<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta content="text/html;charset=UTF-8" http-equiv="Content-Type"></head><body ><font class="Apple-style-span" face="Verdana, Arial, Helvetica, sans-serif">Now that it's possible to bundle custom plugins with a theme, I wonder if this raises any issues for reviewing themes with such bundled plugins that would be required for the theme to function?</font><div><font class="Apple-style-span" face="Verdana, Arial, Helvetica, sans-serif"><a href="http://thomasgriffinmedia.com/blog/2011/09/automatically-install-plugins-with-themes-for-wordpress/">http://thomasgriffinmedia.com/blog/2011/09/automatically-install-plugins-with-themes-for-wordpress/</a></font></div><div><font class="Apple-style-span" face="Verdana, Arial, Helvetica, sans-serif"><br></font><div id="1" style="font-family: Verdana, arial, Helvetica, sans-serif; "><br>---- On Sat, 05 Nov 2011 10:00:02 -0200 <b> <<a href='mailto:theme-reviewers-request@lists.wordpress.org' target='_blank'>theme-reviewers-request@lists.wordpress.org</a>></b> wrote ---- <br></div><br><blockquote style="font-family: Verdana, arial, Helvetica, sans-serif; border-left-width: 1px; border-left-style: solid; border-left-color: rgb(0, 0, 255); padding-left: 6px; ">Send theme-reviewers mailing list submissions to <br> <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a> <br> <br>To subscribe or unsubscribe via the World Wide Web, visit <br> <a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a> <br>or, via email, send a message with subject or body 'help' to <br> <a href="mailto:theme-reviewers-request@lists.wordpress.org" target="_blank">theme-reviewers-request@lists.wordpress.org</a> <br> <br>You can reach the person managing the list at <br> <a href="mailto:theme-reviewers-owner@lists.wordpress.org" target="_blank">theme-reviewers-owner@lists.wordpress.org</a> <br> <br>When replying, please edit your Subject line so it is more specific <br>than "Re: Contents of theme-reviewers digest..." <br> <br> <br>Today's Topics: <br> <br> 1. Re: Question about footer credit function (Angelo Bertolli) <br> 2. Re: Question about footer credit function (Otto) <br> 3. Re: Question about footer credit function (Chip Bennett) <br> <br> <br>---------------------------------------------------------------------- <br> <br>Message: 1 <br>Date: Fri, 04 Nov 2011 15:11:34 -0400 <br>From: Angelo Bertolli <<a href="mailto:angelo.bertolli@gmail.com" target="_blank">angelo.bertolli@gmail.com</a>> <br>Subject: Re: [theme-reviewers] Question about footer credit function <br>To: <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a> <br>Message-ID: <<a href="mailto:4EB438E6.9030209@gmail.com" target="_blank">4EB438E6.9030209@gmail.com</a>> <br>Content-Type: text/plain; charset=ISO-8859-1 <br> <br>To prevent people from removing the credit link. Which, while it does <br>not violate the GPL, in my opinion is an attempt to find a loophole in <br>the policy that users who download themes should be allowed to remove <br>credit links if they want. <br> <br>Plus, like you said this opens the door for themes to insert more links <br>later (for which the theme reviewers should check, meaning more work). <br>It's better just to have a policy of not allowing obfuscated code. <br> <br> <br>On 11/04/2011 02:59 PM, Edward Caissie wrote: <br>> I guess I was not clear on my opinion ... I would *not* approve it <br>> either. Just saying I'm curious why base64 is being used on such an <br>> innocuous link. <br>> <br>> <br>> Cais. <br>> <br>> <br>> On Fri, Nov 4, 2011 at 2:44 PM, Simon Prosser <<a href="mailto:pross@pross.org.uk" target="_blank">pross@pross.org.uk</a> <br>> <mailto:pross@pross.org.uk>> wrote: <br>> <br>> I would NOT let it in, take a look at the code again, he has split <br>> the function base64_decode() into base64 '_' decode to get round the <br>> uploader <br>> <br>> <br>> On 4 November 2011 18:29, Edward Caissie <<a href="mailto:edward.caissie@gmail.com" target="_blank">edward.caissie@gmail.com</a> <br>> <mailto:edward.caissie@gmail.com>> wrote: <br>> <br>> Given that the obscured code is not a posing any concerns I <br>> would be tempted to let it through, but that just leads to <br>> potential unscrupulous updates; not that I would expect them but <br>> part of the reasoning behind not allowing base64 encoded items <br>> is to keep the theme code "human-readable" as the repository <br>> should be used as a learning tool besides it's more commonly <br>> associated