0
Validation results

My Listing

My Listing

WordPress 6.7 theme
0
  • THEME TYPEWordPress theme 6.7
  • FILE NAMEmy-listing.zip
  • FILE SIZE5633025 bytes
  • MD5212b71fb7bca51c450422708c30914bb
  • SHA1b9d63e04e21bc34808818b441abde1d2dc7acc43
  • LICENSEGNU GPL 2
  • FILES INCLUDEDCSS, PHP, Bitmap images
  • VERSION2.9.2
  • AUTHOR URI
  • TAGSone-column, two-columns, three-columns, left-sidebar, right-sidebar, grid-layout, custom-menu, custom-logo, featured-images, footer-widgets, full-width-template, sticky-post, theme-options, threaded-comments, translation-ready
  • CREATION DATE2022-06-04
  • LAST FILE UPDATE2022-12-02
  • LAST VALIDATION2022-12-02 17:41
  • OTHER VERSIONS

    2.9.10 : 0%

    2.8 : 0%

    2.6.6 : 0%

    2.6.4 : 0%

    2.4.6 : 0%

    2.4.4 : 0%

    2.4.2 : 0%

    2.1.7 : 0%

    2.0.6 : 0%

This theme seems to be proprietary. Themecheck doesn't distribute commercial themes.
Critical alerts
  1. Customizer : Sanitization of Customizer settings Found a Customizer setting that did not have a sanitization callback function in file typography.php. Every call to the add_setting() method needs to have a sanitization callback function passed.
  2. Title : Title The <title> tags can only contain a call to wp_title(). Use the wp_title filter to modify the output.
  3. Widgets : Widgets Sidebars need to be registered in a custom function hooked to the widgets_init action. See: register_sidebar().
  4. Security breaches : Modification of PHP server settings Found ini_set in file ajax.php. 56: @ini_set( 'display_errors', 0 );Found ini_set in file demo-importer.php. 93: @ini_set( 'display_errors', 0 );
  5. Security breaches : Use of base64_decode() Found base64_decode in file profile-picture-field.php. 18: $value = base64_decode( str_replace( 'b64:', '', $value ), true );Found base64_decode in file file-field.php. 34: $value = base64_decode( str_replace( 'b64:', '', $value ), true );Found base64_decode in file schema.php. 61: $compiled_value = json_decode( base64_decode( $compiled_value ) );Found base64_decode in file updates.php. 306: $license = maybe_unserialize( base64_decode( $license ) );Found base64_decode in file api-helpers.php. 4369: return base64_decode( $data );4376: list($encrypted_data, $iv) = explode( '::', base64_decode( $data ), 2 );
  6. Security breaches : Use of base64_encode() Found base64_encode in file file.php. 
     value='<?php echo esc_attr( 'b64:'.base64_encode( $file ) ) ?>'>
    Found base64_encode in file uploaded-file-html.php. 
     <input type='hidden' class='input-text' name='<?php echo esc_attr( $name ) ?>' value='<?php echo esc_attr( 'b64:'.base64_encode( $value ) ) ?>'>
    Found base64_encode in file file-upload-endpoint.php. 
     $uploaded_file->encoded_guid = 'b64:'.base64_encode( $uploaded_file->guid );
    Found base64_encode in file schema.php. 
     $value = $this->hash . base64_encode( json_encode( $value ) );
    Found base64_encode in file init.php. 
     $response['encoded_guid'] = 'b64:'.base64_encode( $response['guid'] );
    Found base64_encode in file updates.php. 
     $value = base64_encode( maybe_serialize( $data ) );
    Found base64_encode in file api-helpers.php. 
     return base64_encode( $data );
     return base64_encode( $encrypted_data . '::' . $iv );
  7. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe src="https://my.timekit.io/<?php echo esc_attr( $timekitID ) ?> in file bookings.php. 49: <iframe src='https://my.timekit.io/<?php echo esc_attr( $timekitID ) ?>' frFound <iframe src="<?php echo esc_attr( $video['url'] ) ?> in file video-block.php. 30: <iframe src='<?php echo esc_attr( $video['url'] ) ?>' frameborder='0' allowFound <iframe src="<?php echo esc_attr( $video['url'] ) ?> in file video-block.php. 31: <iframe src='<?php echo esc_attr( $video['url'] ) ?>' frameborder='0' allow
  8. Malware : Operations on file system file_get_contents was found in the file admin.php 250: $doc_contents = file_get_contents( $doc_file );file_get_contents was found in the file preview-card-utils.php 41: return apply_filters( 'mylisting/get-preview-card-cache', file_get_contents( $filepath ), $listing_id );fopen was found in the file preview-card-utils.php 69: $fp = fopen( trailingslashit( $dir ).$listing_id.'.html', 'wb' );fwrite was found in the file preview-card-utils.php 70: fwrite( $fp, \MyListing\minify_html( $content ) );fclose was found in the file preview-card-utils.php 71: fclose( $fp );file_put_contents was found in the file utils.php 279: file_put_contents( trailingslashit( $upload_dir['basedir'] ) . 'mylisting-dfile_get_contents was found in the file import-media.php 20: $upload = wp_upload_bits( $filename, null, file_get_contents( $filepath ) );file_get_contents was found in the file demo-importer-utils.php 60: $raw_contents = file_get_contents( uploads_dir( 'mylisting-demo-data/'.