[theme-reviewers] Functions.php Worm
Otto
otto at ottodestruct.com
Wed Oct 13 15:11:17 UTC 2010
On Tue, Oct 12, 2010 at 11:56 AM, Chip Bennett <chip at chipbennett.net> wrote:
> Pross, credit your Theme-Check tool. It alerted me to this one.
> Found another Theme with the functions.php worm.
> Otto: can we get at least an emergency update to the uploader script, to
> screen out this worm? I know we're waiting a bit on the less-critical
> updates, but this is now the second Theme I've seen in four days that has
> this worm.
I'm uploading a patch now that should stop this particular one and
variations of it.
Tangentially related: Can anybody think of a legitimate reason for a
theme to ever use file_get_contents() in any way that makes sense or
has no better way to do things?
-Otto
More information about the theme-reviewers
mailing list