542 posts
  • Exclusive Author
  • Europe
  • Sold between 5 000 and 10 000 dollars
  • Has been a member for 3-4 years
  • Repeatedly helped protect Envato Market against copyright violations
  • Contributed a Blog Post
  • Bought between 10 and 49 items
  • Referred between 1 and 9 users
ThemesFever says

Hi Everyone!

Today I was checking the code of my new theme using the theme check plugin and got some warnings related to the timthumb script. I have the most recent version of the script, so I don’t know if I should change the code of the script or … ignore the warnings.

Here are the warnings:

WARNING: Found base64_decode in the file scripts/timthumb.php. base64_decode() is not allowed.

Line 170: $imgData = base64_decode('R0lGODlhUAAMAIAAAP8AAP///yH5BAAHAP8ALAAAAABQAAwAAAJpjI+py+0P

WARNING: fwrite was found in the file scripts/timthumb.php possible file operations.

Line 806: fwrite(self::$curlFH, $d);

WARNING: fread was found in the file scripts/timthumb.php possible file operations.

Line 823: $imgType = fread($fp, 3);

WARNING: fopen was found in the file scripts/timthumb.php possible file operations.

Line 636: $fp = fopen($tempfile,'r',0,$context);

Line 643: $fh = fopen($lockFile, 'w');

Line 756: self::$curlFH = fopen($tempfile, 'w');

Line 820: $fp = fopen($this->cachefile, 'rb');

WARNING: file_put_contents was found in the file scripts/timthumb.php possible file operations.

Line 637: file_put_contents($tempfile2, $this->filePrependSecurityBlock . $imgType . 

Line 638: file_put_contents($tempfile2, $fp, FILE_APPEND);

Line 785: if(! file_put_contents($tempfile, $img)){

WARNING: file_get_contents was found in the file scripts/timthumb.php possible file operations.

Line 778: $img = @file_get_contents ($this->src);

Line 781: $this->debug(3, 'Error trying to fetch remote image using file_get_contents: $err');

Line 836: $content = file_get_contents ($this->cachefile);

Line 840: $this->debug(3, 'Served using file_get_contents and echo');

WARNING: fclose was found in the file scripts/timthumb.php possible file operations.

Line 639: fclose($fp);

Line 651: fclose($fh);

Line 654: fclose($fh);

Line 768: fclose(self::$curlFH);

Line 832: fclose($fp);

WARNING: curl_init was found in the file scripts/timthumb.php possible file operations.

Line 754: if(function_exists('curl_init')){

Line 758: $curl = curl_init($this->src);

WARNING: curl_exec was found in the file scripts/timthumb.php possible file operations.

Line 766: $curlResult = curl_exec($curl);

Would my get approved with these errors? Will my customers have problems?

3256 posts
  • Elite Author
  • Sold between 250 000 and 1 000 000 dollars
  • Exclusive Author
  • Interviewed on the Envato Notes blog
  • Beta Tester
  • Author had a File in an Envato Bundle
  • Author had a Free File of the Month
+4 more
ParkerAndKent says

It would get approved, those aren’t errors but warnings. Then, the theme check plugin is specifically for WordPress.org themes, where they don’t allow base64 encoding because the code is gpl I guess.

I use base64, like many do, to backup the theme options… would be crazy to avoid this with premium themes.

Parker

542 posts
  • Exclusive Author
  • Europe
  • Sold between 5 000 and 10 000 dollars
  • Has been a member for 3-4 years
  • Repeatedly helped protect Envato Market against copyright violations
  • Contributed a Blog Post
  • Bought between 10 and 49 items
  • Referred between 1 and 9 users
ThemesFever says
ParkerAndKent said
It would get approved, those aren’t errors but warnings. Then, the theme check plugin is specifically for WordPress.org themes, where they don’t allow base64 encoding because the code is gpl I guess.

I use base64, like many do, to backup the theme options… would be crazy to avoid this with premium themes.

Parker

Thank you for the answer :bigsmile:

1148 posts
  • Referred between 1 and 9 users
  • Sold between 1 000 and 5 000 dollars
  • Has been a member for 4-5 years
  • Bought between 10 and 49 items
  • Exclusive Author
  • Envato Studio (Microlancer) Beta Tester
  • United States
fillerspace says
ParkerAndKent said
they don’t allow base64 encoding because the code is gpl I guess.

I would think it’s because it is spammers use base64 and eval to hide links in their themes

by
by
by
by
by
by