#112 - #1 - there's nothing wrong in using abspath, it's a WordPress core define, nothing added by the theme/plugin. Changed it to incorporate MU

			 - #2 - removed from global scope
			 - #3 - removed custom sanitize for hex
			 - #4 - removed shapely_sanitize_strip_slashes
			 - #5 - escaped variable
			 - #6 - I don't think Colorlib and WordPress are translatable
			 - #7 - escaped where needed
			 - #8 - removed registration of menu from socialnav.php
			 - #9 - removed theme support for post formats
			 - #10 - escaped where needed
			 - #11 - translated
			 - #12 - escaped where needed

Author: Cosmin

archive.php

@@ -2,7 +2,7 @@
 /**
  * The template for displaying archive pages.
  *
- * @link https://codex.wordpress.org/Template_Hierarchy
+ * @link    https://codex.wordpress.org/Template_Hierarchy
  *
  * @package Shapely
  */
@@ -13,7 +13,7 @@
 
 			if ( is_home() && ! is_front_page() ) : ?>
 				<header>
-					<h1 class="page-title screen-reader-text"><?php single_post_title(); ?></h1>
+					<h1 class="page-title screen-reader-text"><?php esc_html( single_post_title() ); ?></h1>
 				</header>
 
 				<?php

changelog.txt

@@ -1,3 +1,18 @@
+### 1.7.1
+<a href="https://github.com/puikinsh/shapely/issues">Issues</a>
+	#112 - #1 - there's nothing wrong in using abspath, it's a WordPress core define, nothing added by the theme/plugin. Changed it to incorporate MU
+			 - #2 - removed from global scope
+			 - #3 - removed custom sanitize for hex
+			 - #4 - removed shapely_sanitize_strip_slashes
+			 - #5 - escaped variable
+			 - #6 - I don't think Colorlib and WordPress are translatable
+			 - #7 - escaped where needed
+			 - #8 - removed registration of menu from socialnav.php
+			 - #9 - removed theme support for post formats
+			 - #10 - escaped where needed
+			 - #11 - translated
+			 - #12 - escaped where needed
+
 ### 1.7.0
 <a href="https://github.com/puikinsh/shapely/issues">Issues</a>
 	#79 - restyled <q> a little bit ( added a bg, set font style to italic )

functions.php

@@ -53,7 +53,8 @@ function shapely_setup() {
 
 		// This theme uses wp_nav_menu() in one location.
 		register_nav_menus( array(
-			                    'primary' => esc_html__( 'Primary', 'shapely' ),
+			                    'primary'     => esc_html__( 'Primary', 'shapely' ),
+			                    'social-menu' => esc_html__( 'Social Menu', 'shapely' ),
 		                    ) );
 
 		/*
@@ -68,18 +69,6 @@ function shapely_setup() {
 			'caption',
 		) );
 
-		/*
-		 * Enable support for Post Formats.
-		 * See https://developer.wordpress.org/themes/functionality/post-formats/
-		 */
-		add_theme_support( 'post-formats', array(
-			'aside',
-			'image',
-			'video',
-			'quote',
-			'link',
-		) );
-
 		// Set up the WordPress core custom background feature.
 		add_theme_support( 'custom-background', apply_filters( 'shapely_custom_background_args', array(
 			'default-color' => 'ffffff',
@@ -101,7 +90,8 @@ function shapely_setup() {
 			global $shapely_required_actions, $shapely_recommended_plugins;
 
 			$shapely_recommended_plugins = array(
-				'fancybox-for-wordpress' => array( 'recommended' => false )
+				'wordpress-seo'          => array( 'recommended' => true ),
+				'fancybox-for-wordpress' => array( 'recommended' => false ),
 			);
 
