These kinds of questions/issues demonstrate why the next step in Theme Reviews really needs to be to explore our original idea of having Security Ninjas, who focus on such issues, and who perform a post-quality-review Security review.<div>
<br></div><div>If we can keep the Review Queue manageable for a few weeks, would it be worthwhile to explore this idea further?</div><div><br></div><div>Chip<br><br><div class="gmail_quote">On Wed, Oct 13, 2010 at 10:23 AM, Andrew Nacin <span dir="ltr"><<a href="mailto:wp@andrewnacin.com">wp@andrewnacin.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">On Wed, Oct 13, 2010 at 11:11 AM, Otto <span dir="ltr"><<a href="mailto:otto@ottodestruct.com" target="_blank">otto@ottodestruct.com</a>></span> wrote:<br>
</div><div class="gmail_quote"><div class="im"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Tangentially related: Can anybody think of a legitimate reason for a<br>
theme to ever use file_get_contents() in any way that makes sense or<br>
has no better way to do things?</blockquote><div><br></div></div><div>No, for the simple reason that they should instead be using wp_remote_get.</div><div><br></div><div>A decent number do though, with okay intentions (but they should still be using wp_remote_get).</div>
<div><a href="http://www.google.com/search?q=site:themes.svn.wordpress.org+file_get_contents" target="_blank">http://www.google.com/search?q=site:themes.svn.wordpress.org+file_get_contents</a></div><div><br></div><div>Of course, at one point does someone begin to simply use core functions maliciously?</div>
</div>
<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div>