Plugins

There are issues with your plugin code preventing it from being approved immediately. We have pended your submission in order to help you correct all issues so that it may be approved and published.

We ask you read this email in its entirety, address all listed issues, and reply to this email with your corrected code attached (or linked). You have 6 months to make all corrections, before your plugin will be rejected. Even so, as long as you reply to this email, we will be able to continue with your review and eventually publish your code.

Remember in addition to code quality, security and functionality, we require all plugins adhere to our guidelines. If you have not yet, please read them:

We know it can be long, but you must follow the directions at the end as not doing so will result in your review being delayed. It is required for you to read and reply to these emails, and failure to do so will result in significant delays with your plugin being accepted.

Finally, should you at any time wish to alter your permalink (aka the plugin slug), you must explicitly tell us what you want it to be. Just changing the display name is not sufficient, and we require to you clearly state your desired permalink. Remember, permalinks cannot be altered after approval.

Be aware that you will not be able to submit another plugin while this one is being reviewed.

## Data Must be Sanitized, Escaped, and Validated

When you include POST/GET/REQUEST/FILE calls in your plugin, it’s important to sanitize, validate, and escape them. The goal here is to prevent a user from accidentally sending trash data through the system, as well as protecting them from potential security issues.

SANITIZE: Data that is input (either by a user or automatically) must be sanitized as soon as possible. This lessens the possibility of XSS vulnerabilities and MITM attacks where posted data is subverted.

VALIDATE: All data should be validated, no matter what. Even when you sanitize, remember that you don’t want someone putting in ‘dog’ when the only valid values are numbers.

ESCAPE: Data that is output must be escaped properly when it is echo’d, so it can’t hijack admin screens. There are many esc_*() functions you can use to make sure you don’t show people the wrong data.

To help you with this, WordPress comes with a number of sanitization and escaping functions. You can read about those here:

Remember: You must use the most appropriate functions for the context. If you’re sanitizing email, use sanitize_email(), if you’re outputting HTML, use esc_html(), and so on.

An easy mantra here is this:

Sanitize early
Escape Late
Always
Validate

Clean everything, check everything, escape everything, and never trust the users to always have input sane data. After all, users come from all walks of life.

Example(s) from your plugin:

wpsekolah/wp-sekolah.php:152: $events_meta[‘_minus’] = strtotime($_POST[‘_tevent’]);
wpsekolah/wp-sekolah.php:153: $events_meta[‘_tevent’] = $_POST[‘_tevent’];
wpsekolah/wp-sekolah.php:154: $events_meta[‘_jam’] = $_POST[‘_jam’];
wpsekolah/wp-sekolah.php:155: $events_meta[‘_lokasi’] = $_POST[‘_lokasi’];
wpsekolah/wp-sekolah.php:156: $events_meta[‘_mapsevent’] = stripslashes($_POST[‘_mapsevent’]);

## Generic function/class/define/namespace names

All plugins must have unique function names, namespaces, defines, and class names. This prevents your plugin from conflicting with other plugins or themes. We need you to update your plugin to use more unique and distinct names.

A good way to do this is with a prefix. For example, if your plugin is called “Easy Custom Post Types” then you could use names like these:

  • function ecpt_save_post()
  • define( ‘ECPT_LICENSE’, true );
  • class ECPT_Admin{}
  • namespace EasyCustomPostTypes;

Don’t try to use two (2) or three (3) letter prefixes anymore. We host nearly 100-thousand plugins on WordPress.org alone. There are tens of thousands more outside our servers. Believe us, you’re going to run into conflicts.

You also need to avoid the use of __ (double underscores), wp_ , or _ (single underscore) as a prefix. Those are reserved for WordPress itself. You can use them inside your classes, but not as stand-alone function.

Please remember, if you’re using _n() or __() for translation, that’s fine. We’re only talking about functions you’ve created for your plugin, not the core functions from WordPress. In fact, those core features are why you need to not use those prefixes in your own plugin! You don’t want to break WordPress for your users.

