[theme-reviewers] Theme Scan Failing

Sun Nov 28 17:51:26 UTC 2010

I challange that remark actually, mind you if you have a better way, by all 
means.

Case in point on an IPN which doesn't really communicate with WordPress, it 
just gets responded to by Paypal and you want to make a transaction file of 
what has occured.

$logging = true;

if ($logging) {
 $myFile = "transactions.txt";
 $fh = fopen($myFile, 'w');
 fwrite ( $fh, "--------------------------------------------------\n" );
 fwrite ( $fh, "Begin Instant Payment Notification\n" );
}

----- Original Message ----- 
From: "Otto" <otto at ottodestruct.com>
To: <theme-reviewers at lists.wordpress.org>
Sent: Sunday, November 28, 2010 9:23 AM
Subject: Re: [theme-reviewers] Theme Scan Failing

> Actually, fopen is checked for, and yes, that triggers the "fishy" code.
>
> There's no good reason to use fopen in a theme. Any reason you can
> think of has better ways of doing it.
>
> -Otto
>
>
>
> On Sun, Nov 28, 2010 at 7:42 AM, Simon Prosser <pross at pross.org.uk> wrote:
>> fopen isnt checked for, many themes use it for caching remember
>>
>> On 28 November 2010 13:39, Philip M. Hofer (Frumph) <philip at frumph.net> 
>> wrote:
>>> Hrm.. probably the fopen in the paypal transaction IPN then. /shrug 
>>> nothing
>>> I can do about that, at least it still pushed it through.
>>>
>>> - Phil
>>>
>>> ----- Original Message ----- From: "Jon Cave" <jon at lionsgoroar.co.uk>
>>> To: <theme-reviewers at lists.wordpress.org>
>>> Sent: Sunday, November 28, 2010 5:37 AM
>>> Subject: Re: [theme-reviewers] Theme Scan Failing
>>>
>>>
>>>> On Sun, Nov 28, 2010 at 1:18 PM, Philip M. Hofer (Frumph)
>>>> <philip at frumph.net> wrote:
>>>>>
>>>>> Soo Otto what exactly are you caring about here that it causes a fail?
>>>>
>>>> My guess (based on the last themecheck code I've seen) is that it's
>>>> the warning of suspicious code that's failing it. The other two are
>>>> just notifications but don't cause a fail.
>>>>
>>>>> What specific 'malicious' code? .. I dont use base64 anywhere, at all.
>>>>> Everything necessary is protected with evaluators and nonce's.
>>>>
>>>> I think that warning is for file_get_contents(__FILE__) or fopen,
>>>> again based on the last I saw of the theme checks.
>>>>
>>>>> Don't care about editor styles, at all; won't create one.
>>>>
>>>> It's a recommended guideline so the check is just highlighting it,
>>>> doubt it's a cause of failure.
>>>>
>>>>> I use includes & get_template_parts() in appropriate places, I won't 
>>>>> use
>>>>> get_template_part because of the performance of checking both the 
>>>>> child
>>>>> theme and root theme and it always needs to just load the parent 
>>>>> themes
>>>>> functions and not overriden by child themes functions of the same 
>>>>> name.
>>>>>
>>>>> Although included *in* parsed to output functions use 
>>>>> get_template_part()
>>>>> as
>>>>> necessary
>>>>
>>>> As above doubt it's cause of failure, just picking up of possible
>>>> violation of required guideline.
>>>>
>>>> Just my thoughts, will need Otto to confirm or deny.
>>>> _______________________________________________
>>>> theme-reviewers mailing list
>>>> theme-reviewers at lists.wordpress.org
>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>
>>>
>>>
>>> _______________________________________________
>>> theme-reviewers mailing list
>>> theme-reviewers at lists.wordpress.org
>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>
>>
>>
>>
>> --
>> My Blog: http://www.pross.org.uk/
>> Plugins : http://www.pross.org.uk/plugins/
>> Themes: http://wordpress.org/extend/themes/profile/pross
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
> 