[theme-reviewers] Functions.php Worm

Jeremy Clark jeremy at clark-technet.com
Wed Oct 13 15:38:11 UTC 2010


I know I personally use it for importing a settings file that is previously
saved.  The exporter cretes a plain text file that has all the options
serialized, the importer reads and unserializes the contents of the file
before pulling it into the DB.

On Wed, Oct 13, 2010 at 11:11 AM, Otto <otto at ottodestruct.com> wrote:

> On Tue, Oct 12, 2010 at 11:56 AM, Chip Bennett <chip at chipbennett.net>
> wrote:
> > Pross, credit your Theme-Check tool. It alerted me to this one.
> > Found another Theme with the functions.php worm.
> > Otto: can we get at least an emergency update to the uploader script, to
> > screen out this worm? I know we're waiting a bit on the less-critical
> > updates, but this is now the second Theme I've seen in four days that has
> > this worm.
>
> I'm uploading a patch now that should stop this particular one and
> variations of it.
>
> Tangentially related: Can anybody think of a legitimate reason for a
> theme to ever use file_get_contents() in any way that makes sense or
> has no better way to do things?
>
> -Otto
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20101013/35234d62/attachment.htm>


More information about the theme-reviewers mailing list