I guess I was not clear on my opinion ... I would *not* approve it either. Just saying I&#39;m curious why base64 is being used on such an innocuous link.<br><br><br clear="all">Cais.<br>
<br><br><div class="gmail_quote">On Fri, Nov 4, 2011 at 2:44 PM, Simon Prosser <span dir="ltr">&lt;<a href="mailto:pross@pross.org.uk">pross@pross.org.uk</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">

I would NOT let it in, take a look at the code again, he has split the function base64_decode() into base64 &#39;_&#39; decode to get round the uploader<div><div class="h5"><br><br><div class="gmail_quote">On 4 November 2011 18:29, Edward Caissie <span dir="ltr">&lt;<a href="mailto:edward.caissie@gmail.com" target="_blank">edward.caissie@gmail.com</a>&gt;</span> wrote:<br>



<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Given that the obscured code is not a posing any concerns I would be tempted to let it through, but that just leads to potential unscrupulous updates; not that I would expect them but part of the reasoning behind not allowing base64 encoded items is to keep the theme code &quot;human-readable&quot; as the repository should be used as a learning tool besides it&#39;s more commonly associated distribution service functionality.<br>





<br>I would be interested in what compelled the author to choose to encode this link, even as a &quot;Mallory-Everest&quot; idea it does not fit with the &quot;spirit of the repository&quot;.<br><br><br clear="all">Cais.<div>



<div><br>


<br><br><div class="gmail_quote">On Fri, Nov 4, 2011 at 4:57 AM, Mikkel W. Breum <span dir="ltr">&lt;<a href="mailto:mikkel@wpkitchen.com" target="_blank">mikkel@wpkitchen.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">





<div style="word-wrap:break-word"><div>Hi Tyler</div><div><br></div><div>The code is trying to hide that it&#39;s adding a credit link to the author. It&#39;s not doing anything dangerous, but it&#39;s not allowed. </div>





You can take the entire code and replace all the encoded strings with the decode version (use <a href="http://www.opinionatedgeek.com/dotnet/tools/base64decode/" target="_blank">http://www.opinionatedgeek.com/dotnet/tools/base64decode/</a> or a similar tool for that) then You&#39;ll see that its just encoded strings representing some links and even the name of the base64_decode function.<div>





<br></div><div>When run in its current form the function simply returns the following string:</div><div><br></div><div>&quot;<span style="color:rgb(0, 0, 102);font-family:monospace;font-size:13px;white-space:pre-wrap">&lt;a href=&quot;<a href="http://wordpress.org/" target="_blank">http://wordpress.org/</a>&quot;&gt;WordPress&lt;/a&gt; and &lt;a href=&quot;<a href="http://www.foxload.com/naturefox-wordpress-theme/" target="_blank">http://www.foxload.com/naturefox-wordpress-theme/</a>&quot;&gt;NatureFox&lt;/a&gt;</span>&quot;</div>





<div><div>
<span style="border-collapse:separate;color:rgb(0, 0, 0);font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;font-size:medium"><div>





<br><br></div><div>----</div><div><br></div><div>Mikkel Breum</div><div><a href="http://wpKitchen.com" target="_blank">wpKitchen.com</a></div><div><br></div><div><a href="mailto:mikkel@wpkitchen.com" target="_blank">mikkel@wpkitchen.com</a></div>





<div>phone: <a href="tel:%2B49%20176%2023885016" value="+4917623885016" target="_blank">+49 176 23885016</a></div><div>skype: mikwolbre</div></span>
</div><div><div>
<br><div><div>On 04/11/2011, at 06.53, Merci Javier wrote:</div><br><blockquote type="cite"><br>Agreed. That&#39;s a fail. <br><br>Couldn&#39;t even decode it with one of tools given <a href="http://wordpress.org/support/topic/theme-decoding-thread?replies=43" target="_blank">http://wordpress.org/support/topic/theme-decoding-thread?replies=43</a> Just curious what was there.<br>






<br><br><br><div class="gmail_quote">On Thu, Nov 3, 2011 at 10:16 PM, Doug Stewart <span dir="ltr">&lt;<a href="mailto:zamoose@gmail.com" target="_blank">zamoose@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">






That base64 should be enough to FAIL immediately.<br>
<div><div></div><div><br>
On Fri, Nov 4, 2011 at 1:12 AM, Tyler Cunningham<br>
&lt;<a href="mailto:seizedpropaganda@gmail.com" target="_blank">seizedpropaganda@gmail.com</a>&gt; wrote:<br>
&gt; Hey all,<br>
&gt; Finally had some time to sit down and do some reviews so I was clearing out<br>
&gt; some of the priority 1 tickets and came across something I wanted to run by<br>
&gt; some of the more senior review members. Check out the following diff:<br>
&gt; <a href="http://themes.trac.wordpress.org/changeset?old_path=/naturefox/1.0.5&amp;new_path=/naturefox/1.0.6#file8" target="_blank">http://themes.trac.wordpress.org/changeset?old_path=/naturefox/1.0.5&amp;new_path=/naturefox/1.0.6#file8</a><br>







&gt; As soon as I saw the naturefox_credits function a red flag came up. Should I<br>
&gt; ask the author what the purpose behind this is? Is this a no-no?<br>
&gt; Thanks.<br>
&gt; Regards,<br>
&gt;<br>
&gt; Tyler Cunningham  |  Founder, COO - CyberChimps LLC<br>
&gt; @tylerbcunning<br>
&gt; <a href="http://gplus.to/tylercunningham" target="_blank">http://gplus.to/tylercunningham</a><br>
&gt; <a href="http://linkedin.com/in/tylerbcunningham" target="_blank">http://linkedin.com/in/tylerbcunningham</a><br>
&gt; <a href="mailto:tyler@cyberchimps.com" target="_blank">tyler@cyberchimps.com</a><br>
&gt;<br>
&gt;<br>
</div></div>&gt; _______________________________________________<br>
&gt; theme-reviewers mailing list<br>
&gt; <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
&gt; <a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
&gt;<br>
&gt;<br>
<font color="#888888"><br>
<br>
<br>
--<br>
-Doug<br>
_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
</font></blockquote></div><br>
_______________________________________________<br>theme-reviewers mailing list<br><a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br><a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>





</blockquote></div><br></div></div></div></div><br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br>
</div></div><br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br></div></div>My Blog: <a href="http://pross.org.uk/" target="_blank">http://pross.org.uk/</a><br>Plugins : <a href="http://pross.org.uk/plugins/" target="_blank">http://pross.org.uk/plugins/</a><br>



Themes: <a href="http://wordpress.org/extend/themes/profile/pross" target="_blank">http://wordpress.org/extend/themes/profile/pross</a><br>
<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br>