distribution service functionality. <br>> <br>> I would be interested in what compelled the author to choose to <br>> encode this link, even as a "Mallory-Everest" idea it does not <br>> fit with the "spirit of the repository". <br>> <br>> <br>> Cais. <br>> <br>> <br>> <br>> On Fri, Nov 4, 2011 at 4:57 AM, Mikkel W. Breum <br>> <<a href="mailto:mikkel@wpkitchen.com" target="_blank">mikkel@wpkitchen.com</a> <mailto:mikkel@wpkitchen.com>> wrote: <br>> <br>> Hi Tyler <br>> <br>> The code is trying to hide that it's adding a credit link to <br>> the author. It's not doing anything dangerous, but it's not <br>> allowed. <br>> You can take the entire code and replace all the encoded <br>> strings with the decode version <br>> (use <a href="http://www.opinionatedgeek.com/dotnet/tools/base64decode/" target="_blank">http://www.opinionatedgeek.com/dotnet/tools/base64decode/</a> <br>> or a similar tool for that) then You'll see that its just <br>> encoded strings representing some links and even the name of <br>> the base64_decode function. <br>> <br>> When run in its current form the function simply returns the <br>> following string: <br>> <br>> "<a href="<a href="http://wordpress.org/"" target="_blank"><a href='http://wordpress.org/' target='_blank'>http://wordpress.org/</a>"</a>>WordPress</a> and <a <br>> href="<a href="http://www.foxload.com/naturefox-wordpress-theme/"" target="_blank"><a href='http://www.foxload.com/naturefox-wordpress-theme/' target='_blank'>http://www.foxload.com/naturefox-wordpress-theme/</a>"</a>>NatureFox</a>" <br>> <br>> <br>> ---- <br>> <br>> Mikkel Breum <br>> wpKitchen.com <<a href="http://wpKitchen.com" target="_blank">http://wpKitchen.com</a>> <br>> <br>> <a href="mailto:mikkel@wpkitchen.com" target="_blank">mikkel@wpkitchen.com</a> <mailto:mikkel@wpkitchen.com> <br>> phone: +49 176 23885016 <tel:%2B49%20176%2023885016> <br>> skype: mikwolbre <br>> <br>> On 04/11/2011, at 06.53, Merci Javier wrote: <br>> <br>>> <br>>> Agreed. That's a fail. <br>>> <br>>> Couldn't even decode it with one of tools given <br>>> <a href="http://wordpress.org/support/topic/theme-decoding-thread?replies=43" target="_blank">http://wordpress.org/support/topic/theme-decoding-thread?replies=43</a> <br>>> Just curious what was there. <br>>> <br>>> <br>>> <br>>> On Thu, Nov 3, 2011 at 10:16 PM, Doug Stewart <br>>> <<a href="mailto:zamoose@gmail.com" target="_blank">zamoose@gmail.com</a> <mailto:zamoose@gmail.com>> wrote: <br>>> <br>>> That base64 should be enough to FAIL immediately. <br>>> <br>>> On Fri, Nov 4, 2011 at 1:12 AM, Tyler Cunningham <br>>> <<a href="mailto:seizedpropaganda@gmail.com" target="_blank">seizedpropaganda@gmail.com</a> <br>>> <mailto:seizedpropaganda@gmail.com>> wrote: <br>>> > Hey all, <br>>> > Finally had some time to sit down and do some reviews <br>>> so I was clearing out <br>>> > some of the priority 1 tickets and came across <br>>> something I wanted to run by <br>>> > some of the more senior review members. Check out the <br>>> following diff: <br>>> > <a href="http://themes.trac.wordpress.org/changeset?old_path=/naturefox/1.0.5&new_path=/naturefox/1.0.6#file8" target="_blank">http://themes.trac.wordpress.org/changeset?old_path=/naturefox/1.0.5&new_path=/naturefox/1.0.6#file8</a> <<a href="http://themes.trac.wordpress.org/changeset?old_path=/naturefox/1.0.5&new_path=/naturefox/1.0.6#file8" target="_blank">http://themes.trac.wordpress.org/changeset?old_path=/naturefox/1.0.5&new_path=/naturefox/1.0.6#file8</a>> <br>>> > As soon as I saw the naturefox_credits function a red <br>>> flag came up. Should I <br>>> > ask the author what the purpose behind this is? Is <br>>> this a no-no? <br>>> > Thanks. <br>>> > Regards, <br>>> > <br>>> > Tyler Cunningham | Founder, COO - CyberChimps LLC <br>>> > @tylerbcunning <br>>> > <a href="http://gplus.to/tylercunningham" target="_blank">http://gplus.to/tylercunningham</a> <br>>> > <a href="http://linkedin.com/in/tylerbcunningham" target="_blank">http://linkedin.com/in/tylerbcunningham</a> <br>>> > <a href="mailto:tyler@cyberchimps.com" target="_blank">tyler@cyberchimps.com</a> <mailto:tyler@cyberchimps.com> <br>>> > <br>>> > <br>>> > _______________________________________________ <br>>> > theme-reviewers mailing list <br>>> > <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a> <br>>> <mailto:theme-reviewers@lists.wordpress.org> <br>>> > <a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a> <br>>> > <br>>> > <br>>> <br>>> <br>>> <br>>> -- <br>>> -Doug <br>>> _______________________________________________ <br>>> theme-reviewers mailing list <br>>> <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a> <br>>> <mailto:theme-reviewers@lists.wordpress.org> <br>>> <a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a> <br>>> <br>>> <br>>> _______________________________________________ <br>>> theme-reviewers mailing list <br>>> <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a> <br>>> <mailto:theme-reviewers@lists.wordpress.org> <br>>> <a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a> <br>> <br>> <br>> _______________________________________________ <br>> theme-reviewers mailing list <br>> <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a> <br>> <mailto:theme-reviewers@lists.wordpress.org> <br>> <a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a> <br>> <br>> <br>> <br>> _______________________________________________ <br>> theme-reviewers mailing list <br>> <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a> <br>> <mailto:theme-reviewers@lists.wordpress.org> <br>> <a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a> <br>> <br>> <br>> <br>> <br>> -- <br>> My Blog: <a href="http://pross.org.uk/" target="_blank">http://pross.org.uk/</a> <br>> Plugins : <a href="http://pross.org.uk/plugins/" target="_blank">http://pross.org.uk/plugins/</a> <br>> Themes: <a href="http://wordpress.org/extend/themes/profile/pross" target="_blank">http://wordpress.org/extend/themes/profile/pross</a> <br>> <br>> _______________________________________________ <br>> theme-reviewers mailing list <br>> <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a> <br>> <mailto:theme-reviewers@lists.wordpress.org> <br>> <a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a> <br>> <br>> <br>> <br>> <br>> _______________________________________________ <br>> theme-reviewers mailing list <br>> <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a> <br>> <a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a> <br> <br> <br>------------------------------ <br> <br>Message: 2 <br>Date: Fri, 4 Nov 2011 15:54:47 -0500 <br>From: Otto <<a href="mailto:otto@ottodestruct.com" target="_blank">otto@ottodestruct.com</a>> <br>Subject: Re: [theme-reviewers] Question about footer credit function <br>To: <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a> <br>Message-ID: <br> <CAD-Fghzf4CMMEjvGKgGQ<a href="mailto:+hpXyg0yBxYPRs+-nKgLy+8sBfSK1Q@mail.gmail.com" target="_blank">+hpXyg0yBxYPRs+-nKgLy+8sBfSK1Q@mail.gmail.com</a>> <br>Content-Type: text/plain; charset=ISO-8859-1 <br> <br>Intentionally obfuscated code is not allowed in the plugin or themes <br>repository, period. This can be considered the rule from on-high. <br> <br>Cool? Cool. :) <br> <br>-Otto <br> <br> <br>------------------------------ <br> <br>Message: 3 <br>Date: Sat, 5 Nov 2011 06:20:24 -0500 <br>From: Chip Bennett <<a href="mailto:chip@chipbennett.net" target="_blank">chip@chipbennett.net</a>> <br>Subject: Re: [theme-reviewers] Question about footer credit function <br>To: <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a> <br>Message-ID: <br> <CAPdLKqcX_opRPjcxQea5RX=pYcta3=<a href="mailto:-ktKL0Lwwk2J8xEQrWWA@mail.gmail.com" target="_blank">-ktKL0Lwwk2J8xEQrWWA@mail.gmail.com</a>> <br>Content-Type: text/plain; charset=ISO-8859-1 <br> <br>I would take an even more hardline stance: the intentional uploader <br>check workaround ought to be grounds for consideration for <br>blacklisting. <br> <br>Apologies for brevity. <br> <br>Chip <br> <br>On 11/4/11, Otto <<a href="mailto:otto@ottodestruct.com" target="_blank">otto@ottodestruct.com</a>> wrote: <br>> Intentionally obfuscated code is not allowed in the plugin or themes <br>> repository, period. This can be considered the rule from on-high. <br>> <br>> Cool? Cool. :) <br>> <br>> -Otto <br>> _______________________________________________ <br>> theme-reviewers mailing list <br>> <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a> <br>> <a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a> <br>> <br> <br>-- <br>Sent from my mobile device <br> <br> <br>------------------------------ <br> <br>_______________________________________________ <br>theme-reviewers mailing list <br><a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a> <br><a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a> <br> <br> <br>End of theme-reviewers Digest, Vol 18, Issue 8 <br>********************************************** <br></blockquote><br></div></body></html>