11
Validation results

Gridlove

Gridlove

WordPress 5.0.3 theme
11
Critical alerts
  1. Customizer : Sanitization of Customizer settings Found a Customizer setting that did not have a sanitization callback function in file extension_customizer.php. Every call to the add_setting() method needs to have a sanitization callback function passed.
  2. Malware : Operations on file system file_get_contents was found in the file parsers.php
    Line 66: $success = $dom->loadXML( file_get_contents( $file ) );
    Line 269: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) {
    file_get_contents was found in the file parsers.php
    Line 66: $success = $dom->loadXML( file_get_contents( $file ) );
    Line 269: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) {
    fopen was found in the file parsers.php
    Line 415: $fp = $this->fopen( $file, 'r' );
    Line 641: function fopen( $filename, $mode = 'r' ) {
    Line 644: return fopen( $filename, $mode );
    fclose was found in the file parsers.php
    Line 464: $this->fclose($fp);
    Line 659: function fclose( $fp ) {
    Line 662: return fclose( $fp );
    fopen was found in the file parsers.php
    Line 415: $fp = $this->fopen( $file, 'r' );
    Line 641: function fopen( $filename, $mode = 'r' ) {
    Line 644: return fopen( $filename, $mode );
    fopen was found in the file parsers.php
    Line 415: $fp = $this->fopen( $file, 'r' );
    Line 641: function fopen( $filename, $mode = 'r' ) {
    Line 644: return fopen( $filename, $mode );
    fclose was found in the file parsers.php
    Line 464: $this->fclose($fp);
    Line 659: function fclose( $fp ) {
    Line 662: return fclose( $fp );
    fclose was found in the file parsers.php
    Line 464: $this->fclose($fp);
    Line 659: function fclose( $fp ) {
    Line 662: return fclose( $fp );
    file_get_contents was found in the file radium-importer.php
    Line 266: $data = file_get_contents( $file );
    Line 339: $data = file_get_contents( $file );
    file_get_contents was found in the file radium-importer.php
    Line 266: $data = file_get_contents( $file );
    Line 339: $data = file_get_contents( $file );
    fopen was found in the file class.redux_helpers.php
    Line 657: //$fp = fopen( $file, 'r' );
    fread was found in the file class.redux_helpers.php
    Line 660: //$file_data = fread( $fp, 8192 );
    fclose was found in the file class.redux_helpers.php
    Line 663: //fclose( $fp );
  3. Admin menu : Themes should use add_theme_page() for adding admin pages. File framework.php :
    Line 1349: // wrappers and need to be appened to using add_submenu_page.
    Line 1400: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission
    Line 1458: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['t
    File framework.php :
    Line 1349: // wrappers and need to be appened to using add_submenu_page.
    Line 1400: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission
    Line 1458: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['t
    File framework.php :
    Line 1426: $this->page = call_user_func( 'add_menu_page', $this->args['page_title'], $this->args['menu_title'], $this
    File framework.php :
    Line 1349: // wrappers and need to be appened to using add_submenu_page.
    Line 1400: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission
    Line 1458: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['t
  4. Deprecated functions : wp_get_http wp_get_http found in file wordpress-importer.php. Deprecated since version 4.4. Use WP_Http instead.
    Line 906: $headers = wp_get_http( $url, $upload['file'] );
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in framework.php. Themes must not deregister core scripts.
    Line 565: wp_deregister_script( 'wpb_ace' );
    Found wp_deregister_script in enqueue.php. Themes must not deregister core scripts.
    Line 215: wp_deregister_script( 'jquerySelect2' );
  2. theme tags : Presence of bad theme tagsFound wrong tag in style.css header.
  3. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function esc_html_e, with the arguments 'gridlove' in file page.php.Found a translation function that is missing a text-domain. Function esc_html_e, with the arguments 'gridlove' in file page.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Name' in file extensions.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Email' in file extensions.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Website' in file extensions.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Save my name, email, and website in this browser for the next time I comment.' in file extensions.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are gridlove, tgmpa, redux-framework, framework, wordpress-importer, radium.
  4. Custom elements : Presence of custom headerNo reference to custom header was found in the theme.
  5. Custom elements : Presence of custom backgroundNo reference to custom background was found in the theme.
  6. Editor style : Presence of editor styleNo reference to add_editor_style() was found in the theme. It is recommended that the theme implements editor styling, so as to make the editor content match the resulting post output in the theme, for a better user experience.
  7. I18N implementation : Proper use of _e(Possible variable $name found in translation function in page.php. Translation function calls should not contain PHP variables.
    Line 1304: <label for='gridlove[authors][orderby]'><?php echo esc_html_e($name, 'gridlove'); ?></label><br>
    Possible variable $role found in translation function in page.php. Translation function calls should not contain PHP variables.
