[theme-reviewers] WPORG: Support: Claim of a number of backdoored themes in Repo

Kirk Wight kwight at kwight.ca
Wed Apr 25 16:05:44 UTC 2012


That's great! I agree with Cais, it really shows the value of these reviews.

Has there ever been a proposed pruning, similar to what happened with
plugins last year (assuming we even have the mandate to do that)? Maybe
setting a two year cutoff, and reviewing older stuff to see if some themes
should actively be removed? It would seem a simple way to up the overall
quality of the repo (although we would need to give proper warning,
allowing affected developers time to update their themes if they so choose).

Thoughts?

On 25 April 2012 11:56, Edward Caissie <edward.caissie at gmail.com> wrote:

> Good Work, Amy! ... and definitely yet another justification for the
> process and guidelines we use.
>
>
> Cais.
>
>
>
> On Wed, Apr 25, 2012 at 11:50 AM, Amy Hendrix <sabreuse at gmail.com> wrote:
>
>> I had a bit of time so I went through the list he posted --
>>
>> - Only one theme is available in the directory, and that was a false
>> positive (same filename, but a completely different "helpers" file
>> from the others on the list).
>> - Two were themes that reviewers caught, rejected, and reported to
>> wp.org at the time they were reviewed,
>> - The rest were from before there was a review process, and none of
>> them would pass review now.
>>
>> I think that's a nice indication that our process has made a big
>> difference in the quality of what gets out there!
>>
>> On Wed, Apr 25, 2012 at 10:35 AM, Amy Hendrix <sabreuse at gmail.com> wrote:
>> > Yeah, I suspect that "helpers.php" is an exploit that someone is using
>> > somewhere -- exactly because it's such a generic-looking filename --
>> > but it's also used as a name for a perfectly innocent helper function
>> > library by other themes.
>> >
>> >
>> > On Wed, Apr 25, 2012 at 10:32 AM, Chip Bennett <chip at chipbennett.net>
>> wrote:
>> >> I replied, and "ottolook" tagged the topic. (If code is to be removed
>> from
>> >> SVN, Otto is the one to do it.)
>> >>
>> >> The OP definitely found some malicious code, but some of the referenced
>> >> Themes don't have malicious code, as far as I can tell.
>> >>
>> >> Thanks,
>> >>
>> >> Chip
>> >>
>> >>
>> >> On Wed, Apr 25, 2012 at 9:12 AM, esmi at quirm dot net <esmi at quirm.net
>> >
>> >> wrote:
>> >>>
>> >>>
>> >>>
>> >>> <
>> http://wordpress.org/support/topic/backdoored-templates-on-themessvnwordpressorg
>> >
>> >>>
>> >>> Mel
>> >>> --
>> >>> http://quirm.net
>> >>> http://blackwidows.co.uk
>> >>> _______________________________________________
>> >>> theme-reviewers mailing list
>> >>> theme-reviewers at lists.wordpress.org
>> >>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>> >>
>> >>
>> >>
>> >> _______________________________________________
>> >> theme-reviewers mailing list
>> >> theme-reviewers at lists.wordpress.org
>> >> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>> >>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20120425/a6706102/attachment.htm>


More information about the theme-reviewers mailing list