0
Validation results

My Listing

My Listing

WordPress 6.4.3 theme
0
  • THEME TYPEWordPress theme 6.4.3
  • FILE NAMEmy-listing.zip
  • FILE SIZE5090960 bytes
  • MD58067af4a3b03b09673ce40562e6e6cb0
  • SHA17ee04a901436ec97c705b7ac3d12dfd44102277f
  • LICENSEGNU GPL 2
  • FILES INCLUDEDCSS, PHP, Bitmap images
  • VERSION2.8
  • AUTHOR URI
  • TAGSone-column, two-columns, three-columns, left-sidebar, right-sidebar, grid-layout, custom-menu, custom-logo, featured-images, footer-widgets, full-width-template, sticky-post, theme-options, threaded-comments, translation-ready
  • CREATION DATE2022-04-08
  • LAST FILE UPDATE2022-04-08
  • LAST VALIDATION2022-04-08 07:52
  • OTHER VERSIONS

    2.9.2 : 0%

    2.9.10 : 0%

    2.6.6 : 0%

    2.6.4 : 0%

    2.4.6 : 0%

    2.4.4 : 0%

    2.4.2 : 0%

    2.1.7 : 0%

    2.0.6 : 0%

This theme seems to be proprietary. Themecheck doesn't distribute commercial themes.
Critical alerts
  1. Customizer : Sanitization of Customizer settings Found a Customizer setting that did not have a sanitization callback function in file typography.php. Every call to the add_setting() method needs to have a sanitization callback function passed.
  2. Title : Title The <title> tags can only contain a call to wp_title(). Use the wp_title filter to modify the output.
  3. Security breaches : Modification of PHP server settings Found ini_set in file ajax.php. 56: @ini_set( 'display_errors', 0 );Found ini_set in file demo-importer.php. 93: @ini_set( 'display_errors', 0 );
  4. Security breaches : Use of base64_decode() Found base64_decode in file profile-picture-field.php. 18: $value = base64_decode( str_replace( 'b64:', '', $value ), true );Found base64_decode in file file-field.php. 34: $value = base64_decode( str_replace( 'b64:', '', $value ), true );Found base64_decode in file schema.php. 61: $compiled_value = json_decode( base64_decode( $compiled_value ) );Found base64_decode in file updates.php. 134: $license = maybe_unserialize(base64_decode($license));Found base64_decode in file api-helpers.php. 4570: if( !function_exists('openssl_decrypt') ) return base64_decode($data);4578: list($encrypted_data, $iv) = explode('::', base64_decode($data), 2);
  5. Security breaches : Use of base64_encode() Found base64_encode in file file.php.
     value='<?php echo esc_attr( 'b64:'.base64_encode( $file ) ) ?>'>
    Found base64_encode in file uploaded-file-html.php.
     <input type='hidden' class='input-text' name='<?php echo esc_attr( $name ) ?>' value='<?php echo esc_attr( 'b64:'.base64_encode( $value ) ) ?>'>
    Found base64_encode in file file-upload-endpoint.php.
     $uploaded_file->encoded_guid = 'b64:'.base64_encode( $uploaded_file->guid );
    Found base64_encode in file schema.php.
     $value = $this->hash . base64_encode( json_encode( $value ) );
    Found base64_encode in file init.php.
     $response['encoded_guid'] = 'b64:'.base64_encode( $response['guid'] );
    Found base64_encode in file updates.php.
     $value = base64_encode(maybe_serialize($data));
    Found base64_encode in file api-helpers.php.
     if( !function_exists('openssl_encrypt') ) return base64_encode($data);
     return base64_encode($encrypted_data . '::' . $iv);
  6. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe src="https://my.timekit.io/<?php echo esc_attr( $timekitID ) ?> in file bookings.php. 49: <iframe src='https://my.timekit.io/<?php echo esc_attr( $timekitID ) ?>' frFound <iframe src="<?php echo esc_attr( $video['url'] ) ?> in file video-block.php. 30: <iframe src='<?php echo esc_attr( $video['url'] ) ?>' frameborder='0' allowFound <iframe src="<?php echo esc_attr( $video['url'] ) ?> in file video-block.php. 31: <iframe src='<?php echo esc_attr( $video['url'] ) ?>' frameborder='0' allow
  7. Malware : Operations on file system file_get_contents was found in the file admin.php 249: $doc_contents = file_get_contents( $doc_file );file_get_contents was found in the file preview-card-utils.php 41: return apply_filters( 'mylisting/get-preview-card-cache', file_get_contents( $filepath ), $listing_id );fopen was found in the file preview-card-utils.php 69: $fp = fopen( trailingslashit( $dir ).$listing_id.'.html', 'wb' );fwrite was found in the file preview-card-utils.php 70: fwrite( $fp, \MyListing\minify_html( $content ) );fclose was found in the file preview-card-utils.php 71: fclose( $fp );file_put_contents was found in the file utils.php 279: file_put_contents( trailingslashit( $upload_dir['basedir'] ) . 'mylisting-dfile_get_contents was found in the file import-media.php 20: $upload = wp_upload_bits( $filename, null, file_get_contents( $filepath ) );file_get_contents was found in the file demo-importer-utils.php 60: $raw_contents = file_get_contents( uploads_dir( 'mylisting-demo-data/'.