[theme-reviewers] Can I have another theme to review?

Emil Uzelac emil at themeid.com
Sun Apr 10 08:42:58 UTC 2011


trainee, sorry you can't close, Cais will handle it :)
*Emil Uzelac* | ThemeID | T: 224-444-0006 | Twitter: @EmilUzelac | E:
emil at themeid.com | http://themeid.com
Make everything as simple as possible, but not simpler. - Albert Einstein



On Sun, Apr 10, 2011 at 3:34 AM, Emil Uzelac <emil at themeid.com> wrote:

> There is something going on there no doubt about that, it seems like <a
> href=' '> was left there for a reason, such as URL injection. Either way
> this .tif can and does pose as a security problem, no need to go forward
> with the review until this is fixed immediately. I think that you can close
> as not-approved and explain the situation in your review.
>
> Nacin or Otto will know more about this, as is right now is way over my
> head :(
>
> Emil
>
>
> *Emil Uzelac* | ThemeID | T: 224-444-0006 | Twitter: @EmilUzelac | E:
> emil at themeid.com | http://themeid.com
> Make everything as simple as possible, but not simpler. - Albert Einstein
>
>
>
> On Sun, Apr 10, 2011 at 3:13 AM, carolina n <myazalea at hotmail.com> wrote:
>
>>  thats what i meant, its not saved as a proper tif so photoshop did not
>> recognise it and was unable to open it.
>> a normal image would go something like: Ôã¸ÓàËìüÁÞîÀß nulnul blahblah in a
>> text editor,  this one doesnt. it contains:
>>
>> <?php,
>> a copyright message,
>>  __FILE__,
>> urldecode,
>> eval,
>> return;?>
>>
>>
>> did you see the output in the footer?
>> <div class="credits">Powered by <a href="
>> http://wordpress.org/">Wordpress</a>  <?php include("images/spacer.tif");
>> ?> Designed by ..etc
>> becomes:
>> <div class="credits">Powered by <a href="http://wordpress.org/">Wordpress
>> </a> <a href=' '></a> - Designed by ..etc
>>
>>
>> ------------------------------
>> From: emil at themeid.com
>> Date: Sun, 10 Apr 2011 02:43:03 -0500
>>
>> To: theme-reviewers at lists.wordpress.org
>> Subject: Re: [theme-reviewers] Can I have another theme to review?
>>
>> this is .tif format (.tiff) image format which is not made for an online
>> purposes. .Tiff can be opened in Photoshop if the format was saved
>> (compressed) properly and that's not the case. Funky data will appear if the
>> image is opened in text editor and that's normal. Either way this isn't the
>> proper way of using images for web design.
>>
>> On another note <?php include("images/spacer.tif"); ?> is also bad
>> practice as well it should be i.e. <img  src="<?php echo
>> get_stylesheet_directory_uri(); ?>/images/spacer.gif" />
>>
>> Emil
>>
>> *Emil Uzelac* | ThemeID | T: 224-444-0006 | Twitter: @EmilUzelac | E:
>> emil at themeid.com | http://themeid.com
>> Make everything as simple as possible, but not simpler. - Albert Einstein
>>
>>
>>
>> On Sun, Apr 10, 2011 at 2:15 AM, carolina n <myazalea at hotmail.com> wrote:
>>
>> *I'm not an expert on security*, but there is something fishy about this
>> theme. it includes a .tif image by <?php include("images/spacer.tif"); ?> in
>> footer.php,
>>  the image cannot be recognised by photoshop etc, but when opened in a
>> text editor, it clearly has an eval.
>>
>> How do you usually handle this?
>>
>>
>>
>>
>>
>>
>>
>> ------------------------------
>> From: edward.caissie at gmail.com
>> Date: Sat, 9 Apr 2011 19:06:40 -0400
>>
>> To: theme-reviewers at lists.wordpress.org
>> Subject: Re: [theme-reviewers] Can I have another theme to review?
>>
>> Here you go: http://themes.trac.wordpress.org/ticket/3214
>>
>> On Sat, Apr 9, 2011 at 2:41 PM, carolina n <myazalea at hotmail.com> wrote:
>>
>>  can i have another theme to review?
>> username poena
>>
>>
>> ------------------------------
>> From: edward.caissie at gmail.com
>> Date: Mon, 4 Apr 2011 12:57:01 -0400
>>
>> To: theme-reviewers at lists.wordpress.org
>> Subject: Re: [theme-reviewers] Can I have another theme to review?
>>
>> Thanks, I found it via your Theme in Trac (*grin*)
>>
>> On Mon, Apr 4, 2011 at 12:47 PM, carolina n <myazalea at hotmail.com> wrote:
>>
>> Poena.
>>
>> ------------------------------
>> From: edward.caissie at gmail.com
>> Date: Mon, 4 Apr 2011 12:03:38 -0400
>> To: theme-reviewers at lists.wordpress.org
>> Subject: Re: [theme-reviewers] Can I have another theme to review?
>>
>>
>> Here ya go ... http://themes.trac.wordpress.org/ticket/3165
>>
>> I'll have it assigned in a moment or two (just have to remember you
>> dot-org name *grin*)
>>
>>
>> Cais.
>>
>> On Mon, Apr 4, 2011 at 4:23 AM, carolina n <myazalea at hotmail.com> wrote:
>>
>> Can I have another theme to review please?
>>
>>
>>
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>>
>> _______________________________________________ theme-reviewers mailing
>> list theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>>
>> _______________________________________________ theme-reviewers mailing
>> list theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>>
>> _______________________________________________ theme-reviewers mailing
>> list theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>>
>> _______________________________________________ theme-reviewers mailing
>> list theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20110410/766089f5/attachment.htm>


More information about the theme-reviewers mailing list