Submit to WordPress directory checklist

[CodyReichert]

Only a couple of things needed before we can submit to the WordPress directory:

• Add link to GPLv3 license file
• Add readme.txt
• Go through WordPress Developer Checklist
• Add screenshots
• Submit to WordPress Directory

Follow-up

• Add banner image for WP page

---

(Feedback Loop 1](#1 (comment))

First set of feedback tasks from the WordPress team

• Sanitize inputs (9c5d655)
• Check in logo image (a38f40c)
• Update readme abt 3rd party service (65d1545)
• Send new .zip file to WordPress team

[CodyReichert]

Alright we got some feedback with just a couple of things to fix and clarify in the readme.txt. Paraphrased here:

---

Please sanitize, escape, and validate your POST calls

When you include POST/GET/REQUEST/FILE calls in your plugin, it's important to sanitize, validate, and escape them. The goal here is to prevent a user from accidentally sending trash data through the system, as well as protecting them from potential security issues. Some examples from your plugin:

        $value_ = $_POST[$tag->name];
        $value = trim($value_);

In function cf7_identibyte_make_check that gets set here:

$url = "https://identibyte.com/check/" . $data . $api_token;

At the very lease you should slap an esc_url() around that.

Calling images remotely

Offloading images to your own server is disallowed. Please include all images needed for your plugin locally.

Example: src="https://identibyte.com/static/img/logo-120x120.png"

Undocumented use of a 3rd Party or external service

You call https://identibyte.com

While this is actually okay, you neglected to fully document this in your readme. You must update your readme to do the following:

• clearly explain that your plugin is relying on a 3rd party as a service and under what circumstances
• provide a link to the service
• provide a link to the services’ a terms of use and/or privacy policies