move( $from_path, $to_path ) ) {Line 2737: * through if a user has to use WP_Filesystem to enter their credentials.Line 2810: // Pass all necessary information if WP_Filesystem is needed.Line 2819: $method = ''; // Leave blank so WP_Filesystem can populate it as necessary.Line 2820: $fields = array_keys( $_POST ); // Extra fields to pass to WP_Filesystem.Line 2826: // Now we have some credentials, setup WP_Filesystem.Line 2827: if ( ! WP_Filesystem( $creds ) ) {
Do we need to fix these warnings? Because we really confused with them.
Thank you.
Best regards!
Hi,
Updated to new version, now a warning when running a test:
Warning: Undefined array key 1 in C:\wamp\www\klant\wp-content\plugins\theme-check\main.php on line 99
Relates to:
'<strong>' . esc_html( $version[1] ) . '</strong>'
Guido
]]>Hello. I am getting a few warnings, but they do not tell me the line number and there are too many possibilities to search for these. How can I see the line these errors occur on?
Her are teh errors:
WARNING: Found a translation function that is missing a text-domain. Function esc_html__, with the arguments
WARNING: Found a translation function that is missing a text-domain. Function _e, with the arguments 'gi-essence-theme'Hi guys,
I get this warning:
REQUIRED: A menu name is being used for a menu in filename.php. By using menu name, the menu would be required to have the exact same name in the WordPress admin area. Use a theme_location instead.
For this code:
<?php
wp_nav_menu( array(
'theme_location' => 'primary',
'container' => 'div',
'container_class' => 'menu',
'menu_class' => 'menu',
'depth' => 3,
'items_wrap' => '<ul>%3$s</ul>',
) );I presume this is because I’m setting 'menu' as classes and 'menu' is also attribute of wp_nav_menu().
I can not upload my theme update due to this, so I guess the best bet is to change the classes to something different.
Funny enough, Theme Check (version 20200922.1) plugin I have installed on my server does not report this, only when I upload a theme update to WPORG, it throws this error. Maybe theme check on WPORG should be updated?
Thanks and regards,
Oliver
]]>Hi, I’m using OCDI (One Click Demo Import) plugin and I’m using their local import files process. So I have wie files for importing widgets, XML for the site’s content and dat files for Customizer data. All of them are within my theme’s folder.
The problem is that I’m running Theme Check plugin and getting the following errors:
REQUIRED: widget.wie Widget import file found. This file must not be in a theme.
REQUIRED: demo-content.xml XML file found. This file must not be in a theme.
REQUIRED: customizer.dat Customizer import file found. This file must not be in a theme.
Why is that? Do I need to contact the OCDI developers so that can fix the issue?
]]>Hi!
I’m having exactly the same (minor) issue with Theme Check.
I reorganized my header in the same order than WP “TwentyTwentyOne”, which does not produce the warning.
Just as reported before:
Both the theme details modal and this plugin display the Tags correctly, but it says there are no Tags.
So there is a curious inconsistency here, and probably the regex that checks for “Tags” is somehow too sensitive.
Here is my header:
@charset "UTF-8";
/*
Theme Name: L'Oiseau 3.0 (bones)
Theme URI: https://www.themble.com/bones
Author: Jér?me Image
Author URI: https://xxx.xxx.xx
Description: Thème pour le site Comme une Image basé sur le Thème de développement Bones. For more information about Bones or to view documentation, you can visit the <a href="https://github.com/eddiemachado/bones/issues" title="Bones Issues">Bones Issues</a> page on Github. You'll want to customize this for your clients with your own information.
Requires at least: 4.7
Tested up to: 5.6
Requires PHP: 7.3
Version: 3.3
License: WTFPL
License URI: https://sam.zoy.org/wtfpl/
Text Domain: bonestheme
Tags: two-columns, right-sidebar, translation-ready, microformats, rtl-language-support, sticky-post
*/Hope it helps!
]]>My theme don’t have any Unsplash image.
I’m sure that it is come from FrontAwesome with Unsplash icon. See https://fontawesome.com/icons/unsplash
And I can’t control FontAwesome to use that name or not.
Please make sure that the code is checking for real image not just the name or mentioned to.
]]>Please fix this bug.
Warning: preg_match(): Unknown modifier ‘)’ in theme-check\checkbase.php on line 115
Hi,
Using version 20200731.1, WP 5.5.1 on a localhost. In wp-config I have debug to true.
When I run the themecheck, none of the tests run:
The message is:
Running 0 tests against Recycle using Guidelines Version: 20200731 Plugin revision: 1
I am not sure why this happens. Any ideas? Have you come across such issue before?
Thank you for the plugin BTW.
