Why does Envato Market use deprecated code in their review process?

[andrejcremoznik]

This project obviously isn't maintained. There are no responses to issues. Every time I submit something to review I always get rejections for the same bullshit reasons and a lot of it is due to this broken test suite here.

There are some good checks here but a lot of them enforce really bad practices.

E.g. I can't do:

for ($i = 0; $i < 5; $++) echo "something-{$i}";

I have to do this instead just to satisfy the check for escaping.

for ($i = 0; $i < 5; $++) echo esc_html("something-{$i}");

WP is slow already, this just slows it down even more completely unnecessarily. On the other hand this code will not raise any warnings:

printf('%s', $dangerous_variable);

Or what's even worse, this is not allowed:

$file_content = file_get_contents('path/to/file');
echo $file_content ? $file_content : '';

You have to use the WP_Filesystem even though the docs for it explicitly say it should be used to uploads/file-creation not read-only access:

if (!defined('FS_METHOD')) define('FS_METHOD', 'direct');
global $wp_filesystem;
require_once (ABSPATH . '/wp-admin/includes/file.php');
WP_Filesystem();
echo $wp_filesystem->exists($filename) ? $wp_filesystem->get_contents($filename) : '';

Considering how Envato Market has a monopoly on WP theme distributions and the money they're banking, their review process is completely exploitable and does nothing but frustrate developers.

I could easily get malware completely undetected through their review if I wanted to.

Their reviewers are not developers. They don't even know how to use virtualization, let alone automation. Their test environment is outdated, I wouldn't be surprised it it's XAMPP or whatever that windows server package is.

Who else is frustrated? Let them know.

[scottparry]

Closing as this isn't an issue.