On Sun, Apr 10, 2011 at 4:34 AM, Emil Uzelac <span dir="ltr"><<a href="mailto:emil@themeid.com">emil@themeid.com</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div><font size="2"><font face="tahoma,sans-serif">There is something going on there no doubt about that, it seems like <a href=' '> was left there for a reason, such as URL injection. Either way this .tif can and does pose as a security problem, no need to go forward with the review until this is fixed immediately. I think that you can close as not-approved and explain the situation in your review.</font></font></div>
<div><font size="2"><font face="tahoma,sans-serif"></font></font> </div><div><font size="2"><font face="tahoma,sans-serif">Nacin or Otto will know more about this, as is right now is way over my head :( </font></font></div>
</blockquote><div><br></div><div>I've closed the ticket and made some preliminary comments. Jon Cave has fully decoded it before I've had the chance to -- the end result is loading an external XML file to generate as many links as they want in the footer. Clever, and slimy as hell.</div>
<div><br></div><div>This theme appeared pretty much perfectly coded, except for the tif file and the single line in footer.php. There's only so much we can do to actually detect this in any automated fashion -- thanks so much for your eagle eyes and extreme attention to detail on this one.</div>
<div><br></div><div>I'll try to work with Otto to establish mime-type checking for images, as that would have caught the tif being used as text/plain.</div><div><br></div><div>Nacin</div></div>