Related to this, using if (!function_exists(‘NAME ‘)) { around all your functions and classes sounds like a great idea until you realize the fatal flaw. If something else has a function with the same name and their code loads first, your plugin will break. Using if-exists should be reserved for shared libraries only.

Remember: Good prefix names are unique and distinct to your plugin. This will help you and the next person in debugging, as well as prevent conflicts.

Example(s) from your plugin:

wpsekolah/wp-sekolah.php:90:function event() {
wpsekolah/wp-sekolah.php:175:function new_default_content($content) {
wpsekolah/wp-sekolah.php:197:function override_archive_template( $archive_template ){

## Calling files remotely

Offloading images, js, css, and other scripts to your servers or any remote service (like Google, MaxCDN, jQuery.com etc) is disallowed. When you call remote data you introduce an unnecessary dependency on another site. If the file you’re calling isn’t a part of WordPress Core, then you should include it -locally- in your plugin, not remotely. If the file IS included in WordPress core, please call that instead.

An exception to this rule is if your plugin is performing a service. We will permit this on a case by case basis. Since this can be confusing we have some examples of what are not permitted:

  • Offloading jquery CSS files to Google – You should include the CSS in your plugin.
  • Inserting an iframe with a help doc – A link, or including the docs in your plugin is preferred.
  • Calling images from your own domain – They should be included in your plugin.

Here are some examples of what we would permit:

  • Calling font families from Google or their approved CDN (if GPL compatible)
  • API calls back to your server to process possible spam comments (like Akismet)
  • Offloading comments to your own servers (like Disqus)
  • oEmbed calls to a service provider (like Twitter or YouTube)

Please remove external dependencies from your plugin and, if possible, include all files within the plugin (that is not called remotely). If instead you feel you are providing a service, please re-write your readme.txt in a manner that explains the service, the servers being called, and if any account is needed to connect.

Example(s) from your plugin:

wpsekolah/wp-sekolah.php:140: wp_enqueue_style( ‘jquery-ui-datepicker-style’ , ‘//ajax.googleapis.com/ajax/libs/jqueryui/1.10.4/themes/smoothness/jquery-ui.css’);

—- —- —- —-

We believe this to be a complete review of all issues found in your plugin. If we have no response from this email address in 6 months, we will reject this submission in order to keep our queue manageable. To keep your review active, all we ask is that you make corrections and reply.

Your next steps are:

  1. Make all the corrections related to the issues we listed.
  2. Review your entire code to ensure there are no other related concerns.
  3. Attach your corrected plugin as a zip file OR provide a link to a public location (Dropbox, Github, etc) from where we can download the code. A direct link to the zip is best.

Once we receive your updated code, we will re-review it from top down.

We again remind you that should you wish to alter your permalink (aka the plugin slug), you must explicitly tell us what you want it to be. We require to you clearly state in the body of your email what your desired permalink is. Permalinks cannot be altered after approval, and we generally do not accept requests to rename should you fail to inform us during the review.

Be aware that if your zip contains javascript files, you may not be able to email it as many hosts block that in the interests of security. Also note that all version control directories (like Github) will auto-generate a zip for you.

While we have tried to make this review as exhaustive as possible we, like you, are humans and may have missed things. As such, we will re-review the entire plugin when you send it back to us. We appreciate your patience and understanding.

If you have questions, concerns, or need clarification, please reply to this email and just ask us.

Note! If you asked for a permalink change and got a reply that is has been processed, remember that these emails will still use the original display name. Don’t panic. If you did not get a reply that we processed the permalink, let us know immediately.

