[wp-hackers] Themes Being Unofficially Distributed with Security Vulnerabilities - Time for an Official Theme Repository?

Christine Davis christine at neato.co.nz
Wed Nov 28 22:29:46 GMT 2007


Depends what you mean by "validate".

You could certainly run it through a parser that has a collection of
heuristics for figuring out if a theme seems sketchy - chunks of base64
encoded javascript seem easy enough to automagically find (and a big warning
flag).  Looking for things that look like ad code / hardcoded back links
doesn't seem impossible, either d:

It's not practical — you can only verify the resulting (X)HTML is valid
> once the PHP is parsed and executed. It's not like you can just
> "validate" the PHP files in the theme directory.
>


More information about the wp-hackers mailing list