[theme-reviewers] malicious code found in a theme in the codex

Edward Caissie edward.caissie at gmail.com
Thu Feb 10 17:02:30 UTC 2011


I know there "are a lot of things" in the SVN that could be bad if someone
did go to the trouble of checking them out then installing them wherever ...
just putting the idea out there for discussion on whether or not those
themes should be addressed in some fashion.

IF the risk is minimal to negligible then I can imagine all is fine, but if
not shouldn't we be concerned with the relatively public access the SVN
offers. Sure the average everyday end-user won't be tripping through the
SVN, but most any person with a sense of curiosity might ... I know I used
to go poking about from time to time. Now, not so much ... as you said you
have to go to a fair bit of trouble and I know better to also sort out if
the SVN files are "safe" to use before just installing them.


Cais.

On Thu, Feb 10, 2011 at 11:46 AM, Otto <otto at ottodestruct.com> wrote:

> On Wed, Feb 9, 2011 at 4:57 PM, Edward Caissie <edward.caissie at gmail.com>
> wrote:
> > Otto -
> >
> > Should we consider having this theme (and similar ones) removed from the
> SVN
> > repo? Just as a safety precaution if nothing else ... unless there is a
> way
> > to "hide" it from the public view.
>
> I don't currently have direct access to the SVN (I can get it, if
> needed), so I can't actually go and remove things from it.
>
> But honestly, do you think it's really worth the trouble? It's in the
> SVN, but so are a lot of things. The SVN is mainly just storage. If
> it's not in the themes directory, then it's not really visible or
> installable from WP itself. You have to go to a fair amount of trouble
> to pull code from the SVN and install it.
>
> -Otto
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20110210/ad5b427f/attachment.htm>


More information about the theme-reviewers mailing list