btgrl54 Posted June 2, 2017 Report Share Posted June 2, 2017 Hi, I loved your "Schema" theme by looking. So, I google for pirated copy to check code quality. But I got some issues with security and others. Please check your theme here: http://themecheck.org/ you will get many critical issue. If you fix those issues so, I will buy this theme for sure. Please let me know will you fix those issue or not. If not so I find other theme. Link to comment Share on other sites More sharing options...
Ben Posted June 2, 2017 Report Share Posted June 2, 2017 Hello, I checked the files in question and I can assure you that all the issues listed are false positives, none of them pose any risk. 1. You can see that ini_set() is only being used to try and extend the max_execution_time, to avoid timeout issues on some servers. There is nothing wrong with this usage. 2. & 3. While the base64_ functions may indicate obfuscated code (malware), they have numerous legitimate uses, and in this case, they are required by the Twitter API. 4. & 5. file_get_contents(), fopen() and fclose() are required for the demo importer to work correctly. curl_init() and curl_exec() are used by the Twitter API library. I'm not sure why these get simply flagged as "Malware" by the checker tool. 6. It is true that add_theme_page() is recommended for themes, however, the options it provides are limited, and there is no difference in performance or otherwise when compared with other similar functions, like add_menu_page(). Please note that the checker even flagged some commented out lines in the code, which never get executed and have no effect at all. This also shows that the tool checks themes in a rather basic and unsophisticated manner. Hope that helps. If you have any question, please feel free to ask. Thank you. Link to comment Share on other sites More sharing options...
Support Mili Posted June 2, 2017 Support Report Share Posted June 2, 2017 Hello, Thank you for contacting MyThemeShop today and sorry for any inconvenience that might have been caused due to that. When you check themes through the "themecheck.org" you are looking at random errors that the theme checker is not able to determine where they come from, so anything that it doesn't know about is classified as a "security issue". It is not a good way to check a theme if you don't know what the errors are. Our theme Schema has no security errors and is perfectly safe, there are hundreds of users using it and we had no reports of issues. However since you gotten a pirated copy of it, it is logical to assume that your copy might actually be pirated and contain unsafe code. That is why it is wiser to purchase the theme from us rather than obtaining pirated copies. Nothing is free, if someone is giving you a theme that is premium and they are giving it to you for free, you should be skeptical and ask yourself why they are giving it to you free. The way hackers spread code is by giving away free themes, you should not use those files, not even download them on your computer. Instead purchase the theme. Looking forward to help you. Thank you. 🏁Rank #1 on Google With our WordPress SEO Plugin. ⚡Score a 💯on PageSpeed and Dominate Search Rankings. ✏ Editing theme files? Please create a child theme to make your changes update-proof. Link to comment Share on other sites More sharing options...
btgrl54 Posted June 2, 2017 Author Report Share Posted June 2, 2017 Hi, you told that 21 minutes ago, MistaPrime said: When you check themes through the "themecheck.org" you are looking at random errors that the theme checker is not able to determine where they come from, so anything that it doesn't know about is classified as a "security issue". Checker perfectly know where they come from. Check the list below. Also "themecheck.org" is good way to check WP theme. Can you assure me that listed below issues are not present in your theme? Critical alerts Security breaches : Modification of PHP server settings Found ini_set in file wordpress-importer.php. Line 108: ini_set('max_execution_time', -1); Line 134: ini_set('max_execution_time', $max_execution_time); Found ini_set in file wordpress-importer.php. Line 108: ini_set('max_execution_time', -1); Line 134: ini_set('max_execution_time', $max_execution_time); Security breaches : Use of base64_decode() Found base64_decode in file twitteroauth.php. Line 141: $decoded_sig = base64_decode($signature); // base64_encode() required by Twitter! Security breaches : Use of base64_encode() Found base64_encode in file twitteroauth.php. return base64_encode(hash_hmac('sha1', $base_string, $key, true)); // base64_encod return base64_encode($signature); // base64_encode() required by Twitter! $decoded_sig = base64_decode($signature); // base64_encode() required by Twitter! Malware : Operations on file system file_get_contents was found in the file parsers.php Line 68: $contents = file_get_contents( $file ); Line 275: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) { file_get_contents was found in the file parsers.php Line 68: $contents = file_get_contents( $file ); Line 275: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) { fopen was found in the file parsers.php Line 421: $fp = $this->fopen( $file, 'r' ); Line 647: function fopen( $filename, $mode = 'r' ) { Line 650: return fopen( $filename, $mode ); fclose was found in the file parsers.php Line 470: $this->fclose($fp); Line 665: function fclose( $fp ) { Line 668: return fclose( $fp ); fopen was found in the file parsers.php Line 421: $fp = $this->fopen( $file, 'r' ); Line 647: function fopen( $filename, $mode = 'r' ) { Line 650: return fopen( $filename, $mode ); fopen was found in the file parsers.php Line 421: $fp = $this->fopen( $file, 'r' ); Line 647: function fopen( $filename, $mode = 'r' ) { Line 650: return fopen( $filename, $mode ); fclose was found in the file parsers.php Line 470: $this->fclose($fp); Line 665: function fclose( $fp ) { Line 668: return fclose( $fp ); fclose was found in the file parsers.php Line 470: $this->fclose($fp); Line 665: function fclose( $fp ) { Line 668: return fclose( $fp ); file_get_contents was found in the file radium-importer.php Line 293: $data = file_get_contents( $file ); Line 384: $data = file_get_contents( $file ); file_get_contents was found in the file radium-importer.php Line 293: $data = file_get_contents( $file ); Line 384: $data = file_get_contents( $file ); file_get_contents was found in the file parsers.php Line 68: $contents = file_get_contents( $file ); Line 275: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) { file_get_contents was found in the file parsers.php Line 68: $contents = file_get_contents( $file ); Line 275: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) { fopen was found in the file parsers.php Line 421: $fp = $this->fopen( $file, 'r' ); Line 647: function fopen( $filename, $mode = 'r' ) { Line 650: return fopen( $filename, $mode ); fclose was found in the file parsers.php Line 470: $this->fclose($fp); Line 665: function fclose( $fp ) { Line 668: return fclose( $fp ); fopen was found in the file parsers.php Line 421: $fp = $this->fopen( $file, 'r' ); Line 647: function fopen( $filename, $mode = 'r' ) { Line 650: return fopen( $filename, $mode ); fopen was found in the file parsers.php Line 421: $fp = $this->fopen( $file, 'r' ); Line 647: function fopen( $filename, $mode = 'r' ) { Line 650: return fopen( $filename, $mode ); fclose was found in the file parsers.php Line 470: $this->fclose($fp); Line 665: function fclose( $fp ) { Line 668: return fclose( $fp ); fclose was found in the file parsers.php Line 470: $this->fclose($fp); Line 665: function fclose( $fp ) { Line 668: return fclose( $fp ); file_get_contents was found in the file radium-importer.php Line 292: $data = file_get_contents( $file ); Line 369: $data = file_get_contents( $file ); file_get_contents was found in the file radium-importer.php Line 292: $data = file_get_contents( $file ); Line 369: $data = file_get_contents( $file ); file_get_contents was found in the file plugin-activation.php Line 2416: $plugin = @json_decode( @file_get_contents( 'https://api.wordpress.org/plugins/info/1.0/' . $item['s file_get_contents was found in the file twitteroauth.php Line 201: //file_get_contents(self::$POST_INPUT) Malware : Network operations curl_init was found in the file twitteroauth.php Line 1008: $ci = curl_init(); curl_exec was found in the file twitteroauth.php Line 1034: $response = curl_exec($ci); Admin menu : Themes should use add_theme_page() for adding admin pages. File theme-options.php : Line 112: //the list of available parent menus is available here: http://codex.wordpress.org/Function_Reference/add_submenu_page#Parameters File plugin-activation.php : Line 646: $this->page_hook = call_user_func( 'add_{$type}_page', $args['parent_slug'], $args['page_title'], $args['menu_t File plugin-activation.php : Line 3922: add_menu_page( Link to comment Share on other sites More sharing options...
Ben Posted June 2, 2017 Report Share Posted June 2, 2017 Hello, I checked the files in question and I can assure you that all the issues listed are false positives, none of them pose any risk. 1. You can see that ini_set() is only being used to try and extend the max_execution_time, to avoid timeout issues on some servers. There is nothing wrong with this usage. 2. & 3. While the base64_ functions may indicate obfuscated code (malware), they have numerous legitimate uses, and in this case, they are required by the Twitter API. 4. & 5. file_get_contents(), fopen() and fclose() are required for the demo importer to work correctly. curl_init() and curl_exec() are used by the Twitter API library. I'm not sure why these get simply flagged as "Malware" by the checker tool. 6. It is true that add_theme_page() is recommended for themes, however, the options it provides are limited, and there is no difference in performance or otherwise when compared with other similar functions, like add_menu_page(). Please note that the checker even flagged some commented out lines in the code, which never get executed and have no effect at all. This also shows that the tool checks themes in a rather basic and unsophisticated manner. Hope that helps. If you have any question, please feel free to ask. Thank you. Link to comment Share on other sites More sharing options...
makerightmoney Posted June 11, 2017 Report Share Posted June 11, 2017 (edited) If the theme providers are guarantying you then why need of trusting the third party tool? So don't believe that kind of tool.. Need any help ask MTS contact support directly Edited June 11, 2017 by makerightmoney Link to comment Share on other sites More sharing options...
Support Mili Posted June 11, 2017 Support Report Share Posted June 11, 2017 Thank you for our input @makerightmoney 🏁Rank #1 on Google With our WordPress SEO Plugin. ⚡Score a 💯on PageSpeed and Dominate Search Rankings. ✏ Editing theme files? Please create a child theme to make your changes update-proof. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now