[theme-reviewers] Question about footer credit function
Edward Caissie
edward.caissie at gmail.com
Fri Nov 4 18:29:23 UTC 2011
Given that the obscured code is not a posing any concerns I would be
tempted to let it through, but that just leads to potential unscrupulous
updates; not that I would expect them but part of the reasoning behind not
allowing base64 encoded items is to keep the theme code "human-readable" as
the repository should be used as a learning tool besides it's more commonly
associated distribution service functionality.
I would be interested in what compelled the author to choose to encode this
link, even as a "Mallory-Everest" idea it does not fit with the "spirit of
the repository".
Cais.
On Fri, Nov 4, 2011 at 4:57 AM, Mikkel W. Breum <mikkel at wpkitchen.com>wrote:
> Hi Tyler
>
> The code is trying to hide that it's adding a credit link to the author.
> It's not doing anything dangerous, but it's not allowed.
> You can take the entire code and replace all the encoded strings with the
> decode version (use
> http://www.opinionatedgeek.com/dotnet/tools/base64decode/ or a similar
> tool for that) then You'll see that its just encoded strings representing
> some links and even the name of the base64_decode function.
>
> When run in its current form the function simply returns the following
> string:
>
> "<a href="http://wordpress.org/">WordPress</a> and <a href="
> http://www.foxload.com/naturefox-wordpress-theme/">NatureFox</a>"
>
>
> ----
>
> Mikkel Breum
> wpKitchen.com
>
> mikkel at wpkitchen.com
> phone: +49 176 23885016
> skype: mikwolbre
>
> On 04/11/2011, at 06.53, Merci Javier wrote:
>
>
> Agreed. That's a fail.
>
> Couldn't even decode it with one of tools given
> http://wordpress.org/support/topic/theme-decoding-thread?replies=43 Just
> curious what was there.
>
>
>
> On Thu, Nov 3, 2011 at 10:16 PM, Doug Stewart <zamoose at gmail.com> wrote:
>
>> That base64 should be enough to FAIL immediately.
>>
>> On Fri, Nov 4, 2011 at 1:12 AM, Tyler Cunningham
>> <seizedpropaganda at gmail.com> wrote:
>> > Hey all,
>> > Finally had some time to sit down and do some reviews so I was clearing
>> out
>> > some of the priority 1 tickets and came across something I wanted to
>> run by
>> > some of the more senior review members. Check out the following diff:
>> >
>> http://themes.trac.wordpress.org/changeset?old_path=/naturefox/1.0.5&new_path=/naturefox/1.0.6#file8
>> > As soon as I saw the naturefox_credits function a red flag came up.
>> Should I
>> > ask the author what the purpose behind this is? Is this a no-no?
>> > Thanks.
>> > Regards,
>> >
>> > Tyler Cunningham | Founder, COO - CyberChimps LLC
>> > @tylerbcunning
>> > http://gplus.to/tylercunningham
>> > http://linkedin.com/in/tylerbcunningham
>> > tyler at cyberchimps.com
>> >
>> >
>> > _______________________________________________
>> > theme-reviewers mailing list
>> > theme-reviewers at lists.wordpress.org
>> > http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>> >
>> >
>>
>>
>>
>> --
>> -Doug
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20111104/227f8319/attachment.htm>
More information about the theme-reviewers
mailing list