    Line 1320: <label for='gridlove[authors][roles]'><?php echo esc_html_e($role,'gridlove'); ?></label><br>
  8. I18N implementation : Proper use of esc_html_e(Possible variable $name found in translation function in page.php. Translation function calls should not contain PHP variables.
    Line 1304: <label for='gridlove[authors][orderby]'><?php echo esc_html_e($name, 'gridlove'); ?></label><br>
    Possible variable $role found in translation function in page.php. Translation function calls should not contain PHP variables.
    Line 1320: <label for='gridlove[authors][roles]'><?php echo esc_html_e($role,'gridlove'); ?></label><br>
  9. Screenshot : Screenshot fileBad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file helpers.php.
    Line 584: <span class='update-actions'>Version '.$current->response['gridlove']['new_version'].': <a href='http://mekshq.com/docs/gridlove-change-log' target='blank'>See what\'s new<
    Possible hard-coded links were found in the file options.php.
    Line 23: 'display_name'         => wp_kses( sprintf( __( 'Gridlove Options%sTheme Documentation%s', 'gridlove' ), '<a href='http://mekshq.com/documentation/gridlove' target='_blank'>', '</a>' ), wp_k
    Possible hard-coded links were found in the file options-fields.php.
    Line 601: 'default' =>  __( '<p style='text-align: center;'>Copyright &copy; {current_year}. Created by <a href='http://mekshq.com' target='_blank'>Meks</a>. Powered by <a href='http://www
    Line 2450: 'subtitle' => esc_html__( 'Paste specific WordPress language <a href='http://wpcentral.io/internationalization/' target='_blank'>locale code</a> 
    Line 2817: 'desc' => wp_kses( sprintf( __( 'Where can I find my %s?', 'gridlove' ), '<a href='http://themeforest.net/help/api' target='_blank'>API key</a>' ), wp_kses_al
    Possible hard-coded links were found in the file update-panel.php.
    Line 44: <a href='http://mekshq.com/docs/gridlove-change-log' target='_blank' class='button b
    Line 50: <a href='http://mekshq.com/contact' target='_blank' class='button button-primary but
  2. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  3. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  4. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  5. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  6. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  7. Optional files : Presence of archive template file archive.phpThis theme does not contain optional file archive.php.
  8. Optional files : Presence of search results template file search.phpThis theme does not contain optional file search.php.
  9. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  10. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  11. Use of includes : Use of include or requireThe theme appears to use include or require : template-modules.php
    Line 28: <?php include( locate_template('template-parts/modules/'.$module_template.'.php')
    Line 35: <?php include( locate_template('template-parts/modules/empty.php') ); ?>
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : index.php
    Line 29: <?php include( locate_template('template-parts/layouts/content-'. $grid[$i]['layo
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : related.php
    Line 19: <?php $post_col = $related_layout === 'b' ? 8 : 4; ?><?php include(locate_template('template-parts/layouts/content-' . $related_layout
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : cpt.php
    Line 21: <?php include( locate_template('template-parts/layouts/content-inject.php') ); ?>
    Line 30: <?php include( locate_template('template-parts/layouts/content-'. $grid[$i]['layo
    Line 37: <?php include( locate_template('template-parts/layouts/content-inject.php') ); ?>
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : posts.php
    Line 21: <?php include( locate_template('template-parts/layouts/content-inject.php') ); ?>
    Line 31: <?php include( locate_template('template-parts/layouts/content-'. $grid[$i]['layo
    Line 40: <?php include( locate_template('template-parts/layouts/content-inject.php') ); ?>
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : cats.php
    Line 31: <?php include( locate_template('template-parts/cat-layouts/content-'. $grid[0]['l
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-pixelentity-theme-update.php
    Line 32: require_once('class-envato-protected-api.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : framework.php
    Line 410: require_once 'core/dashboard.php';
    Line 414: require_once 'core/newsflash.php';
    Line 1707: require_once 'core/enqueue.php';
    Line 2854: require_once 'core/enqueue.php';
    Line 2912: require_once 'core/panel.php';
    Line 3260: require_once 'core/panel.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : extension_customizer.php
    Line 749: require_once( $class_file );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : field_button_set.php
    Line 46: *              ['format']      string Formatting options for paginate fields. Options include ('currency','nice','niceShort','timeAgoInWords' or a valid Date() f
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : helpers.php
    Line 391: 
    Line 417: 
    Line 450: 
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : metaboxes.php
    Line 28: include_once( get_template_directory().'/core/admin/metaboxes/page.php');
    Line 29: include_once( get_template_directory().'/core/admin/metaboxes/post.php');
    Line 30: include_once( get_template_directory().'/core/admin/metaboxes/category.php'
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.

