[theme-reviewers] Functions.php Worm

[Chip Bennett]

And the obvious follow-up question is: is this the *only* way to do what you
need to do? Or, is there a way to accomplish it without using
file_get_contents()?

Chip

On Wed, Oct 13, 2010 at 10:38 AM, Jeremy Clark <jeremy at clark-technet.com>wrote:

> I know I personally use it for importing a settings file that is previously
> saved.  The exporter cretes a plain text file that has all the options
> serialized, the importer reads and unserializes the contents of the file
> before pulling it into the DB.
>
> On Wed, Oct 13, 2010 at 11:11 AM, Otto <otto at ottodestruct.com> wrote:
>
>> On Tue, Oct 12, 2010 at 11:56 AM, Chip Bennett <chip at chipbennett.net>
>> wrote:
>> > Pross, credit your Theme-Check tool. It alerted me to this one.
>> > Found another Theme with the functions.php worm.
>> > Otto: can we get at least an emergency update to the uploader script, to
>> > screen out this worm? I know we're waiting a bit on the less-critical
>> > updates, but this is now the second Theme I've seen in four days that
>> has
>> > this worm.
>>
>> I'm uploading a patch now that should stop this particular one and
>> variations of it.
>>
>> Tangentially related: Can anybody think of a legitimate reason for a
>> theme to ever use file_get_contents() in any way that makes sense or
>> has no better way to do things?
>>
>> -Otto
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20101013/a935c161/attachment-0001.htm>