[theme-reviewers] Question about footer credit function
Simon Prosser
pross at pross.org.uk
Fri Nov 4 18:44:50 UTC 2011
I would NOT let it in, take a look at the code again, he has split the
function base64_decode() into base64 '_' decode to get round the uploader
On 4 November 2011 18:29, Edward Caissie <edward.caissie at gmail.com> wrote:
> Given that the obscured code is not a posing any concerns I would be
> tempted to let it through, but that just leads to potential unscrupulous
> updates; not that I would expect them but part of the reasoning behind not
> allowing base64 encoded items is to keep the theme code "human-readable" as
> the repository should be used as a learning tool besides it's more commonly
> associated distribution service functionality.
>
> I would be interested in what compelled the author to choose to encode
> this link, even as a "Mallory-Everest" idea it does not fit with the
> "spirit of the repository".
>
>
> Cais.
>
>
>
> On Fri, Nov 4, 2011 at 4:57 AM, Mikkel W. Breum <mikkel at wpkitchen.com>wrote:
>
>> Hi Tyler
>>
>> The code is trying to hide that it's adding a credit link to the author.
>> It's not doing anything dangerous, but it's not allowed.
>> You can take the entire code and replace all the encoded strings with the
>> decode version (use
>> http://www.opinionatedgeek.com/dotnet/tools/base64decode/ or a similar
>> tool for that) then You'll see that its just encoded strings representing
>> some links and even the name of the base64_decode function.
>>
>> When run in its current form the function simply returns the following
>> string:
>>
>> "<a href="http://wordpress.org/">WordPress</a> and <a href="
>> http://www.foxload.com/naturefox-wordpress-theme/">NatureFox</a>"
>>
>>
>> ----
>>
>> Mikkel Breum
>> wpKitchen.com
>>
>> mikkel at wpkitchen.com
>> phone: +49 176 23885016
>> skype: mikwolbre
>>
>> On 04/11/2011, at 06.53, Merci Javier wrote:
>>
>>
>> Agreed. That's a fail.
>>
>> Couldn't even decode it with one of tools given
>> http://wordpress.org/support/topic/theme-decoding-thread?replies=43 Just
>> curious what was there.
>>
>>
>>
>> On Thu, Nov 3, 2011 at 10:16 PM, Doug Stewart <zamoose at gmail.com> wrote:
>>
>>> That base64 should be enough to FAIL immediately.
>>>
>>> On Fri, Nov 4, 2011 at 1:12 AM, Tyler Cunningham
>>> <seizedpropaganda at gmail.com> wrote:
>>> > Hey all,
>>> > Finally had some time to sit down and do some reviews so I was
>>> clearing out
>>> > some of the priority 1 tickets and came across something I wanted to
>>> run by
>>> > some of the more senior review members. Check out the following diff:
>>> >
>>> http://themes.trac.wordpress.org/changeset?old_path=/naturefox/1.0.5&new_path=/naturefox/1.0.6#file8
>>> > As soon as I saw the naturefox_credits function a red flag came up.
>>> Should I
>>> > ask the author what the purpose behind this is? Is this a no-no?
>>> > Thanks.
>>> > Regards,
>>> >
>>> > Tyler Cunningham | Founder, COO - CyberChimps LLC
>>> > @tylerbcunning
>>> > http://gplus.to/tylercunningham
>>> > http://linkedin.com/in/tylerbcunningham
>>> > tyler at cyberchimps.com
>>> >
>>> >
>>> > _______________________________________________
>>> > theme-reviewers mailing list
>>> > theme-reviewers at lists.wordpress.org
>>> > http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>> >
>>> >
>>>
>>>
>>>
>>> --
>>> -Doug
>>> _______________________________________________
>>> theme-reviewers mailing list
>>> theme-reviewers at lists.wordpress.org
>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
--
My Blog: http://pross.org.uk/
Plugins : http://pross.org.uk/plugins/
Themes: http://wordpress.org/extend/themes/profile/pross
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20111104/04f38716/attachment.htm>
More information about the theme-reviewers
mailing list