[wp-hackers] Themes Being Unofficially Distributed with Security
Vulnerabilities - Time for an Official Theme Repository?
Christine Davis
christine at neato.co.nz
Wed Nov 28 22:29:46 GMT 2007
Depends what you mean by "validate".
You could certainly run it through a parser that has a collection of
heuristics for figuring out if a theme seems sketchy - chunks of base64
encoded javascript seem easy enough to automagically find (and a big warning
flag). Looking for things that look like ad code / hardcoded back links
doesn't seem impossible, either d:
It's not practical — you can only verify the resulting (X)HTML is valid
> once the PHP is parsed and executed. It's not like you can just
> "validate" the PHP files in the theme directory.
>
More information about the wp-hackers
mailing list