[theme-reviewers] tracking code in themes

Chip Bennett chip at chipbennett.net
Thu Mar 8 15:13:33 UTC 2012 

Does the Theme documentation even disclose that it includes this tracking
code? If not, it's a double-whammy: no user disclosure, and no user consent.

Note that this *should* have come up in Theme Check already, under INFO,
due to the http:// links. Adding an explicit test to Theme Check would
probably be okay, but perhaps not scalable, if other similar services start
cropping up.

On a related note: doesn't it rather defeat the purpose of API and auth
keys, to have those keys in clear-text, in a freely available, open-source
product? That's really more of a question for PressTrends, I guess.

Chip

On Thu, Mar 8, 2012 at 9:00 AM, Yulian Yordanov <yul.yordanov at gmail.com>wrote:

>  Understood. In this particular case there is no such options just that
> code, which frankly speaking I found by chance. There might be other themes
> with it as well, especially if the theme-package has a lot of files.
> It may be useful if Theme Checker prints some info about presence of this
> function, so the reviewer will be aware to check how it's implemented.
>
> On 08.3.2012 15:35, Chip Bennett wrote:
>
> Exactly: user-configurable, and disabled by default (i.e. OPT-IN).
>
>  (I wondered when we'd see our first PressTrends implementation get
> submitted...)
>
>  Chip
>
>  On Thu, Mar 8, 2012 at 6:25 AM, George Mamadashvili <
> georgemamadashvili at gmail.com> wrote:
>
>> I think it should be disabled by default, and theme author may include
>> option to enable it if user want to share data.
>>
>>  On Thu, Mar 8, 2012 at 4:12 PM, yulian yordanov <yul.yordanov at gmail.com>wrote:
>>
>>>  Currently reviewing a theme which has tracking code in its functions
>>> from a service called "PressTrends" http://presstrends.io/ This service
>>> fetches details about users to theme's author for statistical purposes, but
>>> I'm wondering is it's OK for a theme in WP repository?
>>>
>>> That's how the code looks like:
>>>
>>> // Add your PressTrends and Theme API Keys
>>> $api_key = '-----'; (deleted by me)
>>> $auth = '------'; (deleted by me)
>>>
>>> $data = get_transient( 'presstrends_data' );
>>> if (!$data || $data == ''){
>>> $api_base = 'http://api.presstrends.io/index.php/api/sites/add/auth/';
>>> $url = $api_base . $auth . '/api/' . $api_key . '/';
>>> $data = array();
>>> $count_posts = wp_count_posts();
>>> $count_pages = wp_count_posts('page');
>>> $comments_count = wp_count_comments();
>>> $theme_data = get_theme_data(get_stylesheet_directory() . '/style.css');
>>> $plugin_count = count(get_option('active_plugins'));
>>> $all_plugins = get_plugins();
>>> foreach($all_plugins as $plugin_file => $plugin_data) {
>>> $plugin_name .= $plugin_data['Name'];
>>> $plugin_name .= '&';
>>> }
>>> $data['url'] = stripslashes(str_replace(array('http://', '/', ':' ),
>>> '', site_url()));
>>> $data['posts'] = $count_posts->publish;
>>> $data['pages'] = $count_pages->publish;
>>> $data['comments'] = $comments_count->total_comments;
>>> $data['approved'] = $comments_count->approved;
>>> $data['spam'] = $comments_count->spam;
>>> $data['theme_version'] = $theme_data['Version'];
>>> $data['theme_name'] = $theme_data['Name'];
>>> $data['site_name'] = str_replace( ' ', '', get_bloginfo( 'name' ));
>>> $data['plugins'] = $plugin_count;
>>> $data['plugin'] = urlencode($plugin_name);
>>> $data['wpversion'] = get_bloginfo('version');
>>> foreach ( $data as $k => $v ) {
>>> $url .= $k . '/' . $v . '/';
>>> }
>>> $response = wp_remote_get( $url );
>>> set_transient('presstrends_data', $data, 60*60*24);
>>> }}
>>> add_action('admin_init', 'if_presstrends');
>>>
>>>
>>> --
>>> Yulian Yordanov
>>> post-scriptum.info
>>>
>>>
>>>  _______________________________________________
>>> theme-reviewers mailing list
>>> theme-reviewers at lists.wordpress.org
>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>
>>>
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>
>
> _______________________________________________
> theme-reviewers mailing listtheme-reviewers at lists.wordpress.orghttp://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
> --
> Yulian Yordanov
>
> yul.yordanov at gmail.com
> post-scriptum.info
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20120308/15a6a40d/attachment-0001.htm>

More information about the theme-reviewers mailing list