NO Judul Dibaca
1 Instalasi WordPress Melalui cPanel Hosting (Online) 1413
2 Instalasi WordPress Localhost Via XAMPP (Offline) 1146
3 Mengaktifkan Komentar Pada Pos Tunggal 716
4 Mengaktifkan Komentar Pos Secara Massal 605
5 Menutup Otomatis Komentar Pada Pos Baru 420
6 Moderasi & Blacklist Komentar Masuk 515
7 Membalas Komentar Pengunjung Blog 686
8 Membatasi Komentar Hanya Untuk Pengguna 465
9 Mengatur Jumlah Komentar Per-Halaman 462
10 Menutup Komentar Setelah Beberapa Hari Terbit 430
11 Menutup Otomatis Komentar Setiap Pos Baru 418
12 Mewajibkan Nama dan Email Saat Berkomentar 611
13 Mengatur Level Kedalaman Komentar Balasan 533
14 Menampilkan Komentar Terbaru Lebih Dulu 395
15 Menampilkan Komentar Terlama Lebih Dulu 439
16 Moderasi Komentar Sebelum Diterbitkan 427
17 Mengedit / Modifikasi Komentar Masuk 448
18 Mencari Komentar Berdasarkan Nama Dan Kata 442
19 Mengijinkan Komentar Pingback Dari Web Lain 506
20 Menghapus Komentar Yang Telah Masuk 1544
21 Menghapus Komentar Secara Massal 723
22 Mengembalikan Komentar Yang Telah Dihapus 15636
23 Menghapus Komentar Permanen / Selamanya 1058
24 2 Alternatif Halaman Login WordPress 639
25 Username Dan Alamat Email Untuk Login 3864
26 Gagal Login, Nama Pengguna Tidak Sah 1122
27 Gagal Login, Alamat Email Tidak Sah 890
28 Gagal Login, Sandi Yang Dimasukan Salah 388
29 Simpan Username Dan Password Di Browser 467
30 Lupa Sandi, Nama Pengguna Atau Email Tidak Sah 600
31 Lupa Sandi, Tidak Ada Pengguna Terdaftar 414
32 Lupa Sandi, Proses Mendapatkan Password Baru 551
33 Tidak Menerima Email Setelah Reset Password 639
34 Mengaktifkan Register Pada WordPress 681
35 Halaman Register Untuk Pengguna Baru 992
36 Nama Pengguna + Alamat Email Untuk Register 616
37 Gagal Register, Nama Pengguna Sudah Terdaftar 900
38 Gagal Register, Alamat Email Sudah Terdaftar 2062
39 Gagal Register, Alamat Email Tidak Valid 21403
40 Tidak Menerima Email Setelah Register 1096
41 Mengenal Dasbor Utama WordPress 789
42 Menu Dasbor Untuk Level Administrator 486
43 Menu Dasbor Untuk Level Editor 381
44 Menu Dasbor Untuk Level Author / Penulis 457
45 Menu Dasbor Untuk Level Contributor 419
46 Menu Dasbor Untuk Level Subscriber / Pelanggan 453
47 Proses Register Pengguna Baru WordPress 509
48 Menu Dasbor : Dasbor > Beranda 473
49 Menu Dasbor : Dasbor > Pembaruan 379
50 Menu Dasbor : Pos > Semua Pos 520
51 Menu Dasbor : Pos > Tambah Baru 375
52 Menu Dasbor : Pos > Kategori 420
53 Menu Dasbor : Pos > Tag 393
54 Menu Dasbor : Media > Pustaka 401
55 Menu Dasbor : Media > Tambah Baru 416
56 Menu Dasbor : Laman > Semua Laman 394
57 Menu Dasbor : Laman > Tambah Baru 406
58 Menu Dasbor : Komentar 451
59 Menu Dasbor : Tampilan > Tema 444
60 Menu Dasbor : Tampilan > Sesuaikan 389
61 Menu Dasbor : Tampilan > Widget 472
62 Menu Dasbor : Tampilan > Menu 442
63 Menu Dasbor : Tampilan > Theme Editor 453
64 Menu Dasbor : Plugin > Plugin Terpasang 193
65 Menu Dasbor : Plugin > Tambah Baru 506