 			/*
@@ -112,6 +102,14 @@ function shapely_setup() {
 			 * plugin_slug - the plugin's slug (used for installing the plugin)
 			 *
 			 */
+			$path = WPMU_PLUGIN_DIR . '/shapely-companion/inc/views/shapely-demo-content.php';
+			if ( ! file_exists( $path ) ) {
+				$path = WP_PLUGIN_DIR . '/shapely-companion/inc/views/shapely-demo-content.php';
+				if ( ! file_exists( $path ) ) {
+					$path = false;
+				}
+			}
+
 			$shapely_required_actions = array(
 				array(
 					"id"          => 'shapely-req-ac-install-companion-plugin',
@@ -128,17 +126,10 @@ function shapely_setup() {
 					"plugin_slug" => 'jetpack'
 				),
 				array(
-					"id"          => 'shapely-req-ac-install-wp-yoast-plugin',
-					"title"       => Shapely_Notify_System::shapely_yoast_title(),
-					'description' => Shapely_Notify_System::shapely_yoast_description(),
-					"check"       => Shapely_Notify_System::shapely_has_plugin( 'wordpress-seo' ),
-					"plugin_slug" => 'wordpress-seo'
-				),
-				array(
-					"id"          => 'shapely-req-import-content',
-					"title"       => esc_html__( 'Import content', 'shapely' ),
-					"external"    => ABSPATH . 'wp-content/plugins/shapely-companion/inc/views/shapely-demo-content.php',
-					"check"       => Shapely_Notify_System::shapely_check_import_req(),
+					"id"       => 'shapely-req-import-content',
+					"title"    => esc_html__( 'Import content', 'shapely' ),
+					"external" => $path,
+					"check"    => Shapely_Notify_System::shapely_check_import_req(),
 				),
 
 			);
@@ -287,16 +278,6 @@ function shapely_scripts() {
  */
 require get_template_directory() . '/inc/metaboxes.php';
 
-/* Globals */
-global $shapely_site_layout;
-$shapely_site_layout = array(
-	'pull-right' => esc_html__( 'Left Sidebar', 'shapely' ),
-	'side-right' => esc_html__( 'Right Sidebar', 'shapely' ),
-	'no-sidebar' => esc_html__( 'No Sidebar', 'shapely' ),
-	'full-width' => esc_html__( 'Full Width', 'shapely' )
-);
-
-
 /**
  * Load the system checks ( used for notifications )
  */

inc/admin/welcome-screen/notify-system-checks.php

@@ -64,7 +64,17 @@ public static function shapely_check_plugin_is_installed( $slug ) {
 			if ( $slug === 'wordpress-seo' ) {
 				$slug2 = 'wp-seo';
 			}
-			if ( file_exists( ABSPATH . 'wp-content/plugins/' . $slug . '/' . $slug2 . '.php' ) ) {
+
+			$path = WPMU_PLUGIN_DIR . '/' . $slug . '/' . $slug2 . '.php';
+			if ( ! file_exists( $path ) ) {
+				$path = WP_PLUGIN_DIR . '/' . $slug . '/' . $slug2 . '.php';
+
+				if ( ! file_exists( $path ) ) {
+					$path = false;
+				}
+			}
+
+			if ( file_exists( $path ) ) {
 				return true;
 			}
 
@@ -79,8 +89,17 @@ public static function shapely_check_plugin_is_active( $slug ) {
 			if ( $slug === 'wordpress-seo' ) {
 				$slug2 = 'wp-seo';
 			}
-			if ( file_exists( ABSPATH . 'wp-content/plugins/' . $slug . '/' . $slug2 . '.php' ) ) {
-				include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
+
+			$path = WPMU_PLUGIN_DIR . '/' . $slug . '/' . $slug2 . '.php';
+			if ( ! file_exists( $path ) ) {
+				$path = WP_PLUGIN_DIR . '/' . $slug . '/' . $slug2 . '.php';
+				if ( ! file_exists( $path ) ) {
+					$path = false;
+				}
+			}
+
+			if ( file_exists( $path ) ) {
+				include_once( ABSPATH . WPINC . '/plugin.php' );
 
