<font size="2"><font face="tahoma,sans-serif">trainee, sorry you can't close, Cais will handle it :)<br clear="all"></font></font><div><strong>Emil Uzelac</strong> | ThemeID | T: 224-444-0006 | Twitter: @EmilUzelac | E: <a href="mailto:emil@themeid.com" target="_blank">emil@themeid.com</a> | <a href="http://themeid.com/" target="_blank">http://themeid.com</a></div>
<div><font color="#999999">Make everything as simple as possible, but not simpler. - Albert Einstein</font></div><br>
<br><br><div class="gmail_quote">On Sun, Apr 10, 2011 at 3:34 AM, Emil Uzelac <span dir="ltr"><<a href="mailto:emil@themeid.com">emil@themeid.com</a>></span> wrote:<br><blockquote style="margin: 0px 0px 0px 0.8ex; padding-left: 1ex; border-left-color: rgb(204, 204, 204); border-left-width: 1px; border-left-style: solid;" class="gmail_quote">
<div><font size="2"><font face="tahoma,sans-serif">There is something going on there no doubt about that, it seems like <a href=' '> was left there for a reason, such as URL injection. Either way this .tif can and does pose as a security problem, no need to go forward with the review until this is fixed immediately. I think that you can close as not-approved and explain the situation in your review.</font></font></div>
<div><font size="2"><font face="tahoma,sans-serif"></font></font> </div><div><font size="2"><font face="tahoma,sans-serif">Nacin or Otto will know more about this, as is right now is way over my head :( </font></font></div>
<div class="im">
<div><font face="Tahoma"></font> </div><div><font face="Tahoma">Emil</font></div><div><font size="2"><font face="tahoma,sans-serif"></font></font> </div><div><font size="2"><font face="tahoma,sans-serif"> </font></font></div>
<font size="2"><font face="tahoma,sans-serif"></font></font><div><strong>Emil Uzelac</strong> | ThemeID | T: 224-444-0006 | Twitter: @EmilUzelac | E: <a href="mailto:emil@themeid.com" target="_blank">emil@themeid.com</a> | <a href="http://themeid.com/" target="_blank">http://themeid.com</a></div>
<div><font color="#999999">Make everything as simple as possible, but not simpler. - Albert Einstein</font></div><br>
<br><br></div><div><div></div><div class="h5"><div class="gmail_quote">On Sun, Apr 10, 2011 at 3:13 AM, carolina n <span dir="ltr"><<a href="mailto:myazalea@hotmail.com" target="_blank">myazalea@hotmail.com</a>></span> wrote:<br>
<blockquote style="margin: 0px 0px 0px 0.8ex; padding-left: 1ex; border-left-color: rgb(204, 204, 204); border-left-width: 1px; border-left-style: solid;" class="gmail_quote">
<div>
thats what i meant, its not saved as a proper tif so photoshop did not recognise it and was unable to open it.<br>
a normal image would go something like: Ôã¸ÓàËìüÁÞîÀß nulnul blahblah in a text editor, this one doesnt. it contains:<br>
<br>
<?php, <br>
a copyright message, <br>
__FILE__, <br>
urldecode, <br>
eval, <br>
return;?><br>
<br>
<br>
did you see the output in the footer?<br>
<font color="#000000"><div class="credits">Powered by <a href="</font><a href="http://wordpress.org/%22%3EWordpress%3C/a" target="_blank"><font color="#000000">http://wordpress.org/">Wordpress</a</font></a><font color="#000000">> <?php include("images/spacer.tif"); ?> Designed by ..etc</font><br>
<font color="#000000">becomes:</font><br><span lang="SV">
<font color="#000000"><<font size="2"><font size="2">div</font></font><font size="2"> </font><font size="2"><font size="2">class</font></font><font size="2"><font size="2">="credits"></font></font><font size="2">Powered by </font><font size="2"><font size="2"><</font></font><font size="2"><font size="2">a</font></font><font size="2"> </font><font size="2"><font size="2">href</font></font><font size="2"><font size="2">="<a href="http://wordpress.org/" target="_blank">http://wordpress.org/</a>"></font></font><font size="2">Wordpress</font><font size="2"><font size="2"></</font></font><font size="2"><font size="2">a</font></font><font size="2"><font size="2">></font></font><font size="2"> </font><font size="2"><font size="2"><</font></font><font size="2"><font size="2">a</font></font><font size="2"> </font><font size="2"><font size="2">href</font></font><font size="2"><font size="2">=' '></</font></font><font size="2"><font size="2">a</font></font><font size="2"><font size="2">></font></font><font size="2"> - Designed by ..etc<br>
</font></font></span>
<br> <br>
<hr>
From: <a href="mailto:emil@themeid.com" target="_blank">emil@themeid.com</a><br>Date: Sun, 10 Apr 2011 02:43:03 -0500<div><div></div><div><br>To: <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
Subject: Re: [theme-reviewers] Can I have another theme to review?<br><br>
<div><font size="2"><font face="tahoma,sans-serif">this is .tif format (.tiff) image format which is not made for an online purposes. .Tiff can be opened in Photoshop if the format was saved (compressed) properly and that's not the case. Funky data will appear if the image is opened in text editor and that's normal. Either way this isn't the proper way of using images for web design.</font></font></div>
<div><font face="Tahoma"></font> </div>
<div><font face="Tahoma">On another note <?php include("images/spacer.tif"); ?> is also bad practice as well it should be i.e. </font><img src="<?php echo get_stylesheet_directory_uri(); ?>/images/spacer.gif" /></div>
<div><font face="Tahoma"></font> </div>
<div>Emil</div>
<div> </div>
<div><strong>Emil Uzelac</strong> | ThemeID | T: 224-444-0006 | Twitter: @EmilUzelac | E: <a href="mailto:emil@themeid.com" target="_blank">emil@themeid.com</a> | <a href="http://themeid.com/" target="_blank">http://themeid.com</a></div>
<div><font color="#999999">Make everything as simple as possible, but not simpler. - Albert Einstein</font></div><br><br><br>
<div>On Sun, Apr 10, 2011 at 2:15 AM, carolina n <span dir="ltr"><<a href="mailto:myazalea@hotmail.com" target="_blank">myazalea@hotmail.com</a>></span> wrote:<br>
<blockquote style="padding-left: 1ex; border-left-color: rgb(204, 204, 204); border-left-width: 1px; border-left-style: solid;">
<div><em>I'm not an expert on security</em>, but there is something fishy about this theme. it includes a .tif image by <?php include("images/spacer.tif"); ?> in footer.php,<br> the image cannot be recognised by photoshop etc, but when opened in a text editor, it clearly has an eval.<br>
<br>How do you usually handle this?