This is a ThemeForest theme. Since Themeforest items are all checked by a human before they appear on their website, ThemeForest verification rules are more permissive than themecheck's and can give a better verification score ( Themeforest requirements ).

56
Critical alerts
  1. Customizer : Sanitization of Customizer settings Found a Customizer setting that did not have a sanitization callback function in file extension_customizer.php. Every call to the add_setting() method needs to have a sanitization callback function passed.
  2. Deprecated functions : wp_get_http wp_get_http found in file wordpress-importer.php. Deprecated since version 4.4. Use WP_Http instead.
    Line 906: $headers = wp_get_http( $url, $upload['file'] );
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in framework.php. Themes must not deregister core scripts.
    Line 565: wp_deregister_script( 'wpb_ace' );
    Found wp_deregister_script in enqueue.php. Themes must not deregister core scripts.
    Line 215: wp_deregister_script( 'jquerySelect2' );
  2. theme tags : Presence of bad theme tagsFound wrong tag in style.css header.
  3. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function esc_html_e, with the arguments 'gridlove' in file page.php.Found a translation function that is missing a text-domain. Function esc_html_e, with the arguments 'gridlove' in file page.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Name' in file extensions.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Email' in file extensions.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Website' in file extensions.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Save my name, email, and website in this browser for the next time I comment.' in file extensions.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are gridlove, tgmpa, redux-framework, framework, wordpress-importer, radium.
  4. Screenshot : Screenshot fileBad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file helpers.php.
    Line 584: <span class='update-actions'>Version '.$current->response['gridlove']['new_version'].': <a href='http://mekshq.com/docs/gridlove-change-log' target='blank'>See what\'s new<
    Possible hard-coded links were found in the file options.php.
    Line 23: 'display_name'         => wp_kses( sprintf( __( 'Gridlove Options%sTheme Documentation%s', 'gridlove' ), '<a href='http://mekshq.com/documentation/gridlove' target='_blank'>', '</a>' ), wp_k
    Possible hard-coded links were found in the file options-fields.php.
    Line 601: 'default' =>  __( '<p style='text-align: center;'>Copyright &copy; {current_year}. Created by <a href='http://mekshq.com' target='_blank'>Meks</a>. Powered by <a href='http://www
    Line 2450: 'subtitle' => esc_html__( 'Paste specific WordPress language <a href='http://wpcentral.io/internationalization/' target='_blank'>locale code</a> 
    Line 2817: 'desc' => wp_kses( sprintf( __( 'Where can I find my %s?', 'gridlove' ), '<a href='http://themeforest.net/help/api' target='_blank'>API key</a>' ), wp_kses_al
    Possible hard-coded links were found in the file update-panel.php.
    Line 44: <a href='http://mekshq.com/docs/gridlove-change-log' target='_blank' class='button b
    Line 50: <a href='http://mekshq.com/contact' target='_blank' class='button button-primary but
  2. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  3. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  4. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  5. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  6. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  7. Optional files : Presence of archive template file archive.phpThis theme does not contain optional file archive.php.
  8. Optional files : Presence of search results template file search.phpThis theme does not contain optional file search.php.
  9. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  10. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  11. Use of includes : Use of include or requireThe theme appears to use include or require : template-modules.php
    Line 28: <?php include( locate_template('template-parts/modules/'.$module_template.'.php')
    Line 35: <?php include( locate_template('template-parts/modules/empty.php') ); ?>
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : index.php
    Line 29: <?php include( locate_template('template-parts/layouts/content-'. $grid[$i]['layo
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : related.php
    Line 19: <?php $post_col = $related_layout === 'b' ? 8 : 4; ?><?php include(locate_template('template-parts/layouts/content-' . $related_layout
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : cpt.php
    Line 21: <?php include( locate_template('template-parts/layouts/content-inject.php') ); ?>
    Line 30: <?php include( locate_template('template-parts/layouts/content-'. $grid[$i]['layo
    Line 37: <?php include( locate_template('template-parts/layouts/content-inject.php') ); ?>
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : posts.php
    Line 21: <?php include( locate_template('template-parts/layouts/content-inject.php') ); ?>
    Line 31: <?php include( locate_template('template-parts/layouts/content-'. $grid[$i]['layo
    Line 40: <?php include( locate_template('template-parts/layouts/content-inject.php') ); ?>
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : cats.php
    Line 31: <?php include( locate_template('template-parts/cat-layouts/content-'. $grid[0]['l
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-pixelentity-theme-update.php
    Line 32: require_once('class-envato-protected-api.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : framework.php
    Line 410: require_once 'core/dashboard.php';
    Line 414: require_once 'core/newsflash.php';
    Line 1707: require_once 'core/enqueue.php';
    Line 2854: require_once 'core/enqueue.php';
    Line 2912: require_once 'core/panel.php';
    Line 3260: require_once 'core/panel.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : extension_customizer.php
    Line 749: require_once( $class_file );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : field_button_set.php
    Line 46: *              ['format']      string Formatting options for paginate fields. Options include ('currency','nice','niceShort','timeAgoInWords' or a valid Date() f
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : helpers.php
    Line 391: 
    Line 417: 
    Line 450: 
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : metaboxes.php
    Line 28: include_once( get_template_directory().'/core/admin/metaboxes/page.php');
    Line 29: include_once( get_template_directory().'/core/admin/metaboxes/post.php');
    Line 30: include_once( get_template_directory().'/core/admin/metaboxes/category.php'
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes