strangerstudios / memberlite Goto Github PK

• Content width for Full Width is not working. Check your function memberlite_adjust_content_width() in functions.php file line no 49 to 62.
• You can change that to two functions.
  ** One just for global content width like below:

/**
 * Set the content width in pixels, based on the theme's design and stylesheet.
 *
 * Priority 0 to make it available to lower priority callbacks.
 *
 * @global int $content_width
 */
function memberlite_content_width() {
	$GLOBALS['content_width'] = apply_filters( 'memberlite_content_width', 748 );
}
add_action( 'after_setup_theme', 'memberlite_content_width', 0 );

** Another one for changing the content width as per the template

/*
 * Adjust $content_width for full-width and fluid-width templates
 */

if ( ! function_exists( 'memberlite_adjusted_content_width' ) ) :

function memberlite_adjusted_content_width() {
	global $content_width;

	if ( is_page_template( 'templates/full-width.php' ) || is_page_template( 'templates/fluid-width.php' ) ) {
        $content_width = 1170; /* pixels */
	}
}
add_action( 'template_redirect', 'memberlite_adjusted_content_width' );

endif; // if ! function_exists( 'memberlite_adjusted_content_width' )

• Use proper wp_kses() family or other functions
  • components/header/masthead.php line 44: $memberlite_masthead_content
  • components/post/content-audio.php line 36: $memberlite_get_entry_meta_after
  • components/post/content-image.php line 24: $memberlite_get_entry_meta_after
  • components/post/content-link.php line 20: $memberlite_get_entry_meta_after
  • components/post/content-quote.php line 32: $memberlite_get_entry_meta_after
  • components/post/content-single.php line 34: $memberlite_get_entry_meta_after
  • components/post/content-status.php line 28: $memberlite_get_entry_meta_after
  • components/post/content-video.php line 37: $memberlite_get_entry_meta_after
  • components/post/content.php line 42: memberlite_get_entry_meta
  • components/post/entry-header.php line 35: memberlite_get_entry_meta
  • inc/extras.php
    • line 242 $term_description
    • line 250 $post_type->labels->name

• Class Prefix
  • Class prefixes should be Memberlite_ if you follow WordPress Coding Standards.
  • Check following class names
    • memberlite_Customize
    • comment_walker
    • pings_walker
    • WP_Widget_Recent_Posts_Thumbnails
  • You need to maintain consistency
• Function Prefixes
  • Need to make function prefixes theme slug in following:
    * integrations\woocommerce.php line 39 and 42
  • More info: http://themereview.co/prefix-all-the-things/
• Image names prefix
  • Prefix missing in add_image_size in functions.php lines 91 to 94
  • More info: http://themereview.co/prefix-all-the-things/

In the memberlite_page_title() function in inc/extras.php, .ORG will require that you use the_archive_title() and the_archive_description() (or their get_*() counterparts) for the archive title and descriptions. This goes for any type of archive. If you output the archive title or description, it must come from those functions.

The reason for this is simply that plugins need a way to hook in and overwrite the output.

Escaping missing in following, use esc_html():
* components/footer/site-info.php line 31: $back_to_top
* components/header/meta-member.php line 17 and 20: preg_replace("/@.*/", "", $current_user->display_name)

• check lines 253 to 271 in inc/extras.php, there are a bunch of escaping issues here, check these lines thoroughly. Missing esc_html__(), esc_html_e(). You need to change as below:

elseif ( function_exists( 'is_bbpress' ) && ( is_bbpress() || bbp_is_single_user() ) )
{
    ?>
    <h1 class="page-title">
    <?php
        if( bbp_is_search_results() ) {
            printf( esc_html__( 'Forum Search Results for: %s', 'memberlite' ), '<span>' . esc_html( bbp_get_search_terms() ) . '</span>' );
        } elseif( bbp_is_search() ) {
            esc_html_e( 'Forum Search', 'memberlite' );
        } elseif( bbp_is_single_forum() || bbp_is_single_topic() ) {
            the_title();
        } elseif( bbp_is_single_user() ) {
            echo sprintf( esc_html__( '%s\'s Profile', 'memberlite' ), esc_html( get_userdata( bbp_get_user_id() )->display_name ) );
        } else {   
            esc_html_e( 'Forums', 'memberlite' );
        }
    ?>
    </h1>
    <?php
}

On the elements branch, with a fresh install of BuddyPress (and PMPro BuddyPress).

I activated user groups and created a new one. BuddyPress redirects me to the front end to finish setting up the group.

The buttons at the bottom of their forms are white text on white background with a gray border.

Not sure if this is a conflict with our theme css or something else.

Is jQuery necessary?

In your memberlite.js and navigation.js files, which are loaded on the front end, you have just a few dozen lines of code. Both of these scripts rely on jQuery. Is it really necessary in this case? It looks like this can all be rewritten in vanilla JS and CSS with minimal effort. Then, there'd be no need to load an additional 95kb file just to run your little bit of JS. It could potentially shave off some loading time for some of your users. Definitely something to think about.

You're also erroneously setting jquery as a dependency for skip-link-focus-fix.js in functions.php on line 23 (it doesn't rely on it):

wp_enqueue_script('memberlite-skip-link-focus-fix', get_template_directory_uri() . '/js/skip-link-focus-fix.js', array( 'jquery' ), MEMBERLITE_VERSION, true);

For the admin and customizer JS, this is a non-issue since jQuery is definitely going to be loaded there anyway.

Combining files:

I'd also consider combining memberlite.js, navigations.js, and skip-link-focus-fix.js for the production release.

With Gutenberg active we lose the checkbox in Postmeta that allows you to show the Featured Image in the Banner area. Screencast illustrates the steps to recreate the issue.

Screencast of Banner http://take.ms/plSyKs

Where possible, I like to see themes remove as much PHP logic from their templates as they can. One of the great things about WP themes is that they allow DIY users who might know a bit of HTML to tinker with the code. But, when they see a lot of PHP in a theme template, it can get confusing and/or be easy to break.

For example, this bit of code in header.php:

<?php
	$template = get_page_template();
	if(
		!is_page_template('templates/fluid-width.php') &&
		!is_404() &&
		( !is_front_page() || ( is_front_page() && !empty( $template ) && ( basename( $template ) != 'page.php' ) || 'posts' == get_option( 'show_on_front' ) ) )
	) { ?>
	<div class="row">
<?php } ?>

Personally, I'd wrap up the conditional bit of the code into a function called memberlite_display_row() and use it like so:

<?php if ( memberlite_display_row() ) : ?>

	<div class="row">

<?php endif; ?>

That's simpler, cleaner, and harder to break.

I'd also say that this is beneficial for child theming as well because:

1. If overwriting header.php, there's less chance that a parent theme update will introduce a breaking change since the logic code is tied into a function and not the template.
2. If a child theme author wanted to display the <div class="row"> on another page, you could provide a filter hook within your function. And, there'd be no need to overwrite the template in that scenario.

Anyway, this is something I often mention to theme authors. If you can, remove as much PHP code from your templates as you can.

Escaping missing in following, use esc_url():
* functions.php line 132 get_bloginfo( 'pingback_url' ), line 240 wp_logout_url(), line 243 wp_login_url(), line 248 wp_registration_url()
* inc\admin.php line 46, 56 wp_customize_url, line
* template-tags.php
* line 132, 134 get_permalink
* line 247, 232 comment_author_url
* components\header\masthead.php line 29 $referrer use esc_url instead of esc_attr
* extras.php
* line 134, 547, 564, 571, 667, 691, 816, 821 get_permalink
* line 455 $titlelink
* line 600, 678 get_post_type_archive_link
* single-testimonials-widget.php line 15 get_post_type_archive_link

Theme should use the after_content hook to allow the Memberlite Elements Plugin to add the bottom banner. Right now the theme has a block of code checking specifically for a bottom banner - would be better to do via the after_content in theme and add conditional in elements plugin. Ask Kim :-)

In inc/extras.php on line 29, I'm seeing a call to $post here:

global $post, $memberlite_defaults;

That doesn't seem to be in use and can be removed.

Side note: I'd never rely on $post unless within The Loop. Outside of The Loop, you should check get_queried_object().

• Blockquote right and left align css missing. See the screenshot
  
• Post With Long Title. See the attached screenshot
  

• Multiple placeholders should be ordered. Expected '%1$s, %2$s', but got %s, %s in inc/deprecated.php line 52

Why is every customizer setting in inc/customizer.php set to this?

'sanitize_js_callback' => array('memberlite_Customize', 'memberlite_sanitize_js_callback'),

There's really no reason to set the sanitize_js_callback callback unless you need the data to take on a special form as it comes from the database into the customizer JS.

The <q> tag is an inline element. It can appear in the middle of a paragraph or even in the middle of the sentence.

The ideal way to style it is to simply make sure it has normal quotation marks.

Reference: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/q

"Developers, developers, developers..." is the quote from the screenshot below. But, you can't gather that from the style.

In inc/widgets.php, the widget is simply registered from the file:

register_widget( 'WP_Widget_Recent_Posts_Thumbnails' );

This code should be wrapped into a callback function and executed on the widgets_init hook.

This is the list of current post variables available to use in the before or after post meta customization: https://memberlitetheme.com/documentation/customize/post-meta-information/

We want to add {post_title} to this list of variables.

In inc/extras.php on line 418, there are scenarios where this wouldn't hold true:

/**
 * Are we on a "blog" page?
 */
function memberlite_is_blog() {
	$is_blog = ( is_home() || is_singular('post') || ( is_archive() && !is_post_type_archive() ) );

	$is_blog = apply_filters( 'memberlite_is_blog', $is_blog );

	return $is_blog;
}

is_archive() counts custom taxonomies too. You might try adding an ! is_tax() in there.

• Check your theme with Debug Bar plugin. When you click on reply button in comment it shows error
  Error: Syntax error, unrecognized expression: http://themereview.dev/2017/03/12/human-faces-in-web-design/?replytocom=5#respondhttp://themereview.dev/wp-includes/js/jquery/jquery.js?ver=1.12.4 line 2

Note that this is a recommendation only, but one I highly recommend.

When you have a select control in the customizer, you're using sanitize_text_field to go along with the setting. I'm going to present an alternative, which is even safer than simply sanitizing. Instead, we're going to use whitelist validation.

Here's a customizer control + setting from your inc/customizer.php file:

$wp_customize->add_setting(
	'columns_ratio',
	array(
		'default' => $memberlite_defaults['columns_ratio'],
		'type' => 'theme_mod',
		'capability' => 'edit_theme_options',
		'santize_callback' => 'sanitize_text_field',
		'sanitize_js_callback' => array('memberlite_Customize', 'memberlite_sanitize_js_callback'),
		'transport' => 'refresh',
	)
);
$wp_customize->add_control(
	'columns_ratio',
	array(
		'label' => __( 'Columns Ratio - Primary', 'memberlite' ),
		'section' => 'memberlite_theme_options',
		'type'       => 'select',
		'choices'    => array(
			'6-6' => __( '6x6', 'memberlite' ),
			'7-5' => __( '7x5', 'memberlite' ),
			'8-4' => __( '8x4', 'memberlite' ),
			'9-3' => __( '9x3', 'memberlite' ),
			'10-2' => __( '10x2', 'memberlite' ),
			'11-1' => __( '11x1', 'memberlite' ),
		),
		'priority' => 24
	)
);

The first thing I'm going to do is take that choices array and turn it into a standalone function like so:

function memberlite_get_columns_ratio_choices() {

	return array(
		'6-6' => __( '6x6', 'memberlite' ),
		'7-5' => __( '7x5', 'memberlite' ),
		'8-4' => __( '8x4', 'memberlite' ),
		'9-3' => __( '9x3', 'memberlite' ),
		'10-2' => __( '10x2', 'memberlite' ),
		'11-1' => __( '11x1', 'memberlite' )
	);
}

Then, I'm going to make a validation function:

function memberlite_validate_columns_ratio( $value ) {
	global $memberlite_defaults;

	return in_array( $value, memberlite_get_columns_ratio_choices() ) ? $value : $memberlite_defaults['columns_ratio'];
}

Then, your customizer code becomes:

$wp_customize->add_setting(
	'columns_ratio',
	array(
		'default' => $memberlite_defaults['columns_ratio'],
		'type' => 'theme_mod',
		'capability' => 'edit_theme_options',
		'santize_callback' => 'memberlite_validate_columns_ratio',
		'sanitize_js_callback' => array('memberlite_Customize', 'memberlite_sanitize_js_callback'),
		'transport' => 'refresh',
	)
);
$wp_customize->add_control(
	'columns_ratio',
	array(
		'label' => __( 'Columns Ratio - Primary', 'memberlite' ),
		'section' => 'memberlite_theme_options',
		'type'       => 'select',
		'choices'    => memberlite_get_columns_ratio_choices(),
		'priority' => 24
	)
);

Of course, that can be a lot of work. However, it can make your code much more flexible in the future by giving you more choices without having to do big refactors later.

Another options for sanitizing select callbacks is the simpler method proposed by the Theme Review Team: https://github.com/WPTRT/code-examples/blob/master/customizer/sanitization-callbacks.php#L262-L288

One thing to note is that the setting and control ID must match for this to work, which seems to be the case with your theme.

Escaping missing in following, use wp_unslash():

• components/header/masthead.php line 27 as
  • $referrer = isset( $_GET['redirect_to'] ) ? esc_url_raw( wp_unslash( $_GET['redirect_to'] ); ) : null;
• inc/admin.php line 23

You've got quite a bit of inline docs. I'd love to see these cleaned up and in line with the WP PHP documentation standards found here: https://make.wordpress.org/core/handbook/best-practices/inline-documentation-standards/php/

Even just having the @since in PHPDoc blocks makes a world of difference 6 months, 1 year, or longer down the road in development.

I just want to encourage spending a little more time on this as you develop the theme.

• Translation function missing text domain
  • inc/deprecated.php line 52

In inc/customizer.php, all of the theme mods that are output in the header_output() method need to be escaped. This includes CSS that is generated via the generate_css() method.

esc_html() should be sufficient for escaping things here.

Just a nice to have - would be good to use CSS to hide the navigation on the Membership Invoice page. For Example:

@media print { body.pmpro-invoice .entry-content #nav-below {display: none; } }

• In front-page.php line 20 why is using get_template_part complicated here? Whats the reason?
• Maybe you can use something as follows to remove this code block:

function themeslug_filter_front_page_template( $template ) {
	return ( is_front_page() && basename( $template ) != 'page.php'  ) ? '' : $template;
}
add_filter( 'frontpage_template', 'themeslug_filter_front_page_template' );

This will allow page templates in front page and take front-page.php when there is no template selected.

A user requested a settings export/import feature to duplicate customizer settings from installation to installation. For example, the theme Mantra allows you to export settings and reimport them.
https://wordpress.org/themes/mantra/

A user requested that we consider adding a menu-free template (maybe remove more header/footer content) for landing pages.

This bit of code in the memberlite_support() function in inc/admin.php shouldn't be necessary:

if( !function_exists( 'current_user_can' ) || ( !current_user_can( 'edit_theme_options' ) && !current_user_can( 'member_lite_options' ) ) ) {
		die( __( 'You do not have permissions to perform this action.', 'memberlite' ) );
	}

WP will already correctly check the edit_theme_options cap via your add_theme_page() registration earlier. I'm not sure what the member_lite_options cap is. That check shouldn't be there anyway.

Images in screenshot licenses

• Need to mention license of the images used in screenshot
• Since they are from WordPress demo data, you can just mention same in the readme file

When adding panels, sections, controls, or settings, you don't need to set the edit_theme_options capability. It's the default for the customizer:

'capability' => 'edit_theme_options',

You also don't have to set the theme_mod type for settings, which is also the default:

'type' => 'theme_mod',

Unless you just really want to do this for additional clarity, these are unnecessary. It could help you cut back on some of your customizer code.

• lines 22-26 in inc/admin.php is not being used anywhere below? Is this necessary? If not then, please remove it

For blockquotes, the bottom spacing doesn't match up with the top spacing. See screenshot below.

I'm not positive that this Author line will be allowed like this:

Author: kimannwall, strangerstudios

Generally speaking, the field is expected to be a single author. However, it's also just a plain text string. It's something you may want to run by the #themereview channel on WP Slack. I don't think I've ever run across this scenario.

Note that this does not correspond to usernames on .ORG like with a plugin's readme.txt.

• You cannot use anonymous functions. Although using anonymous function only affects PHP version 5.2 or less, the themes in WordPress.org repo still needs to support it. Check functions/customizer.php lines 544 and 550. Make mother function and call it there rather than using it anonymously.
  • inc/customizer.php line 641 and 647
  • inc/deprecated.php line 50

On archive-type pages, there's potentially double or even triple of the same images shown on the page as you'll see in the below screenshots. I'll try to break this all down to clarify.