$file ) );file_get_contents was found in the file admin-field-groups.php 650: $local_field_group = json_decode( file_get_contents( $files[ $key ] ), true );file_get_contents was found in the file class-acf-admin-tool-import.php 102: $json = file_get_contents( $file['tmp_name'] );file_get_contents was found in the file class-acf-ajax-local-json-diff.php 53: $local_field_group = json_decode( file_get_contents( $files[ $key ] ), true );file_get_contents was found in the file local-json.php 120: $json = json_decode( file_get_contents( $file ), true );165: $json = json_decode( file_get_contents( $file ), true );file_get_contents was found in the file local-json.php 120: $json = json_decode( file_get_contents( $file ), true );165: $json = json_decode( file_get_contents( $file ), true );file_put_contents was found in the file local-json.php 223: $result = file_put_contents( $file, acf_json_encode( $field_group ) );file_get_contents was found in the file assets.php 305: preg_replace( '/\s+/S', ' ', file_get_contents( locate_template( 'assets/dynamic/element-queries'.$suffi
  8. Admin menu : Themes should use add_theme_page() for adding admin pages. File reports-screen.php : 53: add_submenu_page(File view-claims-screen.php : 43: add_submenu_page(File settings-screen.php : 76: add_action( 'admin_menu', [ $this, 'add_settings_page' ], 20 );98: public function add_settings_page() {File settings-screen.php : 99: add_submenu_page(File bookmarks.php : 20: \MyListing\add_dashboard_page( [File wcpl-importer.php : 24: add_action( 'admin_menu', [ $this, 'add_migration_page' ], 999 );35: public function add_migration_page() {File wcpl-importer.php : 37: add_submenu_page(File user-packages.php : 186: add_submenu_page(File claims.php : 40: \MyListing\add_dashboard_page( [File post-duplicate-endpoint.php : 32: $add_listing_page = c27()->get_setting( 'general_add_listing_page' );36: ], $add_listing_page );File post-duplicate-endpoint.php : 32: $add_listing_page = c27()->get_setting( 'general_add_listing_page' );36: ], $add_listing_page );File map-services.php : 39: add_action( 'admin_menu', [ $this, 'add_settings_page' ], 50 );63: public function add_settings_page() {File map-services.php : 64: add_submenu_page(File listing-stats.php : 51: add_action( 'admin_menu', [ $this, 'add_settings_page' ], 50 );61: public function add_settings_page() {File listing-stats.php : 62: add_submenu_page(File theme-options.php : 31: add_submenu_page(File shortcodes.php : 15: add_action( 'admin_menu', [ $this, 'add_shortcodes_page' ], 50 );27: public function add_shortcodes_page() {File promotions-admin-controller.php : 28: add_submenu_page(File promotions-dashboard-controller.php : 126: \MyListing\add_dashboard_page( [File dashboard-listings-controller.php : 227: $add_listing_page = c27()->get_setting( 'general_add_listing_page' );242: ], $add_listing_page );File dashboard-listings-controller.php : 227: $add_listing_page = c27()->get_setting( 'general_add_listing_page' );242: ], $add_listing_page );File user-roles-controller.php : 27: add_submenu_page(File onboarding.php : 18: add_submenu_page(File advanced-custom-fields.php : 31: add_action( 'mylisting/init', [ $this, 'add_integrations_page' ] );72: public function add_integrations_page() {File admin-options-page.php : 67: $slug = add_menu_page( $page['page_title'], $page['menu_title'], $page['capability'File admin-options-page.php : 72: $slug = add_submenu_page( $page['parent_slug'], $page['page_title'], $page['menu_tiFile admin-updates.php : 118: $page = add_submenu_page( 'edit.php?post_type=acf-field-group', __('Updates','acf')File options-page.php : 148: * add_sub_page160: function add_sub_page( $page ) {332: * alias of acf_options_page()->add_sub_page()346: return acf_options_page()->add_sub_page( $page );File admin-tools.php : 116: $page = add_submenu_page('edit.php?post_type=acf-field-group', __('Tools','acf'), _File admin.php : 48: add_menu_page( __('Custom Fields','acf'), __('Custom Fields','acf'), $cap, File admin.php : 49: add_submenu_page( $slug, __('Field Groups','acf'), __('Field Groups','acf')50: add_submenu_page( $slug, __('Add New','acf'), __('Add New','acf'), $cap, 'pFile admin.php : 49: add_submenu_page( $slug, __('Field Groups','acf'), __('Field Groups','acf')50: add_submenu_page( $slug, __('Add New','acf'), __('Add New','acf'), $cap, 'pFile admin-upgrade.php : 49: $page = add_submenu_page('index.php', __('Upgrade Database','acf'), __('Upgrade Dat109: $page = add_submenu_page(File admin-upgrade.php : 49: $page = add_submenu_page('index.php', __('Upgrade Database','acf'), __('Upgrade Dat109: $page = add_submenu_page(File buddypress.php : 27: add_action( 'bp_setup_nav', [ $this, 'add_listings_page' ] );63: public function add_listings_page() {File custom-taxonomies.php : 29: add_action( 'admin_menu', [ $this, 'add_settings_page' ], 30 );167: public function add_settings_page() {File custom-taxonomies.php : 168: add_submenu_page(File simple-products.php : 210: \MyListing\add_dashboard_page( [219: \MyListing\add_dashboard_page( [File simple-products.php : 210: \MyListing\add_dashboard_page( [219: \MyListing\add_dashboard_page( [
