The first thing to do is to get in touch with the author of the file. The public forums are not the best place to start with a question that is so specific to a single file. Furthermore, it is rather unlikely that there was no style.css file included with a WP theme.. Are you sure?
After a rather tumultuous weekend including multiple restores from my Time Machine (ouch!), I finally upgraded.
Guys, if you’re stuck on ‘2 minutes remaining’, be patient. If you have a bunch of stuff in /usr/local/bin (such as LaTeX or a large number of Homebrew packages), this last few steps can take multiple hours. Even the cmd+L installation logs can get stuck for an hour without showing any progress. Be. Patient. It’ll be all right in the end. Wait it out.
I guess it really depends on how Ebay will be treating Paypal from now on, and how Amazon will react. If this means that Ebay is diverging from the ease-of-use thing they’ve got going with Paypal, that may turn out pretty badly for the latter. Then again, if this triggers Amazon to flick the switch, Paypal has a great future ahead of it..
Honestly I’m not too concerned about ApplePay on this respect – if they’re going to flip over anything, it’ll be analogue credit card payments rather than digital ones.
I’d be interested to see if/how this is exploitable from some sort of popular front end app (thinking, apache with mod_php, not just cgi)
While mod_php does not immediately rely on bash in the way cgi does, it could definitely be possible to influence environment variables. Forcing a remote machine to read the variables would be a second issue, though. In any case, many uses of
system() are likely to run into bash somewhere along the line. I’m very curious how this one will play out, as I doubt the patching process will be anywhere as smooth as with Heartbleed.
Thanks for the snippits showing your local test