$file ) );file_get_contents was found in the file admin-field-groups.php 654: $local_field_group = json_decode( file_get_contents( $files[ $key ] ), true );file_get_contents was found in the file class-acf-admin-tool-import.php 106: $json = file_get_contents( $file['tmp_name'] );file_get_contents was found in the file class-acf-ajax-local-json-diff.php 55: $local_field_group = json_decode( file_get_contents( $files[ $key ] ), true );file_get_contents was found in the file local-json.php 122: $json = json_decode( file_get_contents( $file ), true );167: $json = json_decode( file_get_contents( $file ), true );file_get_contents was found in the file local-json.php 122: $json = json_decode( file_get_contents( $file ), true );167: $json = json_decode( file_get_contents( $file ), true );file_put_contents was found in the file local-json.php 225: $result = file_put_contents( $file, acf_json_encode( $field_group ) );
  9. Admin menu : Themes should use add_theme_page() for adding admin pages. File reports-screen.php : 53: add_submenu_page(File view-claims-screen.php : 43: add_submenu_page(File settings-screen.php : 76: add_action( 'admin_menu', [ $this, 'add_settings_page' ], 20 );98: public function add_settings_page() {File settings-screen.php : 99: add_submenu_page(File bookmarks.php : 20: \MyListing\add_dashboard_page( [File wcpl-importer.php : 24: add_action( 'admin_menu', [ $this, 'add_migration_page' ], 999 );35: public function add_migration_page() {File wcpl-importer.php : 37: add_submenu_page(File user-packages.php : 186: add_submenu_page(File claims.php : 40: \MyListing\add_dashboard_page( [File post-duplicate-endpoint.php : 32: $add_listing_page = c27()->get_setting( 'general_add_listing_page' );36: ], $add_listing_page );File post-duplicate-endpoint.php : 32: $add_listing_page = c27()->get_setting( 'general_add_listing_page' );36: ], $add_listing_page );File map-services.php : 39: add_action( 'admin_menu', [ $this, 'add_settings_page' ], 50 );63: public function add_settings_page() {File map-services.php : 64: add_submenu_page(File listing-stats.php : 51: add_action( 'admin_menu', [ $this, 'add_settings_page' ], 50 );61: public function add_settings_page() {File listing-stats.php : 62: add_submenu_page(File theme-options.php : 31: add_submenu_page(File shortcodes.php : 15: add_action( 'admin_menu', [ $this, 'add_shortcodes_page' ], 50 );27: public function add_shortcodes_page() {File promotions-admin-controller.php : 28: add_submenu_page(File promotions-dashboard-controller.php : 126: \MyListing\add_dashboard_page( [File dashboard-listings-controller.php : 227: $add_listing_page = c27()->get_setting( 'general_add_listing_page' );242: ], $add_listing_page );File dashboard-listings-controller.php : 227: $add_listing_page = c27()->get_setting( 'general_add_listing_page' );242: ], $add_listing_page );File user-roles-controller.php : 27: add_submenu_page(File onboarding.php : 18: add_submenu_page(File advanced-custom-fields.php : 31: add_action( 'mylisting/init', [ $this, 'add_integrations_page' ] );72: public function add_integrations_page() {File admin-options-page.php : 68: $slug = add_menu_page( $page['page_title'], $page['menu_title'], $page['capability'File admin-options-page.php : 73: $slug = add_submenu_page( $page['parent_slug'], $page['page_title'], $page['menu_tiFile admin-updates.php : 122: $page = add_submenu_page( 'edit.php?post_type=acf-field-group', __( 'Updates', 'acfFile options-page.php : 152: * add_sub_page164: function add_sub_page( $page ) {331: * alias of acf_options_page()->add_sub_page()345: return acf_options_page()->add_sub_page( $page );File admin-tools.php : 119: $page = add_submenu_page( 'edit.php?post_type=acf-field-group', __( 'Tools', 'acf' File admin.php : 49: add_menu_page( __( 'Custom Fields', 'acf' ), __( 'Custom Fields', 'acf' ), File admin.php : 50: add_submenu_page( $slug, __( 'Field Groups', 'acf' ), __( 'Field Groups', '51: add_submenu_page( $slug, __( 'Add New', 'acf' ), __( 'Add New', 'acf' ), $cFile admin.php : 50: add_submenu_page( $slug, __( 'Field Groups', 'acf' ), __( 'Field Groups', '51: add_submenu_page( $slug, __( 'Add New', 'acf' ), __( 'Add New', 'acf' ), $cFile admin-upgrade.php : 51: $page = add_submenu_page( 'index.php', __( 'Upgrade Database', 'acf' ), __( 'Upgrad111: $page = add_submenu_page(File admin-upgrade.php : 51: $page = add_submenu_page( 'index.php', __( 'Upgrade Database', 'acf' ), __( 'Upgrad111: $page = add_submenu_page(File buddypress.php : 27: add_action( 'bp_setup_nav', [ $this, 'add_listings_page' ] );63: public function add_listings_page() {File custom-taxonomies.php : 29: add_action( 'admin_menu', [ $this, 'add_settings_page' ], 30 );167: public function add_settings_page() {File custom-taxonomies.php : 168: add_submenu_page(File simple-products.php : 210: \MyListing\add_dashboard_page( [219: \MyListing\add_dashboard_page( [File simple-products.php : 210: \MyListing\add_dashboard_page( [219: \MyListing\add_dashboard_page( [