 				return is_plugin_active( $slug . '/' . $slug2 . '.php' );
 			}

inc/admin/welcome-screen/sections/actions-required.php

@@ -67,8 +67,8 @@
 					?>
 					<p class="plugin-card-<?php echo esc_attr( $shapely_required_action_value['plugin_slug'] ) ?> action_button <?php echo ( $active['needs'] !== 'install' && $active['status'] ) ? 'active' : '' ?>">
 						<a data-slug="<?php echo esc_attr( $shapely_required_action_value['plugin_slug'] ) ?>"
-						   class="<?php echo $class; ?>"
-						   href="<?php echo esc_url( $url ) ?>"> <?php echo $label ?> </a>
+						   class="<?php echo esc_attr( $class ); ?>"
+						   href="<?php echo esc_url( $url ) ?>"> <?php echo esc_html( $label ) ?> </a>
 					</p>
 					<?php
 				};

inc/admin/welcome-screen/sections/changelog.php

@@ -7,7 +7,7 @@
 
 ?>
 <div class="featured-section changelog">
-	
+
 
 	<?php
 	WP_Filesystem();
@@ -16,9 +16,9 @@
 	$shapely_changelog_lines = explode( PHP_EOL, $shapely_changelog );
 	foreach ( $shapely_changelog_lines as $shapely_changelog_line ) {
 		if ( substr( $shapely_changelog_line, 0, 3 ) === "###" ) {
-			echo '<h4>' . substr( $shapely_changelog_line, 3 ) . '</h4>';
+			echo '<h4>' . esc_html( substr( $shapely_changelog_line, 3 ) ) . '</h4>';
 		} else {
-			echo $shapely_changelog_line, '<br/>';
+			echo esc_html( $shapely_changelog_line ), '<br/>';
 		}
 
 

inc/admin/welcome-screen/sections/getting-started.php

@@ -3,7 +3,7 @@
  * Getting started template
  */
 $customizer_url = admin_url() . 'customize.php';
-$count = $this->count_actions();
+$count          = $this->count_actions();
 ?>
 
 <div class="feature-section three-col">
@@ -12,10 +12,11 @@
 		<p><?php esc_html_e( 'We\'ve compiled a list of steps for you, to take make sure the experience you\'ll have using one of our products is very easy to follow.', 'shapely' ); ?></p>
 		<?php if ( $count == 0 ) { ?>
 			<p><span class="dashicons dashicons-yes"></span>
-				<a href="<?php echo admin_url( 'themes.php?page=shapely-welcome&tab=recommended_actions' ); ?>"><?php esc_html_e( 'No recommended actions left to perform', 'shapely' ); ?></a>
+				<a href="<?php echo esc_url( admin_url( 'themes.php?page=shapely-welcome&tab=recommended_actions' ) ); ?>"><?php esc_html_e( 'No recommended actions left to perform', 'shapely' ); ?></a>
 			</p>
 		<?php } else { ?>
-			<p><span class="dashicons dashicons-no-alt"></span> <a href="<?php echo admin_url( 'themes.php?page=shapely-welcome&tab=recommended_actions' ); ?>"><?php esc_html_e( 'Check recommended actions', 'shapely' ); ?></a>
+			<p><span class="dashicons dashicons-no-alt"></span> <a
+					href="<?php echo esc_url( admin_url( 'themes.php?page=shapely-welcome&tab=recommended_actions' ) ); ?>"><?php esc_html_e( 'Check recommended actions', 'shapely' ); ?></a>
 			</p> <?php
 		}; ?>
 	</div><!--/.col-->

