[theme-reviewers] Functions.php Worm

Chip Bennett chip at chipbennett.net
Wed Oct 13 15:27:04 UTC 2010


These kinds of questions/issues demonstrate why the next step in Theme
Reviews really needs to be to explore our original idea of having Security
Ninjas, who focus on such issues, and who perform a post-quality-review
Security review.

If we can keep the Review Queue manageable for a few weeks, would it be
worthwhile to explore this idea further?

Chip

On Wed, Oct 13, 2010 at 10:23 AM, Andrew Nacin <wp at andrewnacin.com> wrote:

> On Wed, Oct 13, 2010 at 11:11 AM, Otto <otto at ottodestruct.com> wrote:
>
>> Tangentially related: Can anybody think of a legitimate reason for a
>> theme to ever use file_get_contents() in any way that makes sense or
>> has no better way to do things?
>
>
> No, for the simple reason that they should instead be using wp_remote_get.
>
> A decent number do though, with okay intentions (but they should still be
> using wp_remote_get).
>
> http://www.google.com/search?q=site:themes.svn.wordpress.org+file_get_contents
>
> Of course, at one point does someone begin to simply use core functions
> maliciously?
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20101013/2433197b/attachment.htm>


More information about the theme-reviewers mailing list