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in assets.php. Themes must not deregister core scripts. 166: * Select2 - first use wp_deregister_script to unset select2 loaded169: wp_deregister_script( 'select2' );
  2. theme tags : Presence of bad theme tagsFound wrong tag custom-logo in style.css header.
  3. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function _e, with the arguments 'Use this option to display the date in a box layout, if possible. Otherwise, it will be plain text.' in file format.php.Found a translation function that is missing a text-domain. Function esc_html_e, with the arguments 'View All Packages.' in file wcpl-importer.php.Found a translation function that is missing a text-domain. Function _e, with the arguments 'IMPORTANT: Please backup all your database before performing this action.' in file wcpl-importer.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Block type "%s" is already registered.' in file blocks.php.Found a translation function that is missing a text-domain. Function _n, with the arguments 'layout', 'layouts' in file class-acf-field-flexible-content.php.Found a translation function that is missing a text-domain. Function _n, with the arguments 'layout', 'layouts' in file class-acf-field-flexible-content.php.Found a translation function that has an incorrect number of arguments. Function _n, with the arguments '%s requires at least %s selection', '%s requires at least %s selections', min, 'acf' in file class-acf-field-gallery.php.Found a translation function that has an incorrect number of arguments. Function _n, with the arguments '%s requires at least %s selection', '%s requires at least %s selections', min, 'acf' in file class-acf-field-relationship.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Clear' in file class-acf-field-color_picker.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Clear color' in file class-acf-field-color_picker.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Default' in file class-acf-field-color_picker.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Select default color' in file class-acf-field-color_picker.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Select Color' in file class-acf-field-color_picker.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Color value' in file class-acf-field-color_picker.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Location type "%s" is already registered.' in file locations.php.Found a translation function that is missing a text-domain. Function __, with the arguments in file api-helpers.php.Found a translation function that is missing a text-domain. Function _x, with the arguments 'Taxonomy plural name', 'my-listing' in file custom-taxonomies.php.Found a translation function that is missing a text-domain. Function _x, with the arguments 'Taxonomy singular name', 'my-listing' in file custom-taxonomies.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'my-listing' in file custom-taxonomies.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'my-listing' in file messages.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are my-listing, acf, min, elementor.
  4. Plugin territory : Plugin territory functionalitiesThe theme uses the register_post_type() function, which is plugin-territory functionality.The theme uses the add_shortcode() function. Custom post-content shortcodes are plugin-territory functionality.
  5. PHP short tags : Presence of PHP short tagsPHP short tags were found in file tracks.php. "This practice is discouraged because they are only available if enabled with short_open_tag php.ini configuration file directive, or if PHP was configured with the --enable-short-tags option" (php.net), which is not the case on many servers.20: <em><?= _x( 'No click stats recorded yet.', 'stats', 'my-listing' ) ?></em>PHP short tags were found in file tracks-by-type.php. "This practice is discouraged because they are only available if enabled with short_open_tag php.ini configuration file directive, or if PHP was configured with the --enable-short-tags option" (php.net), which is not the case on many servers.13: <li><strong><?= esc_html( $track_group['label'] ) ?></strong></li>23: <em><?= _x( 'No click stats recorded yet.', 'stats', 'my-listing' ) ?></em>PHP short tags were found in file parsedown.php. "This practice is discouraged because they are only available if enabled with short_open_tag php.ini configuration file directive, or if PHP was configured with the --enable-short-tags option" (php.net), which is not the case on many servers.829: if (preg_match('/^\[(.+?)\]:[ ]*<?(\S+?)>?(?:[ ]+['\'(](.+)['\')])?[ ]*$/', $Line['text'], $matches))