66 Menu Dasbor : Plugin > Plugin Editor 324
67 Menu Dasbor : Pengguna > Semua Pengguna 360
68 Menu Dasbor : Pengguna > Tambah Baru 393
69 Menu Dasbor : Pengguna > Profil Anda 443
70 Menu Dasbor : Perkakas > Impor 326
71 Menu Dasbor : Perkakas > Ekspor 489
72 Menu Dasbor : Pengaturan > Umum 426
73 Menu Dasbor : Pengaturan > Menulis 431
74 Menu Dasbor : Pengaturan > Membaca 398
75 Menu Dasbor : Pengaturan > Diskusi 459
76 Menu Dasbor : Pengaturan > Media 480
77 Menu Dasbor : Pengaturan > Permalink 386
78 Menu Dasbor : Pengaturan > Privasi 389
79 Menyembunyikan Admin Bar Diluar Dasbor 519
80 Notifikasi Pembaruan Pada Admin Bar 352
81 Notifikasi Moderasi Komentar Pada Admin Bar 417
82 Menu Admin Bar : + Baru 410
83 Menu Admin Bar : Tampilkan Pos 471
84 Menu Admin Bar : Tampilkan Kategori 404
85 Menu Admin Bar : Tampilkan Tag 345
86 Mengganti Nama Pada Admin Bar 459
87 Mengganti Gambar Profil Pada Admin Bar 487
88 Logout Akun Melalui Admin Bar 401
89 Mengganti Foto Gravatar Default 490
90 Membuat Akun Gravatar (Avatar-nya WordPress) 1195
91 Permalink Biasa : Permalink Default WordPress 488
92 Format Permalink : Tanggal Dan Judul Pos 422
93 Format Permalink : Bulan Dan Judul Pos 374
94 Format Permalink : Arsip Dan ID Pos 368
95 Format Permalink : Judul Pos 398
96 Format Permalink Struktur Custom Bebas 450
97 Merubah Alamat Link Halaman Kategori 503
98 Merubah Alamat Link Halaman Tag 595
99 Menampilkan Menu-Menu Pada Header Web 1508
100 Menukar / Merubah Posisi Antar Menu 946
101 Menambahkan Submenu (Dropdown) Pada Menu 634
102 Membuat Menu Dan Submenu Tanpa Link 1214
103 Merubah / Mengedit Text Menu (Label Navigasi) 641
104 Menampilkan Kategori Pos Pada Menu 605
105 Tampilkan / Sembunyikan Grup Item Menu 531
106 Menambah Link Menuju Web Lain Pada Menu 1372
107 Menambah Menu Menuju Halaman Beranda 894
108 Cek Lokasi Menu Yang Disediakan Oleh Tema 528
109 Menampilkan Menu-Menu Pada Widget 509
110 Menampilkan Gambar Avatar Dalam Komentar 815
111 Membuat / Menambahkan Pos (Artikel) Baru 594
112 Merubah / Mengedit Pos Yang Telah Dibuat 348
113 Opsi Layar Untuk On / Off Grup Item Menu 507
114 Menautkan Pos Artikel Pada Kategori Tertentu 579
115 Menambahkan Tag Pos Langsung Pada Artikel 380
116 Menambah Thumbnail / Gambar Unggulan Untuk Pos 929
117 Mengganti Gambar Unggulan Pada Pos Artikel 449
118 Mengaktifkan / Menonaktifkan Komentar Pada Pos 366
119 Melindungi Pos Artikel Dengan Password / Sandi 497
120 Menghapus Pos Langsung Dari Halaman Editor Pos 480
121 Merubah / Mengedit URL Slug Pos Artikel 720
122 Menambahkan Media Gambar Ditengah Pos Artikel 616
123 Sortir Pos Artikel Berdasar Kata Tertentu 504
124 Properti Tambahan Untuk Menu : Target Tautan 712
125 Properti Tambahan Untuk Menu : Atribut Judul 559
126 Properti Tambahan Untuk Menu : Kelas CSS 787
127 Properti Tambahan Untuk Menu : Relasi Tautan 914
128 Membuat Kategori / Sub Kategori Melalui Editor Pos 941