[theme-reviewers] Theme Scan Failing

Philip M. Hofer (Frumph) philip at frumph.net
Sun Nov 28 13:54:10 UTC 2010


Then i'm pretty much at a loss unless its that unescape( in the json 
cookiejar  which pretty much is on the return of an escaped string which is 
a protection




----- Original Message ----- 
From: "Simon Prosser" <pross at pross.org.uk>
To: <theme-reviewers at lists.wordpress.org>
Sent: Sunday, November 28, 2010 5:42 AM
Subject: Re: [theme-reviewers] Theme Scan Failing


> fopen isnt checked for, many themes use it for caching remember
>
> On 28 November 2010 13:39, Philip M. Hofer (Frumph) <philip at frumph.net> 
> wrote:
>> Hrm.. probably the fopen in the paypal transaction IPN then. /shrug 
>> nothing
>> I can do about that, at least it still pushed it through.
>>
>> - Phil
>>
>> ----- Original Message ----- From: "Jon Cave" <jon at lionsgoroar.co.uk>
>> To: <theme-reviewers at lists.wordpress.org>
>> Sent: Sunday, November 28, 2010 5:37 AM
>> Subject: Re: [theme-reviewers] Theme Scan Failing
>>
>>
>>> On Sun, Nov 28, 2010 at 1:18 PM, Philip M. Hofer (Frumph)
>>> <philip at frumph.net> wrote:
>>>>
>>>> Soo Otto what exactly are you caring about here that it causes a fail?
>>>
>>> My guess (based on the last themecheck code I've seen) is that it's
>>> the warning of suspicious code that's failing it. The other two are
>>> just notifications but don't cause a fail.
>>>
>>>> What specific 'malicious' code? .. I dont use base64 anywhere, at all.
>>>> Everything necessary is protected with evaluators and nonce's.
>>>
>>> I think that warning is for file_get_contents(__FILE__) or fopen,
>>> again based on the last I saw of the theme checks.
>>>
>>>> Don't care about editor styles, at all; won't create one.
>>>
>>> It's a recommended guideline so the check is just highlighting it,
>>> doubt it's a cause of failure.
>>>
>>>> I use includes & get_template_parts() in appropriate places, I won't 
>>>> use
>>>> get_template_part because of the performance of checking both the child
>>>> theme and root theme and it always needs to just load the parent themes
>>>> functions and not overriden by child themes functions of the same name.
>>>>
>>>> Although included *in* parsed to output functions use 
>>>> get_template_part()
>>>> as
>>>> necessary
>>>
>>> As above doubt it's cause of failure, just picking up of possible
>>> violation of required guideline.
>>>
>>> Just my thoughts, will need Otto to confirm or deny.
>>> _______________________________________________
>>> theme-reviewers mailing list
>>> theme-reviewers at lists.wordpress.org
>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>
>>
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>
>
>
> -- 
> My Blog: http://www.pross.org.uk/
> Plugins : http://www.pross.org.uk/plugins/
> Themes: http://wordpress.org/extend/themes/profile/pross
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
> 




More information about the theme-reviewers mailing list