[theme-reviewers] WPORG: Support: Claim of a number of backdoored themes in Repo

Amy Hendrix sabreuse at gmail.com
Wed Apr 25 16:19:09 UTC 2012


:D

On Wed, Apr 25, 2012 at 12:16 PM, Chip Bennett <chip at chipbennett.net> wrote:
> Hold that thought. There may be some...internal discussions being conducted
> along those lines. :)
>
> Chip
>
>
> On Wed, Apr 25, 2012 at 11:05 AM, Kirk Wight <kwight at kwight.ca> wrote:
>>
>> That's great! I agree with Cais, it really shows the value of these
>> reviews.
>>
>> Has there ever been a proposed pruning, similar to what happened with
>> plugins last year (assuming we even have the mandate to do that)? Maybe
>> setting a two year cutoff, and reviewing older stuff to see if some themes
>> should actively be removed? It would seem a simple way to up the overall
>> quality of the repo (although we would need to give proper warning, allowing
>> affected developers time to update their themes if they so choose).
>>
>> Thoughts?
>>
>>
>> On 25 April 2012 11:56, Edward Caissie <edward.caissie at gmail.com> wrote:
>>>
>>> Good Work, Amy! ... and definitely yet another justification for the
>>> process and guidelines we use.
>>>
>>>
>>> Cais.
>>>
>>>
>>>
>>> On Wed, Apr 25, 2012 at 11:50 AM, Amy Hendrix <sabreuse at gmail.com> wrote:
>>>>
>>>> I had a bit of time so I went through the list he posted --
>>>>
>>>> - Only one theme is available in the directory, and that was a false
>>>> positive (same filename, but a completely different "helpers" file
>>>> from the others on the list).
>>>> - Two were themes that reviewers caught, rejected, and reported to
>>>> wp.org at the time they were reviewed,
>>>> - The rest were from before there was a review process, and none of
>>>> them would pass review now.
>>>>
>>>> I think that's a nice indication that our process has made a big
>>>> difference in the quality of what gets out there!
>>>>
>>>> On Wed, Apr 25, 2012 at 10:35 AM, Amy Hendrix <sabreuse at gmail.com>
>>>> wrote:
>>>> > Yeah, I suspect that "helpers.php" is an exploit that someone is using
>>>> > somewhere -- exactly because it's such a generic-looking filename --
>>>> > but it's also used as a name for a perfectly innocent helper function
>>>> > library by other themes.
>>>> >
>>>> >
>>>> > On Wed, Apr 25, 2012 at 10:32 AM, Chip Bennett <chip at chipbennett.net>
>>>> > wrote:
>>>> >> I replied, and "ottolook" tagged the topic. (If code is to be removed
>>>> >> from
>>>> >> SVN, Otto is the one to do it.)
>>>> >>
>>>> >> The OP definitely found some malicious code, but some of the
>>>> >> referenced
>>>> >> Themes don't have malicious code, as far as I can tell.
>>>> >>
>>>> >> Thanks,
>>>> >>
>>>> >> Chip
>>>> >>
>>>> >>
>>>> >> On Wed, Apr 25, 2012 at 9:12 AM, esmi at quirm dot net
>>>> >> <esmi at quirm.net>
>>>> >> wrote:
>>>> >>>
>>>> >>>
>>>> >>>
>>>> >>>
>>>> >>> <http://wordpress.org/support/topic/backdoored-templates-on-themessvnwordpressorg>
>>>> >>>
>>>> >>> Mel
>>>> >>> --
>>>> >>> http://quirm.net
>>>> >>> http://blackwidows.co.uk
>>>> >>> _______________________________________________
>>>> >>> theme-reviewers mailing list
>>>> >>> theme-reviewers at lists.wordpress.org
>>>> >>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>> >>
>>>> >>
>>>> >>
>>>> >> _______________________________________________
>>>> >> theme-reviewers mailing list
>>>> >> theme-reviewers at lists.wordpress.org
>>>> >> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>> >>
>>>> _______________________________________________
>>>> theme-reviewers mailing list
>>>> theme-reviewers at lists.wordpress.org
>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>
>>>
>>>
>>> _______________________________________________
>>> theme-reviewers mailing list
>>> theme-reviewers at lists.wordpress.org
>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>
>>
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>


More information about the theme-reviewers mailing list