inc/admin/welcome-screen/sections/recommended-plugins.php

@@ -36,18 +36,19 @@
 		?>
 		<div class="col plugin_box">
 			<img src="<?php echo esc_attr( $icon ) ?>" alt="plugin box image">
-			<span class="version"><?php echo __( 'Version:', 'shapely' ); ?><?php echo $info->version ?></span>
+			<span
+				class="version"><?php echo __( 'Version:', 'shapely' ); ?><?php echo esc_html( $info->version ) ?></span>
 			<span
 				class="separator">|</span> <?php echo wp_kses_post( $info->author ) ?>
 			<div
 				class="action_bar <?php echo ( $active['needs'] !== 'install' && $active['status'] ) ? 'active' : '' ?>">
 				<span
-					class="plugin_name"><?php echo ( $active['needs'] !== 'install' && $active['status'] ) ? 'Active: ' : '' ?><?php echo $info->name; ?></span>
+					class="plugin_name"><?php echo ( $active['needs'] !== 'install' && $active['status'] ) ? 'Active: ' : '' ?><?php echo esc_html( $info->name ); ?></span>
 			</div>
 			<span
 				class="plugin-card-<?php echo esc_attr( $plugin ) ?> action_button <?php echo ( $active['needs'] !== 'install' && $active['status'] ) ? 'active' : '' ?>">
-				<a data-slug="<?php echo esc_attr( $plugin ) ?>" class="<?php echo $class; ?>"
-				   href="<?php echo esc_url( $url ) ?>"> <?php echo $label ?> </a>
+				<a data-slug="<?php echo esc_attr( $plugin ) ?>" class="<?php echo esc_attr( $class ); ?>"
+				   href="<?php echo esc_url( $url ) ?>"> <?php echo esc_html( $label ) ?> </a>
 			</span>
 		</div>
 	<?php } ?>

inc/admin/welcome-screen/welcome-screen.php

@@ -40,7 +40,7 @@ public function __construct() {
 	 */
 	public function shapely_welcome_register_menu() {
 		$action_count = $this->count_actions();
-		$title        = $action_count > 0 ? 'About shapely <span class="badge-action-count">' . esc_html( $action_count ) . '</span>' : 'About shapely';
+		$title        = $action_count > 0 ? __( 'About Shapely', 'shapely' ) . '<span class="badge-action-count">' . esc_html( $action_count ) . '</span>' : __( 'About Shapely', 'shapely' );
 
 		add_theme_page( 'About shapely', $title, 'edit_theme_options', 'shapely-welcome', array(
 			$this,
@@ -87,9 +87,9 @@ public function shapely_welcome_style_and_scripts( $hook_suffix ) {
 		wp_enqueue_script( 'shapely-welcome-screen-js', get_template_directory_uri() . '/inc/admin/welcome-screen/js/welcome.js', array( 'jquery' ) );
 
 		wp_localize_script( 'shapely-welcome-screen-js', 'shapelyWelcomeScreenObject', array(
-			'nr_actions_required'      => $this->count_actions(),
-			'ajaxurl'                  => admin_url( 'admin-ajax.php' ),
-			'template_directory'       => get_template_directory_uri(),
+			'nr_actions_required'      => absint( $this->count_actions() ),
+			'ajaxurl'                  => esc_url( admin_url( 'admin-ajax.php' ) ),
+			'template_directory'       => esc_url( get_template_directory_uri() ),
 			'no_required_actions_text' => __( 'Hooray! There are no required actions for you right now.', 'shapely' )
 		) );
 
@@ -106,7 +106,7 @@ public function shapely_welcome_scripts_for_customizer() {
 		wp_enqueue_script( 'shapely-welcome-screen-customizer-js', get_template_directory_uri() . '/inc/admin/welcome-screen/js/welcome_customizer.js', array( 'jquery' ), '20120206', true );
 
