[theme-reviewers] Question about footer credit function

Edward Caissie edward.caissie at gmail.com
Fri Nov 4 18:59:25 UTC 2011


I guess I was not clear on my opinion ... I would *not* approve it either.
Just saying I'm curious why base64 is being used on such an innocuous link.


Cais.


On Fri, Nov 4, 2011 at 2:44 PM, Simon Prosser <pross at pross.org.uk> wrote:

> I would NOT let it in, take a look at the code again, he has split the
> function base64_decode() into base64 '_' decode to get round the uploader
>
>
> On 4 November 2011 18:29, Edward Caissie <edward.caissie at gmail.com> wrote:
>
>> Given that the obscured code is not a posing any concerns I would be
>> tempted to let it through, but that just leads to potential unscrupulous
>> updates; not that I would expect them but part of the reasoning behind not
>> allowing base64 encoded items is to keep the theme code "human-readable" as
>> the repository should be used as a learning tool besides it's more commonly
>> associated distribution service functionality.
>>
>> I would be interested in what compelled the author to choose to encode
>> this link, even as a "Mallory-Everest" idea it does not fit with the
>> "spirit of the repository".
>>
>>
>> Cais.
>>
>>
>>
>> On Fri, Nov 4, 2011 at 4:57 AM, Mikkel W. Breum <mikkel at wpkitchen.com>wrote:
>>
>>> Hi Tyler
>>>
>>> The code is trying to hide that it's adding a credit link to the author.
>>> It's not doing anything dangerous, but it's not allowed.
>>> You can take the entire code and replace all the encoded strings with
>>> the decode version (use
>>> http://www.opinionatedgeek.com/dotnet/tools/base64decode/ or a similar
>>> tool for that) then You'll see that its just encoded strings representing
>>> some links and even the name of the base64_decode function.
>>>
>>> When run in its current form the function simply returns the following
>>> string:
>>>
>>> "<a href="http://wordpress.org/">WordPress</a> and <a href="
>>> http://www.foxload.com/naturefox-wordpress-theme/">NatureFox</a>"
>>>
>>>
>>> ----
>>>
>>> Mikkel Breum
>>> wpKitchen.com
>>>
>>> mikkel at wpkitchen.com
>>> phone: +49 176 23885016
>>> skype: mikwolbre
>>>
>>> On 04/11/2011, at 06.53, Merci Javier wrote:
>>>
>>>
>>> Agreed. That's a fail.
>>>
>>> Couldn't even decode it with one of tools given
>>> http://wordpress.org/support/topic/theme-decoding-thread?replies=43Just curious what was there.
>>>
>>>
>>>
>>> On Thu, Nov 3, 2011 at 10:16 PM, Doug Stewart <zamoose at gmail.com> wrote:
>>>
>>>> That base64 should be enough to FAIL immediately.
>>>>
>>>> On Fri, Nov 4, 2011 at 1:12 AM, Tyler Cunningham
>>>> <seizedpropaganda at gmail.com> wrote:
>>>> > Hey all,
>>>> > Finally had some time to sit down and do some reviews so I was
>>>> clearing out
>>>> > some of the priority 1 tickets and came across something I wanted to
>>>> run by
>>>> > some of the more senior review members. Check out the following diff:
>>>> >
>>>> http://themes.trac.wordpress.org/changeset?old_path=/naturefox/1.0.5&new_path=/naturefox/1.0.6#file8
>>>> > As soon as I saw the naturefox_credits function a red flag came up.
>>>> Should I
>>>> > ask the author what the purpose behind this is? Is this a no-no?
>>>> > Thanks.
>>>> > Regards,
>>>> >
>>>> > Tyler Cunningham  |  Founder, COO - CyberChimps LLC
>>>> > @tylerbcunning
>>>> > http://gplus.to/tylercunningham
>>>> > http://linkedin.com/in/tylerbcunningham
>>>> > tyler at cyberchimps.com
>>>> >
>>>> >
>>>> > _______________________________________________
>>>> > theme-reviewers mailing list
>>>> > theme-reviewers at lists.wordpress.org
>>>> > http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>> >
>>>> >
>>>>
>>>>
>>>>
>>>> --
>>>> -Doug
>>>> _______________________________________________
>>>> theme-reviewers mailing list
>>>> theme-reviewers at lists.wordpress.org
>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>
>>>
>>> _______________________________________________
>>> theme-reviewers mailing list
>>> theme-reviewers at lists.wordpress.org
>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>
>>>
>>>
>>> _______________________________________________
>>> theme-reviewers mailing list
>>> theme-reviewers at lists.wordpress.org
>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>
>>>
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>
>
> --
> My Blog: http://pross.org.uk/
> Plugins : http://pross.org.uk/plugins/
> Themes: http://wordpress.org/extend/themes/profile/pross
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20111104/47710dd1/attachment-0001.htm>


More information about the theme-reviewers mailing list