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in assets.php. Themes must not deregister core scripts. 226: * Select2 - first use wp_deregister_script to unset select2 loaded229: wp_deregister_script( 'select2' );
  2. theme tags : Presence of bad theme tagsFound wrong tag custom-logo in style.css header.
  3. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function _e, with the arguments 'Use this option to display the date in a box layout, if possible. Otherwise, it will be plain text.' in file format.php.Found a translation function that is missing a text-domain. Function esc_html_e, with the arguments 'View All Packages.' in file wcpl-importer.php.Found a translation function that is missing a text-domain. Function _e, with the arguments 'IMPORTANT: Please backup all your database before performing this action.' in file wcpl-importer.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Block type "%s" is already registered.' in file blocks.php.Found a translation function that is missing a text-domain. Function _n, with the arguments 'layout', 'layouts' in file class-acf-field-flexible-content.php.Found a translation function that is missing a text-domain. Function _n, with the arguments 'layout', 'layouts' in file class-acf-field-flexible-content.php.Found a translation function that has an incorrect number of arguments. Function _n, with the arguments '%1$s must contain at least %2$s %3$s layout.', '%1$s must contain at least %2$s %3$s layouts.', min, 'acf' in file class-acf-field-flexible-content.php.Found a translation function that has an incorrect number of arguments. Function _n, with the arguments '%1$s must contain at most %2$s %3$s layout.', '%1$s must contain at most %2$s %3$s layouts.', max, 'acf' in file class-acf-field-flexible-content.php.Found a translation function that has an incorrect number of arguments. Function _n, with the arguments '%1$s requires at least %2$s selection', '%1$s requires at least %2$s selections', min, 'acf' in file class-acf-field-gallery.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'acf' in file class-acf-rest-api.php.Found a translation function that has an incorrect number of arguments. Function _n, with the arguments '%1$s requires at least %2$s selection', '%1$s requires at least %2$s selections', min, 'acf' in file class-acf-field-relationship.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Clear' in file class-acf-field-color_picker.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Clear color' in file class-acf-field-color_picker.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Default' in file class-acf-field-color_picker.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Select default color' in file class-acf-field-color_picker.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Select Color' in file class-acf-field-color_picker.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Color value' in file class-acf-field-color_picker.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Location type "%s" is already registered.' in file locations.php.Found a translation function that is missing a text-domain. Function __, with the arguments in file api-helpers.php.Found a translation function that is missing a text-domain. Function _x, with the arguments 'Taxonomy plural name', 'my-listing' in file custom-taxonomies.php.Found a translation function that is missing a text-domain. Function _x, with the arguments 'Taxonomy singular name', 'my-listing' in file custom-taxonomies.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'my-listing' in file custom-taxonomies.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'my-listing' in file messages.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are my-listing, acf, min, max, role, post_type, taxonomy, elementor.
  4. Plugin territory : Plugin territory functionalitiesThe theme uses the register_post_type() function, which is plugin-territory functionality.The theme uses the add_shortcode() function. Custom post-content shortcodes are plugin-territory functionality.
