[theme-reviewers] Theme Scan Failing

Sayontan Sinha sayontan at gmail.com
Sun Nov 28 17:12:50 UTC 2010


I faced the same problem, getting a "fail" result due to suspected malicious
code. I do recall that a few weeks back when I had tried out the original
online theme checker <http://pross.org.uk/theme-check/> it had indicated the
names of the files that it believed to have the suspicious code, but online
verification is no longer available there, and the Theme Check plugin
doesn't give this output either.

On Sun, Nov 28, 2010 at 5:54 AM, Philip M. Hofer (Frumph) <philip at frumph.net
> wrote:

> Then i'm pretty much at a loss unless its that unescape( in the json
> cookiejar  which pretty much is on the return of an escaped string which is
> a protection
>
>
>
>
> ----- Original Message ----- From: "Simon Prosser" <pross at pross.org.uk>
>
> To: <theme-reviewers at lists.wordpress.org>
> Sent: Sunday, November 28, 2010 5:42 AM
>
> Subject: Re: [theme-reviewers] Theme Scan Failing
>
>
>  fopen isnt checked for, many themes use it for caching remember
>>
>> On 28 November 2010 13:39, Philip M. Hofer (Frumph) <philip at frumph.net>
>> wrote:
>>
>>> Hrm.. probably the fopen in the paypal transaction IPN then. /shrug
>>> nothing
>>> I can do about that, at least it still pushed it through.
>>>
>>> - Phil
>>>
>>> ----- Original Message ----- From: "Jon Cave" <jon at lionsgoroar.co.uk>
>>> To: <theme-reviewers at lists.wordpress.org>
>>> Sent: Sunday, November 28, 2010 5:37 AM
>>> Subject: Re: [theme-reviewers] Theme Scan Failing
>>>
>>>
>>>  On Sun, Nov 28, 2010 at 1:18 PM, Philip M. Hofer (Frumph)
>>>> <philip at frumph.net> wrote:
>>>>
>>>>>
>>>>> Soo Otto what exactly are you caring about here that it causes a fail?
>>>>>
>>>>
>>>> My guess (based on the last themecheck code I've seen) is that it's
>>>> the warning of suspicious code that's failing it. The other two are
>>>> just notifications but don't cause a fail.
>>>>
>>>>  What specific 'malicious' code? .. I dont use base64 anywhere, at all.
>>>>> Everything necessary is protected with evaluators and nonce's.
>>>>>
>>>>
>>>> I think that warning is for file_get_contents(__FILE__) or fopen,
>>>> again based on the last I saw of the theme checks.
>>>>
>>>>  Don't care about editor styles, at all; won't create one.
>>>>>
>>>>
>>>> It's a recommended guideline so the check is just highlighting it,
>>>> doubt it's a cause of failure.
>>>>
>>>>  I use includes & get_template_parts() in appropriate places, I won't
>>>>> use
>>>>> get_template_part because of the performance of checking both the child
>>>>> theme and root theme and it always needs to just load the parent themes
>>>>> functions and not overriden by child themes functions of the same name.
>>>>>
>>>>> Although included *in* parsed to output functions use
>>>>> get_template_part()
>>>>> as
>>>>> necessary
>>>>>
>>>>
>>>> As above doubt it's cause of failure, just picking up of possible
>>>> violation of required guideline.
>>>>
>>>> Just my thoughts, will need Otto to confirm or deny.
>>>> _______________________________________________
>>>> theme-reviewers mailing list
>>>> theme-reviewers at lists.wordpress.org
>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>
>>>>
>>>
>>> _______________________________________________
>>> theme-reviewers mailing list
>>> theme-reviewers at lists.wordpress.org
>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>
>>>
>>
>>
>> --
>> My Blog: http://www.pross.org.uk/
>> Plugins : http://www.pross.org.uk/plugins/
>> Themes: http://wordpress.org/extend/themes/profile/pross
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>



-- 
Sayontan Sinha
http://mynethome.net | http://mynethome.net/blog
--
Beating Australia in Cricket is like killing a celebrity. The death gets
more coverage than the crime.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20101128/ad445856/attachment-0001.htm>


More information about the theme-reviewers mailing list