[wp-hackers] Themes Being Unofficially Distributed with Security
Vulnerabilities - Time for an Official Theme Repository?
Robin Adrianse
robin.adr at gmail.com
Wed Nov 28 23:40:48 GMT 2007
But that's easily gamed by spammers. They're not *that* stupid, you know ;).
I don't think machine-verification would be that productive, to be honest.
And it wouldn't really be that hard for a human to just give the theme files
a quick look-over.
On Nov 28, 2007 2:29 PM, Christine Davis <christine at neato.co.nz> wrote:
> Depends what you mean by "validate".
>
> You could certainly run it through a parser that has a collection of
> heuristics for figuring out if a theme seems sketchy - chunks of base64
> encoded javascript seem easy enough to automagically find (and a big
> warning
> flag). Looking for things that look like ad code / hardcoded back links
> doesn't seem impossible, either d:
>
> It's not practical — you can only verify the resulting (X)HTML is valid
> > once the PHP is parsed and executed. It's not like you can just
> > "validate" the PHP files in the theme directory.
> >
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list