Double image:

The "Featured Images on Index/Archives" option in the customizer has an option named "Show Banner or Thumbnail" (the default option). However, the actual value is show_both and is used to show both the featured image as a banner AND thumbnail. The OR is confusing in the text.

I'm not sure what scenarios "or" would ever crop up since you usually can't have one without the other.

Triple image:

Given the above double image, this can also be turned into a triple image issue if the user elects to "Show Post Content" for the "Content Archives" option in the customizer. You get the triple image effect when the user also shows the image in their post content.

Given that you have options to choose whether to show the featured image, this may not be an issue. I just wanted to make sure that you were aware of it.

Forum search should inherit the "Forums" sidebar as set in the Appearance > Custom Sidebars dashboard page. It is currently showing the "Posts and Archives" sidebar.

This is a bit of a pet-peeve of mine, but it's also about making a good user experience. You've named your theme menu locations as:

register_nav_menus( array(
		'primary' => __('Primary Menu', 'memberlite'),
		'member' => __('Member Menu', 'memberlite'),
		'member-logged-out' => __('Member Menu - Logged Out', 'memberlite'),
		'meta' => __('Meta Menu', 'memberlite'),
		'footer' => __('Footer Menu', 'memberlite'),
	));

The term "Menu" is actually inaccurate. These are technically "locations" that you're registering. I'd rather simply see Primary, Primary Location, Primary Area, etc. Give it a test from a user's point of view in the admin.

And, yes, the WP devs screwed up when they named this function register_nav_menus() because it doesn't register nav menus at all. :)

When registration is disabled and Paid Memberships Pro is not active, the "Register" link in the Member Info header right area should not be shown.

Escaping missing in following, use esc_attr():

• memberlite_getColumnsRatio() in following:
  • archive.php line 10
  • components/header/masthead.php line 22
  • forum.php line 10
  • header.php line 37 and 48
  • index.php line 8
  • mp_store.php line 15
  • page.php line 10
  • search.php line 8
  • sidebar.php line 11
  • single-testimonials-widget.php line 8
  • single.php line 8
  • templates/interstitial.php line 12
  • templates/landing.php line 11

The color stylesheets located in /colors/ reference images in a non-existing "default" folder. It appears that these images have been moved into the theme images folder.

The definition of start_el() in template-tags.php triggers a PHP warning:
PHP Strict Standards: Declaration of comment_walker::start_el() should be compatible with Walker_Comment::start_el(&$output, $comment, $depth = 0, $args = Array, $id = 0) in /webroot/wp-content/themes/memberlite/functions.php on line 268

There are multiple misspellings of sanitize_callback and sanitize_js_callback in inc/customizer.php. They are spelled as:

'santize_callback'

'santize_js_callback'

Note the missing i between n and t. You'll want to open your text editor and do a search/replace to get the spelling right.

• All translation functions must be escaped as sometimes an improper translation may break the html.
• E.g:
  • Almost all instances of __()/_e() need to be esc_html__()/esc_html_e()
    • 404.php line 17 becomes
      <h1 class="entry-title"><?php esc_html_e( 'Oops! That page can&rsquo;t be found.', 'memberlite' ); ?></h1>
  • esc_attr__() where used as attribute values
  • pass via wp_kses() if some html elements are required
• Check all files as there are a lot of these unescaped translation functions

• The way you have enqueued google font in functions.php lines 40-46 is not ideal
• Check http://themeshaper.com/2014/08/13/how-to-add-google-fonts-to-wordpress-themes/ on how to enqueue google font properly
• For google font rather than registering you need to enqueue via wp_enqueue

• Do not override global variables
  • archive.php line 19, I do not see any reason why this global variable is being used here
  • inc/extras.php line 105
  • inc/template-tags.php line 213, 221, 230, 231, 290, 298, 307, 308
  • index.php line 15

In inc/admin.php on line 12, you need to internationalize the menu and page title:

add_theme_page( 'Memberlite Documentation and Support', 'Memberlite Guide', 'edit_theme_options', 'memberlite-support', 'memberlite_support' );

And, the aria-label on line 28:

<div id="wpbody-content" aria-label="Main content" tabindex="0">