Bugs Bugs Bugs!!!

  • tusharsethi69

    (@tusharsethi69)


    5 years, 6 months ago

    Plugin is full of bugs as well as bad code and would most probably be full of security loop holes. I am fed up of myself fixing those bugs but than its becoming never ending so just wanted to give this review/rating.

    Worst quality plugin i have ever used.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Nazmul Hassan

    (@nazmulhassann20)

    5 years, 6 months ago

    Hello @tusharsethi69,

    I am really sorry to hear that you are getting bugs but may I know which bug you have founded. Did you create any other ticket to us or on this forum where you had reported any issue/bug?

    Please let me know the issue you are having so that I can help to resolve it. If any plugin has a bug then you can try to reach their support to ask for a fix.

    As far I know we have resolved all the bugs in our free version and it is stable.

    Thanks!

    Thread Starter tusharsethi69

    (@tusharsethi69)

    5 years, 6 months ago

    Their exist tons of issues with this plugin including bugs, bad practices, bad code, duplicate code, unnecessary hard coding, no consistencies, etc. Cant point you to specific issues as their exist so many, if i were a reviewer i would have reviewed/refactored most of the code with open mind than only this plugin can be fixed.

    For instance latest i found plugin is using die() function instead of native wordpress function – wp_die(), why this ?. Another i found sometimes using check_ajax_referer sometimes using wp_verify_nonce wth ?

    Overall a bad quality plugin, features are lucrative but would advise serious players should stay away.

    Nurul Umbhiya

    (@zikubd)

    5 years, 6 months ago

    1. i found plugin is using die() function instead of native wordpress function – wp_die(), why this ?

    — wp_die(): is used to kill current execution and to display formatted error messages. We used wp_die() where we needed to display user-centric error messages and die() to kill unauthorized ajax requests and it’s the proper way to do it. Also when you are downloading a CSV file, you just want to kill the current execution, you don’t need to display a formatted error message to the users!!!

    https://developer.ww.wp.xz.cn/reference/functions/wp_die/

    2. Another i found sometimes using check_ajax_referer sometimes using wp_verify_nonce wth?

    — check_ajax_referer(): is used to verify nonce from the Ajax request to prevent processing requests external of the blog.
    https://developer.ww.wp.xz.cn/reference/functions/check_ajax_referer/

    — wp_verify_nonce(): is used to verify nonce from a $_GET or $_POST requests usually from a HTML form or a URL
    https://developer.ww.wp.xz.cn/reference/functions/wp_verify_nonce/

    Here is a link where you can learn more about WordPress Nonce: https://codex.ww.wp.xz.cn/WordPress_Nonces

    We are following WordPress coding standards, using the best practices, required design patterns, and finally applied the best security approaches to our entire codebase. Each pr is checked against phpcs.

    Finally, I would like to say, Dokan multivendor plugin codebase is fairly complex and you need some time to get used to it. After that, you’ll love how this plugin is structured.

    Also, I would like to request you to report any bugs, bad practices, bad code, duplicate code, unnecessary hard coding, no consistencies, etc in our GitHub repository. Reports like this will help make this plugin even better in the future. Issue report link: https://github.com/weDevsOfficial/dokan/issues

    Thread Starter tusharsethi69

    (@tusharsethi69)

    5 years, 6 months ago

    Thats why i said you need to have open mind to fix these issues. Issues i mentioned still do exist here and their in the plugin but you guys have in mind that everything is fine but its not.

    1. Wrong many instances used die() instead of wp_die() even if authorized, for one instance look function – delete_order_note.

    2. Again wrong. If you want just review and you will find.

    Don’t want to say much if you can fix than fix. But i would still say their exist those issues which i have mentioned and this plugin needs a serious review to refactor code.

    • This reply was modified 5 years, 6 months ago by tusharsethi69.
    Thread Starter tusharsethi69

    (@tusharsethi69)

    5 years, 6 months ago

    All plugin has many diversions from normal expectations of the users.

    Why CRUD capabilities are merged together into dokan_manage_* capability ?

    Atleast critical capabilities should have seperate CRUD capabilities (add/edit, delete, etc).

    Example – allow vendor to add order notes but don’t allow to delete them.

    Thread Starter tusharsethi69

    (@tusharsethi69)

    5 years, 6 months ago

    So many unnecessary hard coding.

    For example – look at /dokan-lite/includes/Admin/UserProfile.php , all user fields in UserProfile are hardcoded. Why not create an array of some object and than iterate to echo fields form ?

    It makes it very difficult to customize, if it would have been an array you would have applied filter on it.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Bugs Bugs Bugs!!!’ is closed to new replies.