[theme-reviewers] Theme Scan Failing

Sayontan Sinha sayontan at gmail.com
Thu Dec 2 09:02:57 UTC 2010


>
> There's no good reason to use fopen in a theme. Any reason you can
> think of has better ways of doing it.
>

I am curious as to what qualifies as a better way of doing things. E.g. I
have code where depending on selections certain stylesheets are grouped
together, then either they are compressed and/or minified. This requires a
call to fopen to spit out all the contents of a local file into a buffer,
then operate on that buffer. I cannot think of a way other than the one
implemented for this purpose. Functions like include or get_template_part
will fail to do what is intended because the contents of the files need to
be altered on the fly. And if you are loading a collection of CSS files
through PHP using the "link" tag, the PHP goes out of WP's context, so
native WP functions will not be available in that PHP, unless you use
wp-load.php, which is absolutely not recommended (I did read your post on
wp-load, BTW).

I also checked WP's native loader files - they incidentally use
file_get_contents(), which is another function apparently blacklisted as
"fishy code" by the theme upload checker.

Regards,
Sayontan.

On Sun, Nov 28, 2010 at 9:23 AM, Otto <otto at ottodestruct.com> wrote:

> Actually, fopen is checked for, and yes, that triggers the "fishy" code.
>
> There's no good reason to use fopen in a theme. Any reason you can
> think of has better ways of doing it.
>
> -Otto
>
>
>
> On Sun, Nov 28, 2010 at 7:42 AM, Simon Prosser <pross at pross.org.uk> wrote:
> > fopen isnt checked for, many themes use it for caching remember
> >
> > On 28 November 2010 13:39, Philip M. Hofer (Frumph) <philip at frumph.net>
> wrote:
> >> Hrm.. probably the fopen in the paypal transaction IPN then. /shrug
> nothing
> >> I can do about that, at least it still pushed it through.
> >>
> >> - Phil
> >>
> >> ----- Original Message ----- From: "Jon Cave" <jon at lionsgoroar.co.uk>
> >> To: <theme-reviewers at lists.wordpress.org>
> >> Sent: Sunday, November 28, 2010 5:37 AM
> >> Subject: Re: [theme-reviewers] Theme Scan Failing
> >>
> >>
> >>> On Sun, Nov 28, 2010 at 1:18 PM, Philip M. Hofer (Frumph)
> >>> <philip at frumph.net> wrote:
> >>>>
> >>>> Soo Otto what exactly are you caring about here that it causes a fail?
> >>>
> >>> My guess (based on the last themecheck code I've seen) is that it's
> >>> the warning of suspicious code that's failing it. The other two are
> >>> just notifications but don't cause a fail.
> >>>
> >>>> What specific 'malicious' code? .. I dont use base64 anywhere, at all.
> >>>> Everything necessary is protected with evaluators and nonce's.
> >>>
> >>> I think that warning is for file_get_contents(__FILE__) or fopen,
> >>> again based on the last I saw of the theme checks.
> >>>
> >>>> Don't care about editor styles, at all; won't create one.
> >>>
> >>> It's a recommended guideline so the check is just highlighting it,
> >>> doubt it's a cause of failure.
> >>>
> >>>> I use includes & get_template_parts() in appropriate places, I won't
> use
> >>>> get_template_part because of the performance of checking both the
> child
> >>>> theme and root theme and it always needs to just load the parent
> themes
> >>>> functions and not overriden by child themes functions of the same
> name.
> >>>>
> >>>> Although included *in* parsed to output functions use
> get_template_part()
> >>>> as
> >>>> necessary
> >>>
> >>> As above doubt it's cause of failure, just picking up of possible
> >>> violation of required guideline.
> >>>
> >>> Just my thoughts, will need Otto to confirm or deny.
> >>> _______________________________________________
> >>> theme-reviewers mailing list
> >>> theme-reviewers at lists.wordpress.org
> >>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
> >>>
> >>
> >>
> >> _______________________________________________
> >> theme-reviewers mailing list
> >> theme-reviewers at lists.wordpress.org
> >> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
> >>
> >
> >
> >
> > --
> > My Blog: http://www.pross.org.uk/
> > Plugins : http://www.pross.org.uk/plugins/
> > Themes: http://wordpress.org/extend/themes/profile/pross
> > _______________________________________________
> > theme-reviewers mailing list
> > theme-reviewers at lists.wordpress.org
> > http://lists.wordpress.org/mailman/listinfo/theme-reviewers
> >
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>



-- 
Sayontan Sinha
http://mynethome.net | http://mynethome.net/blog
--
Beating Australia in Cricket is like killing a celebrity. The death gets
more coverage than the crime.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20101202/1c77ca9e/attachment-0001.htm>


More information about the theme-reviewers mailing list