[theme-reviewers] Can I have another theme to review?

Andrew Nacin wp at andrewnacin.com
Sun Apr 10 09:20:42 UTC 2011


On Sun, Apr 10, 2011 at 4:34 AM, Emil Uzelac <emil at themeid.com> wrote:

> There is something going on there no doubt about that, it seems like <a
> href=' '> was left there for a reason, such as URL injection. Either way
> this .tif can and does pose as a security problem, no need to go forward
> with the review until this is fixed immediately. I think that you can close
> as not-approved and explain the situation in your review.
>
> Nacin or Otto will know more about this, as is right now is way over my
> head :(
>

I've closed the ticket and made some preliminary comments. Jon Cave has
fully decoded it before I've had the chance to -- the end result is loading
an external XML file to generate as many links as they want in the footer.
Clever, and slimy as hell.

This theme appeared pretty much perfectly coded, except for the tif file and
the single line in footer.php. There's only so much we can do to actually
detect this in any automated fashion -- thanks so much for your eagle eyes
and extreme attention to detail on this one.

I'll try to work with Otto to establish mime-type checking for images, as
that would have caught the tif being used as text/plain.

Nacin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20110410/6ea7f8b4/attachment.htm>


More information about the theme-reviewers mailing list