[theme-reviewers] Can I have another theme to review?
Emil Uzelac
emil at themeid.com
Sun Apr 10 08:34:10 UTC 2011
There is something going on there no doubt about that, it seems like <a
href=' '> was left there for a reason, such as URL injection. Either way
this .tif can and does pose as a security problem, no need to go forward
with the review until this is fixed immediately. I think that you can close
as not-approved and explain the situation in your review.
Nacin or Otto will know more about this, as is right now is way over my head
:(
Emil
*Emil Uzelac* | ThemeID | T: 224-444-0006 | Twitter: @EmilUzelac | E:
emil at themeid.com | http://themeid.com
Make everything as simple as possible, but not simpler. - Albert Einstein
On Sun, Apr 10, 2011 at 3:13 AM, carolina n <myazalea at hotmail.com> wrote:
> thats what i meant, its not saved as a proper tif so photoshop did not
> recognise it and was unable to open it.
> a normal image would go something like: Ôã¸ÓàËìüÁÞîÀß nulnul blahblah in a
> text editor, this one doesnt. it contains:
>
> <?php,
> a copyright message,
> __FILE__,
> urldecode,
> eval,
> return;?>
>
>
> did you see the output in the footer?
> <div class="credits">Powered by <a href="
> http://wordpress.org/">Wordpress</a> <?php include("images/spacer.tif");
> ?> Designed by ..etc
> becomes:
> <div class="credits">Powered by <a href="http://wordpress.org/">Wordpress
> </a> <a href=' '></a> - Designed by ..etc
>
>
> ------------------------------
> From: emil at themeid.com
> Date: Sun, 10 Apr 2011 02:43:03 -0500
>
> To: theme-reviewers at lists.wordpress.org
> Subject: Re: [theme-reviewers] Can I have another theme to review?
>
> this is .tif format (.tiff) image format which is not made for an online
> purposes. .Tiff can be opened in Photoshop if the format was saved
> (compressed) properly and that's not the case. Funky data will appear if the
> image is opened in text editor and that's normal. Either way this isn't the
> proper way of using images for web design.
>
> On another note <?php include("images/spacer.tif"); ?> is also bad practice
> as well it should be i.e. <img src="<?php echo
> get_stylesheet_directory_uri(); ?>/images/spacer.gif" />
>
> Emil
>
> *Emil Uzelac* | ThemeID | T: 224-444-0006 | Twitter: @EmilUzelac | E:
> emil at themeid.com | http://themeid.com
> Make everything as simple as possible, but not simpler. - Albert Einstein
>
>
>
> On Sun, Apr 10, 2011 at 2:15 AM, carolina n <myazalea at hotmail.com> wrote:
>
> *I'm not an expert on security*, but there is something fishy about this
> theme. it includes a .tif image by <?php include("images/spacer.tif"); ?> in
> footer.php,
> the image cannot be recognised by photoshop etc, but when opened in a text
> editor, it clearly has an eval.
>
> How do you usually handle this?
>
>
>
>
>
>
>
> ------------------------------
> From: edward.caissie at gmail.com
> Date: Sat, 9 Apr 2011 19:06:40 -0400
>
> To: theme-reviewers at lists.wordpress.org
> Subject: Re: [theme-reviewers] Can I have another theme to review?
>
> Here you go: http://themes.trac.wordpress.org/ticket/3214
>
> On Sat, Apr 9, 2011 at 2:41 PM, carolina n <myazalea at hotmail.com> wrote:
>
> can i have another theme to review?
> username poena
>
>
> ------------------------------
> From: edward.caissie at gmail.com
> Date: Mon, 4 Apr 2011 12:57:01 -0400
>
> To: theme-reviewers at lists.wordpress.org
> Subject: Re: [theme-reviewers] Can I have another theme to review?
>
> Thanks, I found it via your Theme in Trac (*grin*)
>
> On Mon, Apr 4, 2011 at 12:47 PM, carolina n <myazalea at hotmail.com> wrote:
>
> Poena.
>
> ------------------------------
> From: edward.caissie at gmail.com
> Date: Mon, 4 Apr 2011 12:03:38 -0400
> To: theme-reviewers at lists.wordpress.org
> Subject: Re: [theme-reviewers] Can I have another theme to review?
>
>
> Here ya go ... http://themes.trac.wordpress.org/ticket/3165
>
> I'll have it assigned in a moment or two (just have to remember you dot-org
> name *grin*)
>
>
> Cais.
>
> On Mon, Apr 4, 2011 at 4:23 AM, carolina n <myazalea at hotmail.com> wrote:
>
> Can I have another theme to review please?
>
>
>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
>
> _______________________________________________ theme-reviewers mailing
> list theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
>
> _______________________________________________ theme-reviewers mailing
> list theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
>
> _______________________________________________ theme-reviewers mailing
> list theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
>
> _______________________________________________ theme-reviewers mailing
> list theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20110410/b22603ba/attachment-0001.htm>
More information about the theme-reviewers
mailing list