[theme-reviewers] Functions.php Worm
chip at chipbennett.net
Wed Oct 13 15:40:28 UTC 2010
And the obvious follow-up question is: is this the *only* way to do what you
need to do? Or, is there a way to accomplish it without using
On Wed, Oct 13, 2010 at 10:38 AM, Jeremy Clark <jeremy at clark-technet.com>wrote:
> I know I personally use it for importing a settings file that is previously
> saved. The exporter cretes a plain text file that has all the options
> serialized, the importer reads and unserializes the contents of the file
> before pulling it into the DB.
> On Wed, Oct 13, 2010 at 11:11 AM, Otto <otto at ottodestruct.com> wrote:
>> On Tue, Oct 12, 2010 at 11:56 AM, Chip Bennett <chip at chipbennett.net>
>> > Pross, credit your Theme-Check tool. It alerted me to this one.
>> > Found another Theme with the functions.php worm.
>> > Otto: can we get at least an emergency update to the uploader script, to
>> > screen out this worm? I know we're waiting a bit on the less-critical
>> > updates, but this is now the second Theme I've seen in four days that
>> > this worm.
>> I'm uploading a patch now that should stop this particular one and
>> variations of it.
>> Tangentially related: Can anybody think of a legitimate reason for a
>> theme to ever use file_get_contents() in any way that makes sense or
>> has no better way to do things?
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the theme-reviewers