DiogoRedinDevelopment
DiogoRedinDevelopment Recent Posts Threads Started
552 posts
  • Located in Portugal
  • Contributed a blog post
  • Helped several times protecting Envato Market against copyright violations
  • Has sold $5,000+ on Envato Market
+4 more
DiogoRedinDevelopment says

Hi Everyone!

Today I was checking the code of my new theme using the theme check plugin and got some warnings related to the timthumb script. I have the most recent version of the script, so I don’t know if I should change the code of the script or … ignore the warnings.

Here are the warnings:

WARNING: Found base64_decode in the file scripts/timthumb.php. base64_decode() is not allowed.

Line 170: $imgData = base64_decode('R0lGODlhUAAMAIAAAP8AAP///yH5BAAHAP8ALAAAAABQAAwAAAJpjI+py+0P

WARNING: fwrite was found in the file scripts/timthumb.php possible file operations.

Line 806: fwrite(self::$curlFH, $d);

WARNING: fread was found in the file scripts/timthumb.php possible file operations.

Line 823: $imgType = fread($fp, 3);

WARNING: fopen was found in the file scripts/timthumb.php possible file operations.

Line 636: $fp = fopen($tempfile,'r',0,$context);

Line 643: $fh = fopen($lockFile, 'w');

Line 756: self::$curlFH = fopen($tempfile, 'w');

Line 820: $fp = fopen($this->cachefile, 'rb');

WARNING: file_put_contents was found in the file scripts/timthumb.php possible file operations.

Line 637: file_put_contents($tempfile2, $this->filePrependSecurityBlock . $imgType . 

Line 638: file_put_contents($tempfile2, $fp, FILE_APPEND);

Line 785: if(! file_put_contents($tempfile, $img)){

WARNING: file_get_contents was found in the file scripts/timthumb.php possible file operations.

Line 778: $img = @file_get_contents ($this->src);

Line 781: $this->debug(3, 'Error trying to fetch remote image using file_get_contents: $err');

Line 836: $content = file_get_contents ($this->cachefile);

Line 840: $this->debug(3, 'Served using file_get_contents and echo');

WARNING: fclose was found in the file scripts/timthumb.php possible file operations.

Line 639: fclose($fp);

Line 651: fclose($fh);

Line 654: fclose($fh);

Line 768: fclose(self::$curlFH);

Line 832: fclose($fp);

WARNING: curl_init was found in the file scripts/timthumb.php possible file operations.

Line 754: if(function_exists('curl_init')){

Line 758: $curl = curl_init($this->src);

WARNING: curl_exec was found in the file scripts/timthumb.php possible file operations.

Line 766: $curlResult = curl_exec($curl);

Would my get approved with these errors? Will my customers have problems?

3256 posts
  • Has referred 100+ members
  • Has sold $250,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Elite Author: Sold more than $75,000 on Envato Market
+9 more
ParkerAndKent says

It would get approved, those aren’t errors but warnings. Then, the theme check plugin is specifically for WordPress.org themes, where they don’t allow base64 encoding because the code is gpl I guess.

I use base64, like many do, to backup the theme options… would be crazy to avoid this with premium themes.

Parker

DiogoRedinDevelopment
DiogoRedinDevelopment Recent Posts Threads Started
552 posts
  • Located in Portugal
  • Contributed a blog post
  • Helped several times protecting Envato Market against copyright violations
  • Has sold $5,000+ on Envato Market
+4 more
DiogoRedinDevelopment says
ParkerAndKent said
It would get approved, those aren’t errors but warnings. Then, the theme check plugin is specifically for WordPress.org themes, where they don’t allow base64 encoding because the code is gpl I guess.

I use base64, like many do, to backup the theme options… would be crazy to avoid this with premium themes.

Parker

Thank you for the answer :bigsmile:

1148 posts
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has been a beta tester for an Envato feature
  • Has collected 10+ items on Envato Market
+3 more
fillerspace says
ParkerAndKent said
they don’t allow base64 encoding because the code is gpl I guess.

I would think it’s because it is spammers use base64 and eval to hide links in their themes

by
by
by
by
by
by