I faced the same problem, getting a "fail" result due to suspected malicious code. I do recall that a few weeks back when I had tried out the original online <a href="http://pross.org.uk/theme-check/">theme checker</a> it had indicated the names of the files that it believed to have the suspicious code, but online verification is no longer available there, and the Theme Check plugin doesn't give this output either.<br>
<br><div class="gmail_quote">On Sun, Nov 28, 2010 at 5:54 AM, Philip M. Hofer (Frumph) <span dir="ltr"><<a href="mailto:philip@frumph.net">philip@frumph.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Then i'm pretty much at a loss unless its that unescape( in the json cookiejar which pretty much is on the return of an escaped string which is a protection<br>
<br>
<br>
<br>
<br>
----- Original Message ----- From: "Simon Prosser" <<a href="mailto:pross@pross.org.uk" target="_blank">pross@pross.org.uk</a>><div class="im"><br>
To: <<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a>><br></div>
Sent: Sunday, November 28, 2010 5:42 AM<div><div></div><div class="h5"><br>
Subject: Re: [theme-reviewers] Theme Scan Failing<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
fopen isnt checked for, many themes use it for caching remember<br>
<br>
On 28 November 2010 13:39, Philip M. Hofer (Frumph) <<a href="mailto:philip@frumph.net" target="_blank">philip@frumph.net</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Hrm.. probably the fopen in the paypal transaction IPN then. /shrug nothing<br>
I can do about that, at least it still pushed it through.<br>
<br>
- Phil<br>
<br>
----- Original Message ----- From: "Jon Cave" <<a href="mailto:jon@lionsgoroar.co.uk" target="_blank">jon@lionsgoroar.co.uk</a>><br>
To: <<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a>><br>
Sent: Sunday, November 28, 2010 5:37 AM<br>
Subject: Re: [theme-reviewers] Theme Scan Failing<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
On Sun, Nov 28, 2010 at 1:18 PM, Philip M. Hofer (Frumph)<br>
<<a href="mailto:philip@frumph.net" target="_blank">philip@frumph.net</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br>
Soo Otto what exactly are you caring about here that it causes a fail?<br>
</blockquote>
<br>
My guess (based on the last themecheck code I've seen) is that it's<br>
the warning of suspicious code that's failing it. The other two are<br>
just notifications but don't cause a fail.<br>
<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
What specific 'malicious' code? .. I dont use base64 anywhere, at all.<br>
Everything necessary is protected with evaluators and nonce's.<br>
</blockquote>
<br>
I think that warning is for file_get_contents(__FILE__) or fopen,<br>
again based on the last I saw of the theme checks.<br>
<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Don't care about editor styles, at all; won't create one.<br>
</blockquote>
<br>
It's a recommended guideline so the check is just highlighting it,<br>
doubt it's a cause of failure.<br>
<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
I use includes & get_template_parts() in appropriate places, I won't use<br>
get_template_part because of the performance of checking both the child<br>
theme and root theme and it always needs to just load the parent themes<br>
functions and not overriden by child themes functions of the same name.<br>
<br>
Although included *in* parsed to output functions use get_template_part()<br>
as<br>
necessary<br>
</blockquote>
<br>
As above doubt it's cause of failure, just picking up of possible<br>
violation of required guideline.<br>
<br>
Just my thoughts, will need Otto to confirm or deny.<br>
_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br>
</blockquote>
<br>
<br>
_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br>
</blockquote>
<br>
<br>
<br>
-- <br>
My Blog: <a href="http://www.pross.org.uk/" target="_blank">http://www.pross.org.uk/</a><br>
Plugins : <a href="http://www.pross.org.uk/plugins/" target="_blank">http://www.pross.org.uk/plugins/</a><br>
Themes: <a href="http://wordpress.org/extend/themes/profile/pross" target="_blank">http://wordpress.org/extend/themes/profile/pross</a><br>
_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br>
</blockquote>
<br>
<br>
_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Sayontan Sinha<br><a href="http://mynethome.net" target="_blank">http://mynethome.net</a> | <a href="http://mynethome.net/blog" target="_blank">http://mynethome.net/blog</a><br>
--<br>Beating Australia in Cricket is like killing a celebrity. The death gets more coverage than the crime.<br><br>