[theme-reviewers] Theme standards and obfuscation
jay Cauvain
wp at stormfire.me
Thu Apr 26 13:45:39 UTC 2012
Encoded themes are rejected during the upload process, any that make it
through are rejected by the person reviewing the theme.
So don't worry, measures are already in place.
On Apr 26, 2012 2:41 PM, "Andrew McGill" <list2010 at lunch.za.net> wrote:
> Hi
>
> I notice that the theme standards do not say anything about code
> obfuscation and readability:
>
> http://codex.wordpress.org/Theme_Review#Security_and_Privacy
>
> I suggest the following guidelines:
>
> * No obfuscation: all code must written in human readable format:
> measures that reduce readability are not allowed. (e.g. variable name
> mangling, stripping indentation)
>
> * No hiding: All code must appear in regular .php files. No measures to
> obscure the code being run are permitted.
>
> The reason this would be helpful is that there are a lot of commercial
> themes of dubious quality employing various kinds of obfuscation - 85
> levels of base64_decode and gzip hiding the closing div tags, wp_footer and
> the 'if $posts>20 (advertise())'. It is also pretty hard to distinguish
> "legitimate" obfuscation from a hacked site.
>
> It would make the world a happier place if wordpress.org said that code
> obfuscation is not-so-cool.
>
> Something should also be said about code obfuscation in javascript files
> too ... (e.g. the compressed version of jquery). I reckon it should be
> discouraged (if not prohibited).
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20120426/7c0d5035/attachment.htm>
More information about the theme-reviewers
mailing list