  5. PHP short tags : Presence of PHP short tagsPHP short tags were found in file tracks.php. "This practice is discouraged because they are only available if enabled with short_open_tag php.ini configuration file directive, or if PHP was configured with the --enable-short-tags option" (php.net), which is not the case on many servers.20: <em><?= _x( 'No click stats recorded yet.', 'stats', 'my-listing' ) ?></em>PHP short tags were found in file tracks-by-type.php. "This practice is discouraged because they are only available if enabled with short_open_tag php.ini configuration file directive, or if PHP was configured with the --enable-short-tags option" (php.net), which is not the case on many servers.13: <li><strong><?= esc_html( $track_group['label'] ) ?></strong></li>23: <em><?= _x( 'No click stats recorded yet.', 'stats', 'my-listing' ) ?></em>PHP short tags were found in file parsedown.php. "This practice is discouraged because they are only available if enabled with short_open_tag php.ini configuration file directive, or if PHP was configured with the --enable-short-tags option" (php.net), which is not the case on many servers.829: if (preg_match('/^\[(.+?)\]:[ ]*<?(\S+?)>?(?:[ ]+['\'(](.+)['\')])?[ ]*$/', $Line['text'], $matches))
  6. Hidden admin bar : Hidden admin Bar in CSSThemes should not hide admin bar. Detected in file frontend.css.
  7. Custom elements : Presence of custom headerNo reference to custom header was found in the theme.
  8. I18N implementation : Proper use of _e(Possible variable $taxonomy_label found in translation function in quick-view.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-repeater.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in class-acf-field-repeater.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in class-acf-field-clone.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-flexible-content.php. Translation function calls should not contain PHP variables. Possible variable $atts found in translation function in class-acf-field-flexible-content.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in class-acf-field-flexible-content.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in class-acf-field-gallery.php. Translation function calls should not contain PHP variables. Possible variable $attributes found in translation function in field-group-field-conditional-logic.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-date_picker.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-date_time_picker.php. Translation function calls should not contain PHP variables. Possible variable $atts found in translation function in class-acf-field-group.php. Translation function calls should not contain PHP variables. Possible variable $wrap found in translation function in class-acf-field-wysiwyg.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-file.php. Translation function calls should not contain PHP variables. Possible variable $atts found in translation function in class-acf-field-tab.php. Translation function calls should not contain PHP variables. Possible variable $atts found in translation function in class-acf-field-accordion.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-taxonomy.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-link.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in class-acf-field-google-map.php. Translation function calls should not contain PHP variables. Possible variable $atts found in translation function in class-acf-field-relationship.php. Translation function calls should not contain PHP variables. Possible variable $atts found in translation function in class-acf-field-oembed.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-time_picker.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in acf-input-functions.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in acf-input-functions.php. Translation function calls should not contain PHP variables.
  9. I18N implementation : Proper use of ___all(Possible variable $object found in translation function in class-acf-rest-api.php. Translation function calls should not contain PHP variables. Possible variable $string found in translation function in api-helpers.php. Translation function calls should not contain PHP variables. Possible variable $title found in translation function in custom-taxonomies.php. Translation function calls should not contain PHP variables. Possible variable $name found in translation function in messages.php. Translation function calls should not contain PHP variables.
  10. I18N implementation : Proper use of _x(Possible variable $title found in translation function in custom-taxonomies.php. Translation function calls should not contain PHP variables. Possible variable $title found in translation function in custom-taxonomies.php. Translation function calls should not contain PHP variables.
  11. I18N implementation : Proper use of _ex(Possible variable $product found in translation function in choose-promotion.php. Translation function calls should not contain PHP variables. Possible variable $duration found in translation function in choose-promotion.php. Translation function calls should not contain PHP variables.
