Marketplace Submission Guidelines
1. Before starting your development process
When planning your new resource, browse our marketplace to see if there is already a resource that provides the same functionality or addresses the same issue. If there is, your resource should be innovative and unique, with the implementation of features that will make your resource stand out.
1.1. All submissions are required to be unique and the original work of the author. You may not utilize any code, elements or assets from any third party without proper authorization and licensing from the copyright holder. Redistribution of Invision Community code and other digital assets protected by copyright and the End User License Agreement is expressly forbidden. Violations may incur removal from the Marketplace, license termination and further remedies afforded by law.
1.2. Resources must not remove or hide any security or upgrade notices that are displayed by Invision Community.
1.3. Your application or plugin must be entirely self-contained within the Tar or XML file, any submission that requires manually uploading any file will be rejected.
1.4. Your resource must not replicate any functionality that already exists in Invision Community or re-introduce functionality that has been removed, excluding inconsequential cosmetic changes that require no backend changes.
1.5. Resources must not re-use error codes from Invision Community; they must use unique error codes within the resource.
2. Before submitting your resource
2.1. General Checks
2.1.1. Resources submitted to marketplace must be uploaded directly to the marketplace as .tar (applications) or .xml files (themes, plugins and languages). Any additional information such as readme or install instructions can be provided within the ‘additional information’ field.
2.1.2. Encoded, encrypted or obfuscated submissions are strictly forbidden.
2.1.3. Resources that contain call-backs for licensing purposes are allowed, however these checks must only occur periodically, be cached and clearly described in the marketplace disclaimer field. Any licensing messages that are displayed as a result of these checks must be visible to administrators only.
2.1.4. You may not log, store or send to a remote service any password or other confidential piece of data. Your resource must respect the privacy of the site it is installed on.
2.1.5. Any data collection MUST fully comply with the GDPR and other regulations applicable to your jurisdiction. You must obtain explicit consent from the license holder to collect, process and, if applicable, store any PII data. You may not collect more information than is reasonably required to provide service to the customer and to maintain compliance, you must provide a mechanism for the customer to opt-out of any data collection or storage that may have transpired.
2.2.1. Any overloaded methods must call their parent method during execution. You must also consider the return value of the parent method and whether your changes need to also return that value.
2.2.2. Resources cannot copy files to other locations or application folders, we provide APIs for these situations (i.e. Payment Gateways, Share Links, Login Handlers etc) and they must be used.
2.2.3. Prepared statements must be used for security purposes where possible.
2.2.4. CSRF protection must be used on any URL that can cause a state change for the end user. Including the AdminCP.
2.2.5. If your resource is using an Editor field, it must have implemented the relevant EditorLocation extension and relevant code to claim/unclaim attachments.
2.2.6. Plugins & Applications must implement the required uninstall code to remove any changes made to the database and/or file system.
2.2.7. Adding any additional information via hooks to the Applications listing page is not allowed.
2.2.8. Your resource must not add columns to any existing Invision Community database table. You must add your own tables to contain data for your resource.
2.2.9. Use `\IPS\Log::log()` for appropriate error messages only, do not use it for general log messages, consider using `\IPS\Log::debug()` instead.
2.2.10. Use existing CSS classes as much as possible to ensure compatibility with custom themes.
2.2.11. New versions of resources must have an incremented long version and human version number where applicable (Applications/Plugins/Themes/Languages). The only exception is where the compatibility field is being updated for a new version and the resource has not changed.
Review by IPS
All Marketplace submissions are reviewed to ensure:
1. Basic security requirements are enforced such as the use of CSRF protection and that the code is free from backdoors or other potential vulnerabilities.
2. All applications and plugins utilize best practices, including performance.
3. Code quality meets published standards and adheres to the guidelines set forth in section 2.2.
4. The resource installs and uninstalls without issue and is otherwise safe and suitable for customer use.
Please be aware that the review process is not a technical or programming support service. Your submission should be thoroughly tested and working before it is submitted for review.
If your submission is approved, your resource will become available on the marketplace for other customers to purchase or download. You must maintain an active Invision Community license for your submissions to be available for purchase.
If your resource has been unfortunately rejected, we will respond with the reasons for rejection via a ticket. If your resource is rejected twice because of significant issues, there will be a period of 6 weeks before any changes will be reviewed further. This time will allow you to review your submission and correct any issues with it. Should further reviews be rejected we may not be able to accept your submission at all. Submissions with generally low code quality may also be rejected.
You are required to take all reasonable steps to provide customer support for your submitted paid resources, in accordance with and via the method outlined with your resource listing page. IPS reserves the right to:
1. Refund customers who demonstrate that they have made reasonable effort to obtain support with no or poor communication.
2. Establish a “holdback” fund via account credit to aid in covering chargeback and refund costs.
3. Temporarily or permanently revoke Marketplace submission privileges.
You may not promote your off-marketplace offerings within the marketplace. You may not provide marketplace access to your resources if the transaction did not originate through the marketplace.
Terms and Conditions
- Invision Power Services, Inc. reserves the right, in its sole discretion, to reject any submission deemed not suitable for The Marketplace.
- You agree Invision Power Services, Inc. is not liable or involved in any copyright or trademark infringement and any harm caused by your file.
- We reserve the right to remove any file for any reason.
- Files reported broken, non-functional, or otherwise not as advertised by end users will be removed.
- Files not kept up to date with newer versions will be removed after a reasonable time.
Last updated 4th June 2021