It saved me from a lot of my own bugs in the past.
Cheers!
Howdy, I couldn’t see any information on how to contribute, but I thought it might be good to add some checks for affiliate links. I whipped up this quick patch for it.
If there is a git repo or trac instance or some better way to contribute, happy to contribute there instead.
Index: checks/badthings.php
===================================================================
--- checks/badthings.php (revision 2355373)
+++ checks/badthings.php (working copy)
@@ -14,7 +14,9 @@
'/uudecode/ims' => __( 'uudecode() is not allowed', 'theme-check' ),
'/str_rot13/ims' => __( 'str_rot13() is not allowed', 'theme-check' ),
'/cx=[0-9]{21}:[a-z0-9]{10}/' => __( 'Google search code detected', 'theme-check' ),
- '/pub-[0-9]{16}/i' => __( 'Google advertising code detected', 'theme-check' )
+ '/pub-[0-9]{16}/i' => __( 'Google advertising code detected', 'theme-check' ),
+ '/sharesale/i' => __( 'Sharesale affiliate link detected', 'theme-check' ),
+ '/affiliate_id/i' => __( 'Potential affiliate link detected', 'theme-check' ),
);
$grep = '';Hi There,
We have been trying to use freemius for our WordPress theme and it is not being approved by theme checker. I am getting these errors while trying to submit.
WARNING: Found ><?php echo esc_attr( in subscription-cancellation.php. Only use esc_attr() inside HTML attributes. Use esc_html() between HTML tags. A manual review is needed.
Line 136: + ' <h4><?php echo esc_attr( sprintf( fs_text_inline( 'Cancel %s?', 'cancel-x', $s
REQUIRED: Both DOS and UNIX style line endings were found in the file user-change.php. This causes a problem with SVN repositories and must be corrected before the theme can be accepted. Please change the file to use only one style of line endings.
REQUIRED: Both DOS and UNIX style line endings were found in the file license-activation.php. This causes a problem with SVN repositories and must be corrected before the theme can be accepted. Please change the file to use only one style of line endings.
REQUIRED: Both DOS and UNIX style line endings were found in the file data-debug-mode.php. This causes a problem with SVN repositories and must be corrected before the theme can be accepted. Please change the file to use only one style of line endings.
REQUIRED: wp_get_sites() found in the file class-freemius.php. Deprecated since version 4.6. Use get_sites instead.Here is the link to their changelog: [changelog.txt](https://github.com/WordPress/theme-check/blob/master/changelog.txt)
Not only can they not be bothered to post their changelog (Copy Paste is quick, easy, non-adversarial, helpful, and transparent), but they cannot even bother to LINK to their Changelog!
What a new low.
I generally view such tactics as toxic, anti-user, lazy, and an indication that the programmers/owners think of users as unworthy, and that they likely do not have user interests in mind. Obscurity, difficulty, and lack of transparency tends to be a tactic used by people who do not want to you have information, do not want you to know what they are doing, and are doing something shady. Or they are simply so lazy that should you even trust them anyway. At a minimum they care about you not at all.
If none of the above applies, please consider simply pasting your changelog into the Changelog Tab. You can *also* add a LINK to your Changelog.txt file on GitHub. Most users have No Idea how to find the file you currently only allude to.
Thanks.
]]>Hi Carolina / @poena
Have updated Theme Check to latest version and with a certain theme (not one from org) I’m getting this warning:
Warning: preg_match(): No ending delimiter '$' found in C:\wamp\www\my-domain\wp-content\plugins\theme-check\checkbase.php on line 110
Guido
]]>I check your plugin and i got a bug on main.php:55
before
echo (!empty($data['Tags'])) ? '<p><label>' . __('Tags', 'theme-check') . '</label><span class="info">' . implode($data['Tags'], ', ') . '</span></p>' : '';
echo (!empty($data['Tags'])) ? '<p><label>' . __('Tags', 'theme-check') . '</label><span class="info">' . implode(', ', $data['Tags']) . '</span></p>' : '';
Hi,
I’ve read at the WPTavern that this plugin is being updated soon. I would like to know if there’s a planned date for this?
Guido
]]>Hi!
I get the error:
WARNING: Your theme appears to be in the wrong directory for the theme name. The directory name must match the slug of the theme. This theme's correct slug and text-domain is theme-name.
(If this is a child theme, you can ignore this error.)But I use theme (folder) name themename (without a dash) to avoid of Theme Sniffer plugin namespacing errors.
And I don’t have theme-name in the theme files at all.
Is this a plugin’s mistake or I have to check something else?
Thank you in advance!
]]>I am debugging a website where the admin area is completely failing.
Can this plugin still be used?