  12. I18N implementation : Proper use of esc_attr_e(Possible variable $div found in translation function in class-acf-field-repeater.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in class-acf-field-repeater.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in class-acf-field-clone.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-flexible-content.php. Translation function calls should not contain PHP variables. Possible variable $atts found in translation function in class-acf-field-flexible-content.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in class-acf-field-flexible-content.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in class-acf-field-gallery.php. Translation function calls should not contain PHP variables. Possible variable $attributes found in translation function in field-group-field-conditional-logic.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-date_picker.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-date_time_picker.php. Translation function calls should not contain PHP variables. Possible variable $atts found in translation function in class-acf-field-group.php. Translation function calls should not contain PHP variables. Possible variable $wrap found in translation function in class-acf-field-wysiwyg.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-file.php. Translation function calls should not contain PHP variables. Possible variable $atts found in translation function in class-acf-field-tab.php. Translation function calls should not contain PHP variables. Possible variable $atts found in translation function in class-acf-field-accordion.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-taxonomy.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-link.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in class-acf-field-google-map.php. Translation function calls should not contain PHP variables. Possible variable $atts found in translation function in class-acf-field-relationship.php. Translation function calls should not contain PHP variables. Possible variable $atts found in translation function in class-acf-field-oembed.php. Translation function calls should not contain PHP variables. Possible variable $div found in translation function in class-acf-field-time_picker.php. Translation function calls should not contain PHP variables. Possible variable $attrs found in translation function in acf-input-functions.php. Translation function calls should not contain PHP variables.
  13. I18N implementation : Proper use of esc_html___all(Possible variable $name found in translation function in messages.php. Translation function calls should not contain PHP variables.
  14. Featured image : Use of the_post_thumbnail() instead of custom fields for thumbnailsNo reference to the_post_thumbnail was found in the theme.
  15. Date and time implementation : Use of date_i18n()At least one hard coded date was found in the file class-acf-field-date_picker.php. Function get_option( 'date_format' ) should be used instead.
  16. Screenshot : Screenshot fileBad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  2. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  3. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  4. Optional files : Presence of category template file category.phpThis theme does not contain optional file category.php.
  5. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  6. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  7. Optional files : Presence of search results template file search.phpThis theme does not contain optional file search.php.
  8. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  9. Use of includes : Use of include or requireThe theme appears to use include or require : base-field.php 42: If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : helpers.php 178: include_once( ABSPATH . 'wp-admin/includes/file.php' );179: include_once( ABSPATH . 'wp-admin/includes/media.php' );180: include_once( ABSPATH . 'wp-admin/includes/image.php' ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : api-helpers.php 2790: // require_once( ABSPATH . '/wp-load.php' ); // WP should already be loaded If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : messages.php 884: require_once( ABSPATH . 'wp-admin/includes/upgrade.php' ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : reviews.php 461: require_once( ABSPATH . 'wp-admin/includes/image.php' );462: require_once( ABSPATH . 'wp-admin/includes/file.php' );463: require_once( ABSPATH . 'wp-admin/includes/media.php' ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes
95

WordPress 6.7 theme

78

WordPress 6.7 theme

99

WordPress 6.7 theme