 		wp_localize_script( 'shapely-welcome-screen-customizer-js', 'shapelyWelcomeScreenCustomizerObject', array(
-			'nr_actions_required' => $this->count_actions(),
+			'nr_actions_required' => absint( $this->count_actions() ),
 			'aboutpage'           => esc_url( admin_url( 'themes.php?page=shapely-welcome&tab=recommended_actions' ) ),
 			'customizerpage'      => esc_url( admin_url( 'customize.php#recommended_actions' ) ),
 			'themeinfo'           => __( 'View Theme Info', 'shapely' ),
@@ -240,8 +240,17 @@ public function check_active( $slug ) {
 		if ( $slug === 'wordpress-seo' ) {
 			$slug2 = 'wp-seo';
 		}
-		if ( file_exists( ABSPATH . 'wp-content/plugins/' . $slug . '/' . $slug2 . '.php' ) ) {
-			include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
+
+		$path = WPMU_PLUGIN_DIR . '/' . $slug . '/' . $slug2 . '.php';
+		if ( ! file_exists( $path ) ) {
+			$path = WP_PLUGIN_DIR . '/' . $slug . '/' . $slug2 . '.php';
+			if ( ! file_exists( $path ) ) {
+				$path = false;
+			}
+		}
+
+		if ( file_exists( $path ) ) {
+			include_once( ABSPATH . WPINC . '/plugin.php' );
 
 			$needs = is_plugin_active( $slug . '/' . $slug2 . '.php' ) ? 'deactivate' : 'activate';
 
@@ -331,16 +340,16 @@ class="about-text"><?php echo esc_html__( 'Shapely is now installed and ready to
 
 
 			<h2 class="nav-tab-wrapper wp-clearfix">
-				<a href="<?php echo admin_url( 'themes.php?page=shapely-welcome&tab=getting_started' ); ?>"
+				<a href="<?php echo esc_url( admin_url( 'themes.php?page=shapely-welcome&tab=getting_started' ) ); ?>"
 				   class="nav-tab <?php echo $active_tab == 'getting_started' ? 'nav-tab-active' : ''; ?>"><?php echo esc_html__( 'Getting Started', 'shapely' ); ?></a>
-				<a href="<?php echo admin_url( 'themes.php?page=shapely-welcome&tab=recommended_actions' ); ?>"
+				<a href="<?php echo esc_url( admin_url( 'themes.php?page=shapely-welcome&tab=recommended_actions' ) ); ?>"
 				   class="nav-tab <?php echo $active_tab == 'recommended_actions' ? 'nav-tab-active' : ''; ?> "><?php echo esc_html__( 'Recommended Actions', 'shapely' ); ?>
 					<?php echo $action_count > 0 ? '<span class="badge-action-count">' . esc_html( $action_count ) . '</span>' : '' ?></a>
-				<a href="<?php echo admin_url( 'themes.php?page=shapely-welcome&tab=recommended_plugins' ); ?>"
+				<a href="<?php echo esc_url( admin_url( 'themes.php?page=shapely-welcome&tab=recommended_plugins' ) ); ?>"
 				   class="nav-tab <?php echo $active_tab == 'recommended_plugins' ? 'nav-tab-active' : ''; ?> "><?php echo esc_html__( 'Recommended Plugins', 'shapely' ); ?></a>
-				<a href="<?php echo admin_url( 'themes.php?page=shapely-welcome&tab=support' ); ?>"
+				<a href="<?php echo esc_url( admin_url( 'themes.php?page=shapely-welcome&tab=support' ) ); ?>"
 				   class="nav-tab <?php echo $active_tab == 'support' ? 'nav-tab-active' : ''; ?> "><?php echo esc_html__( 'Support', 'shapely' ); ?></a>
-				<a href="<?php echo admin_url( 'themes.php?page=shapely-welcome&tab=changelog' ); ?>"
+				<a href="<?php echo esc_url( admin_url( 'themes.php?page=shapely-welcome&tab=changelog' ) ); ?>"
 				   class="nav-tab <?php echo $active_tab == 'changelog' ? 'nav-tab-active' : ''; ?> "><?php echo esc_html__( 'Changelog', 'shapely' ); ?></a>
 			</h2>