Here are all the tickets by developer "rahulsarees":<div><meta http-equiv="content-type" content="text/html; charset=utf-8"><a href="http://themes.trac.wordpress.org/query?status=accepted&status=assigned&status=closed&status=new&status=reopened&reporter=rahulsarees&col=id&col=summary&col=status&col=owner&col=type&col=resolution&col=time&order=priority">http://themes.trac.wordpress.org/query?status=accepted&status=assigned&status=closed&status=new&status=reopened&reporter=rahulsarees&col=id&col=summary&col=status&col=owner&col=type&col=resolution&col=time&order=priority</a></div>
<div><br></div><div>Thankfully, he only has one other Theme, and it also isn't approved.</div><div><br></div><div>I just did a search, and found this same trick used elsewhere.</div><div><br></div><div>All-Green 1.0.4 (approved, by me *blush*): <meta http-equiv="content-type" content="text/html; charset=utf-8"><a href="http://themes.svn.wordpress.org/all-green/1.0.4/images/spacer.tif">http://themes.svn.wordpress.org/all-green/1.0.4/images/spacer.tif</a></div>
<div>Beauty Dots 1.0.6 (approved): <meta http-equiv="content-type" content="text/html; charset=utf-8"><a href="http://themes.svn.wordpress.org/beauty-dots/1.0.6/images/spacer.tif">http://themes.svn.wordpress.org/beauty-dots/1.0.6/images/spacer.tif</a></div>
<div><br></div><div>Both of these Themes are by "paydaydesigns":</div><div><meta http-equiv="content-type" content="text/html; charset=utf-8"><a href="http://themes.trac.wordpress.org/query?status=accepted&status=assigned&status=closed&status=new&status=reopened&reporter=paydaydesigns&col=id&col=summary&col=status&col=owner&col=type&col=time&order=priority">http://themes.trac.wordpress.org/query?status=accepted&status=assigned&status=closed&status=new&status=reopened&reporter=paydaydesigns&col=id&col=summary&col=status&col=owner&col=type&col=time&order=priority</a></div>
<div><br></div><div><b>Recommendations:</b></div><div><b><br></b></div><div><b>1) Blacklist both "rahulsarees" and "paydaydesigns" and suspend all above Themes</b></div><div><b>2) Implement appropriate fixes in Theme-Check and the Uploader</b></div>
<div><br></div><div>Chip<br><br><div class="gmail_quote">On Sun, Apr 10, 2011 at 4:20 AM, Andrew Nacin <span dir="ltr"><<a href="mailto:wp@andrewnacin.com">wp@andrewnacin.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On Sun, Apr 10, 2011 at 4:34 AM, Emil Uzelac <span dir="ltr"><<a href="mailto:emil@themeid.com" target="_blank">emil@themeid.com</a>></span> wrote:<br></div><div class="gmail_quote"><div class="im"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><font size="2"><font face="tahoma,sans-serif">There is something going on there no doubt about that, it seems like <a href=' '> was left there for a reason, such as URL injection. Either way this .tif can and does pose as a security problem, no need to go forward with the review until this is fixed immediately. I think that you can close as not-approved and explain the situation in your review.</font></font></div>
<div><font size="2"><font face="tahoma,sans-serif"></font></font> </div><div><font size="2"><font face="tahoma,sans-serif">Nacin or Otto will know more about this, as is right now is way over my head :( </font></font></div>
</blockquote><div><br></div></div><div>I've closed the ticket and made some preliminary comments. Jon Cave has fully decoded it before I've had the chance to -- the end result is loading an external XML file to generate as many links as they want in the footer. Clever, and slimy as hell.</div>
<div><br></div><div>This theme appeared pretty much perfectly coded, except for the tif file and the single line in footer.php. There's only so much we can do to actually detect this in any automated fashion -- thanks so much for your eagle eyes and extreme attention to detail on this one.</div>
<div><br></div><div>I'll try to work with Otto to establish mime-type checking for images, as that would have caught the tif being used as text/plain.</div><div><br></div><font color="#888888"><div>Nacin</div></font></div>
<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div>