[theme-reviewers] WPORG: Support: Claim of a number of backdoored themes in Repo

Edward Caissie edward.caissie at gmail.com
Wed Apr 25 15:56:52 UTC 2012


Good Work, Amy! ... and definitely yet another justification for the
process and guidelines we use.


Cais.


On Wed, Apr 25, 2012 at 11:50 AM, Amy Hendrix <sabreuse at gmail.com> wrote:

> I had a bit of time so I went through the list he posted --
>
> - Only one theme is available in the directory, and that was a false
> positive (same filename, but a completely different "helpers" file
> from the others on the list).
> - Two were themes that reviewers caught, rejected, and reported to
> wp.org at the time they were reviewed,
> - The rest were from before there was a review process, and none of
> them would pass review now.
>
> I think that's a nice indication that our process has made a big
> difference in the quality of what gets out there!
>
> On Wed, Apr 25, 2012 at 10:35 AM, Amy Hendrix <sabreuse at gmail.com> wrote:
> > Yeah, I suspect that "helpers.php" is an exploit that someone is using
> > somewhere -- exactly because it's such a generic-looking filename --
> > but it's also used as a name for a perfectly innocent helper function
> > library by other themes.
> >
> >
> > On Wed, Apr 25, 2012 at 10:32 AM, Chip Bennett <chip at chipbennett.net>
> wrote:
> >> I replied, and "ottolook" tagged the topic. (If code is to be removed
> from
> >> SVN, Otto is the one to do it.)
> >>
> >> The OP definitely found some malicious code, but some of the referenced
> >> Themes don't have malicious code, as far as I can tell.
> >>
> >> Thanks,
> >>
> >> Chip
> >>
> >>
> >> On Wed, Apr 25, 2012 at 9:12 AM, esmi at quirm dot net <esmi at quirm.net>
> >> wrote:
> >>>
> >>>
> >>>
> >>> <
> http://wordpress.org/support/topic/backdoored-templates-on-themessvnwordpressorg
> >
> >>>
> >>> Mel
> >>> --
> >>> http://quirm.net
> >>> http://blackwidows.co.uk
> >>> _______________________________________________
> >>> theme-reviewers mailing list
> >>> theme-reviewers at lists.wordpress.org
> >>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
> >>
> >>
> >>
> >> _______________________________________________
> >> theme-reviewers mailing list
> >> theme-reviewers at lists.wordpress.org
> >> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
> >>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20120425/5e836c19/attachment.htm>


More information about the theme-reviewers mailing list