<div><br> <br> <br> <br> <br><br> <br>
<hr>
From: <a href="mailto:edward.caissie@gmail.com" target="_blank">edward.caissie@gmail.com</a><br></div>Date: Sat, 9 Apr 2011 19:06:40 -0400
<div>
<div></div>
<div><br>To: <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>Subject: Re: [theme-reviewers] Can I have another theme to review?<br><br>Here you go: <a href="http://themes.trac.wordpress.org/ticket/3214" target="_blank">http://themes.trac.wordpress.org/ticket/3214</a><br>
<br>
<div>On Sat, Apr 9, 2011 at 2:41 PM, carolina n <span dir="ltr"><<a href="mailto:myazalea@hotmail.com" target="_blank">myazalea@hotmail.com</a>></span> wrote:<br>
<blockquote style="padding-left: 1ex; border-left-color: rgb(204, 204, 204); border-left-width: 1px; border-left-style: solid;">
<div>
<div>can i have another theme to review?<br></div>username poena
<div><br> <br>
<hr>
From: <a href="mailto:edward.caissie@gmail.com" target="_blank">edward.caissie@gmail.com</a><br></div>Date: Mon, 4 Apr 2011 12:57:01 -0400
<div><br>To: <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>Subject: Re: [theme-reviewers] Can I have another theme to review?<br><br>Thanks, I found it via your Theme in Trac (*grin*)<br>
<br>
<div>On Mon, Apr 4, 2011 at 12:47 PM, carolina n <span dir="ltr"><<a href="mailto:myazalea@hotmail.com" target="_blank">myazalea@hotmail.com</a>></span> wrote:<br>
<blockquote style="padding-left: 1ex; border-left-color: rgb(204, 204, 204); border-left-width: 1px; border-left-style: solid;">
<div>Poena.<br><br>
<hr>
From: <a href="mailto:edward.caissie@gmail.com" target="_blank">edward.caissie@gmail.com</a><br>Date: Mon, 4 Apr 2011 12:03:38 -0400<br>To: <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
Subject: Re: [theme-reviewers] Can I have another theme to review?
<div>
<div></div>
<div><br><br>Here ya go ... <a href="http://themes.trac.wordpress.org/ticket/3165" target="_blank">http://themes.trac.wordpress.org/ticket/3165</a><br><br>I'll have it assigned in a moment or two (just have to remember you dot-org name *grin*)<br>
<br><br>Cais.<br><br>
<div>On Mon, Apr 4, 2011 at 4:23 AM, carolina n <span dir="ltr"><<a href="mailto:myazalea@hotmail.com" target="_blank">myazalea@hotmail.com</a>></span> wrote:<br>
<blockquote style="padding-left: 1ex; border-left-color: rgb(204, 204, 204); border-left-width: 1px; border-left-style: solid;">
<div>Can I have another theme to review please?<br> <br> <br> <br></div><br>_______________________________________________<br>theme-reviewers mailing list<br><a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br><br></blockquote></div><br><br></div></div>_______________________________________________ theme-reviewers mailing list <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a> <a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a> </div>
<br>_______________________________________________<br>theme-reviewers mailing list<br><a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br><a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br><br></div>_______________________________________________ theme-reviewers mailing list <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a> <a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a> </div>
<br>_______________________________________________<br>theme-reviewers mailing list<br><a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br><a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br><br></div></div>_______________________________________________ theme-reviewers mailing list <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a> <a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a> </div>
<br>_______________________________________________<br>theme-reviewers mailing list<br><a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br><a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br><br></div></div>_______________________________________________ theme-reviewers mailing list <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a> <a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a>                                            </div>
<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br>
</div></div></blockquote></div><br>