  6. Hidden admin bar : Hidden admin Bar in CSSThemes should not hide admin bar. Detected in file frontend.css.
  7. Custom elements : Presence of custom headerNo reference to custom header was found in the theme.
  8. I18N implementation : Proper use of _e(Possible variable $div found in translation function in class-acf-field-repeater.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in class-acf-field-repeater.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in class-acf-field-clone.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-flexible-content.php. Translation function calls should not contain PHP variables. Possible variable $atts found in translation function in class-acf-field-flexible-content.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in class-acf-field-flexible-content.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in class-acf-field-gallery.php. Translation function calls should not contain PHP variables. Possible variable $attributes found in translation function in field-group-field-conditional-logic.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-date_picker.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-date_time_picker.php. Translation function calls should not contain PHP variables. Possible variable $atts found in translation function in class-acf-field-group.php. Translation function calls should not contain PHP variables. Possible variable $wrap found in translation function in class-acf-field-wysiwyg.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-file.php. Translation function calls should not contain PHP variables. Possible variable $atts found in translation function in class-acf-field-tab.php. Translation function calls should not contain PHP variables. Possible variable $atts found in translation function in class-acf-field-accordion.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-taxonomy.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-link.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in class-acf-field-google-map.php. Translation function calls should not contain PHP variables. Possible variable $atts found in translation function in class-acf-field-relationship.php. Translation function calls should not contain PHP variables. Possible variable $atts found in translation function in class-acf-field-oembed.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-time_picker.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in acf-input-functions.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in acf-input-functions.php. Translation function calls should not contain PHP variables.
  9. I18N implementation : Proper use of ___all(Possible variable $string found in translation function in api-helpers.php. Translation function calls should not contain PHP variables. Possible variable $title found in translation function in custom-taxonomies.php. Translation function calls should not contain PHP variables. Possible variable $name found in translation function in messages.php. Translation function calls should not contain PHP variables.
  10. I18N implementation : Proper use of _x(Possible variable $title found in translation function in custom-taxonomies.php. Translation function calls should not contain PHP variables. Possible variable $title found in translation function in custom-taxonomies.php. Translation function calls should not contain PHP variables.
  11. I18N implementation : Proper use of _ex(Possible variable $product found in translation function in choose-promotion.php. Translation function calls should not contain PHP variables. Possible variable $duration found in translation function in choose-promotion.php. Translation function calls should not contain PHP variables.
