[theme-reviewers] Theme Scan Failing

Sayontan Sinha sayontan at gmail.com
Sun Nov 28 17:14:06 UTC 2010


I should add that my submission went through too, though, because the checks
have not been enforced on the submission process.

On Sun, Nov 28, 2010 at 9:12 AM, Sayontan Sinha <sayontan at gmail.com> wrote:

> I faced the same problem, getting a "fail" result due to suspected
> malicious code. I do recall that a few weeks back when I had tried out the
> original online theme checker <http://pross.org.uk/theme-check/> it had
> indicated the names of the files that it believed to have the suspicious
> code, but online verification is no longer available there, and the Theme
> Check plugin doesn't give this output either.
>
>
> On Sun, Nov 28, 2010 at 5:54 AM, Philip M. Hofer (Frumph) <
> philip at frumph.net> wrote:
>
>> Then i'm pretty much at a loss unless its that unescape( in the json
>> cookiejar  which pretty much is on the return of an escaped string which is
>> a protection
>>
>>
>>
>>
>> ----- Original Message ----- From: "Simon Prosser" <pross at pross.org.uk>
>>
>> To: <theme-reviewers at lists.wordpress.org>
>> Sent: Sunday, November 28, 2010 5:42 AM
>>
>> Subject: Re: [theme-reviewers] Theme Scan Failing
>>
>>
>>  fopen isnt checked for, many themes use it for caching remember
>>>
>>> On 28 November 2010 13:39, Philip M. Hofer (Frumph) <philip at frumph.net>
>>> wrote:
>>>
>>>> Hrm.. probably the fopen in the paypal transaction IPN then. /shrug
>>>> nothing
>>>> I can do about that, at least it still pushed it through.
>>>>
>>>> - Phil
>>>>
>>>> ----- Original Message ----- From: "Jon Cave" <jon at lionsgoroar.co.uk>
>>>> To: <theme-reviewers at lists.wordpress.org>
>>>> Sent: Sunday, November 28, 2010 5:37 AM
>>>> Subject: Re: [theme-reviewers] Theme Scan Failing
>>>>
>>>>
>>>>  On Sun, Nov 28, 2010 at 1:18 PM, Philip M. Hofer (Frumph)
>>>>> <philip at frumph.net> wrote:
>>>>>
>>>>>>
>>>>>> Soo Otto what exactly are you caring about here that it causes a fail?
>>>>>>
>>>>>
>>>>> My guess (based on the last themecheck code I've seen) is that it's
>>>>> the warning of suspicious code that's failing it. The other two are
>>>>> just notifications but don't cause a fail.
>>>>>
>>>>>  What specific 'malicious' code? .. I dont use base64 anywhere, at all.
>>>>>> Everything necessary is protected with evaluators and nonce's.
>>>>>>
>>>>>
>>>>> I think that warning is for file_get_contents(__FILE__) or fopen,
>>>>> again based on the last I saw of the theme checks.
>>>>>
>>>>>  Don't care about editor styles, at all; won't create one.
>>>>>>
>>>>>
>>>>> It's a recommended guideline so the check is just highlighting it,
>>>>> doubt it's a cause of failure.
>>>>>
>>>>>  I use includes & get_template_parts() in appropriate places, I won't
>>>>>> use
>>>>>> get_template_part because of the performance of checking both the
>>>>>> child
>>>>>> theme and root theme and it always needs to just load the parent
>>>>>> themes
>>>>>> functions and not overriden by child themes functions of the same
>>>>>> name.
>>>>>>
>>>>>> Although included *in* parsed to output functions use
>>>>>> get_template_part()
>>>>>> as
>>>>>> necessary
>>>>>>
>>>>>
>>>>> As above doubt it's cause of failure, just picking up of possible
>>>>> violation of required guideline.
>>>>>
>>>>> Just my thoughts, will need Otto to confirm or deny.
>>>>> _______________________________________________
>>>>> theme-reviewers mailing list
>>>>> theme-reviewers at lists.wordpress.org
>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> theme-reviewers mailing list
>>>> theme-reviewers at lists.wordpress.org
>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>
>>>>
>>>
>>>
>>> --
>>> My Blog: http://www.pross.org.uk/
>>> Plugins : http://www.pross.org.uk/plugins/
>>> Themes: http://wordpress.org/extend/themes/profile/pross
>>> _______________________________________________
>>> theme-reviewers mailing list
>>> theme-reviewers at lists.wordpress.org
>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>
>>>
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>
>
>
> --
> Sayontan Sinha
> http://mynethome.net | http://mynethome.net/blog
> --
> Beating Australia in Cricket is like killing a celebrity. The death gets
> more coverage than the crime.
>
>


-- 
Sayontan Sinha
http://mynethome.net | http://mynethome.net/blog
--
Beating Australia in Cricket is like killing a celebrity. The death gets
more coverage than the crime.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20101128/0b9354bf/attachment.htm>


More information about the theme-reviewers mailing list