[theme-reviewers] Functions.php Worm

Edward Caissie edward.caissie at gmail.com
Wed Oct 13 15:36:48 UTC 2010


I agree with nacin.

Potentially this could be followed by: if we find a particular use case,
such as this example with file_get_contents, and we are able to ascertain
which themes are making use of it such as with a google search of the
repository ... then we could simply go through and suspend those themes that
are using this potentially dangerous function and send a message to the
affected authors with a recommended solution.

Just thinking out loud ...

On Wed, Oct 13, 2010 at 11:32 AM, Andrew Nacin <wp at andrewnacin.com> wrote:

> On Wed, Oct 13, 2010 at 11:27 AM, Chip Bennett <chip at chipbennett.net>wrote:
>
>> These kinds of questions/issues demonstrate why the next step in Theme
>> Reviews really needs to be to explore our original idea of having Security
>> Ninjas, who focus on such issues, and who perform a post-quality-review
>> Security review.
>>
>> If we can keep the Review Queue manageable for a few weeks, would it be
>> worthwhile to explore this idea further?
>>
>
> I think the next two steps should be to keep the queue manageable for a few
> weeks, followed by an uploader overhaul, and see how that affects the queue.
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20101013/7d574967/attachment.htm>


More information about the theme-reviewers mailing list