  12. I18N implementation : Proper use of esc_attr_e(Possible variable $div found in translation function in class-acf-field-repeater.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in class-acf-field-repeater.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in class-acf-field-clone.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-flexible-content.php. Translation function calls should not contain PHP variables. Possible variable $atts found in translation function in class-acf-field-flexible-content.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in class-acf-field-flexible-content.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in class-acf-field-gallery.php. Translation function calls should not contain PHP variables. Possible variable $attributes found in translation function in field-group-field-conditional-logic.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-date_picker.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-date_time_picker.php. Translation function calls should not contain PHP variables. Possible variable $atts found in translation function in class-acf-field-group.php. Translation function calls should not contain PHP variables. Possible variable $wrap found in translation function in class-acf-field-wysiwyg.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-file.php. Translation function calls should not contain PHP variables. Possible variable $atts found in translation function in class-acf-field-tab.php. Translation function calls should not contain PHP variables. Possible variable $atts found in translation function in class-acf-field-accordion.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-taxonomy.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-link.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in class-acf-field-google-map.php. Translation function calls should not contain PHP variables. Possible variable $atts found in translation function in class-acf-field-relationship.php. Translation function calls should not contain PHP variables. Possible variable $atts found in translation function in class-acf-field-oembed.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-time_picker.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in acf-input-functions.php. Translation function calls should not contain PHP variables.
  13. I18N implementation : Proper use of esc_html___all(Possible variable $name found in translation function in messages.php. Translation function calls should not contain PHP variables.
  14. Featured image : Use of the_post_thumbnail() instead of custom fields for thumbnailsNo reference to the_post_thumbnail was found in the theme.
  15. Date and time implementation : Use of date_i18n()At least one hard coded date was found in the file class-acf-field-date_picker.php. Function get_option( 'date_format' ) should be used instead.
  16. Screenshot : Screenshot fileBad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  2. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  3. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  4. Optional files : Presence of category template file category.phpThis theme does not contain optional file category.php.
  5. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  6. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  7. Optional files : Presence of search results template file search.phpThis theme does not contain optional file search.php.
  8. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  9. Use of includes : Use of include or requireThe theme appears to use include or require : base-field.php 42: If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : helpers.php 171: include_once( ABSPATH . 'wp-admin/includes/file.php' );172: include_once( ABSPATH . 'wp-admin/includes/media.php' );173: include_once( ABSPATH . 'wp-admin/includes/image.php' ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : blocks.php 390: include( $path ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : acf.php 101: include_once( ACF_PATH . 'includes/acf-utility-functions.php'); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : api-helpers.php 454: include( $path );2923: //require_once( ABSPATH . '/wp-load.php' ); // WP should already be loaded2924: require_once( ABSPATH . '/wp-admin/includes/media.php' ); // video function2925: require_once( ABSPATH . '/wp-admin/includes/file.php' );2926: require_once( ABSPATH . '/wp-admin/includes/image.php' );4218: include_once( ABSPATH . 'wp-admin/includes/plugin.php' ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : acf-utility-functions.php 156: include_once($file_path); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : messages.php 884: require_once( ABSPATH . 'wp-admin/includes/upgrade.php' ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : reviews.php 461: require_once( ABSPATH . 'wp-admin/includes/image.php' );462: require_once( ABSPATH . 'wp-admin/includes/file.php' );463: require_once( ABSPATH . 'wp-admin/includes/media.php' ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes