2121 pointsLike some sort of WPMU DEV God"Mindblowingly helpful memberLifetime member
Ovidiu
Member
—
8th May 2011 19:13
this plugin jsut popped up in the last updated plugins feed :-) => http://premium.wpmudev.org/project-feed/updated
the changelog doesn't list any changes after april 2010 so has it been updated?
this plugin jsut popped up in the last updated plugins feed :-) => http://premium.wpmudev.org/project-feed/updated
the changelog doesn't list any changes after april 2010 so has it been updated?
going through the themes, one by one and found this one:
BlogTheme by WooThemes
has an option where you can input a tracking code. I guess that would be .js and make it unsafe for usage on an open platform, right?
I could go edit its functions.php and take that option out, but generally speaking: have you checked the themes for options like this? I do think they should be removed.
- doesn't seem to correctly call the wp admin bar!? admin bar not being shown
day dream
- seems to create pages? or was it the comment press theme? kinda confusing for the users, ending up with extra pages. called: "comments by section" and "comments by user".
thanks Richie.
This is not urgent, I can simply network disable the ones I don't want to use.
Just thought I'd post here seeing that I tested them one by one...
using wp 3.1.2 and Google Chrome 12.0.742.30 beta-m
@Js insertion option and malicious code insertion
pretty sure they have some ks filter encode by original author..will check them out
I wouldn't bet on that since most of these themes are made for wp single (not multisite) so why would anyone check for security probs seeing that they are admins and running the themes on their own blog, which is not the case with multisite :-)
hi
we updated the 133 farms themes to version 1.3 couple of hours ago.
some css and p2 upload fix you mention applied...see changelog
yes..you can start editing the themes for the security issue you mention.
although i think i removed the google analystic in blogtheme and garland already.
Thank you very much Ovidiu for taking the time to check these points which are really important in open multisite environments and report them here (I can't resist to offer you some rep points). I hope that these things will be checked carefully by the great WPMU DEV team.
And were the links to Wordpress.com removed from the themes?
Please let me finally share this plugin which helps a lot for checking a few things into the themes:
TAC stands for Theme Authenticity Checker. Currently, TAC searches the source files of every installed theme for signs of malicious code. If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code. As of v1.3 TAC also searches for and displays static links.
haven't gotten around to check again, but what were the changes?
btw. I just realized none of the WPMUDEV 133 pack themes is reporting an update anymore, was that part of the newest change or is this just happening on my installation??
could someone activate the Daisy Rae Gemini theme and check if the top menu is obstructing the header image as it does on this test blog here: http://adi.zice.ro please?
@ovidiu
the latest 133 theme pack remove the [WPMU DEV] in description and also added higher version to the style.css that why theres no update notification anymore
#Daisy Rae Gemini
try open the theme footer.php and moved the <?php wp_footer(); ?> to before end </body>
seem like the footer css is conflcted with the wpadminbar css.
the latest version should be 1.3.1..check one of the theme style.css and if theres no [WPMU DEV] in description and version: 133farmthemes....then its the latest updated one:)
- upgraded to the latest theme pack
- tried moving wp_footer() around but didn't help
- where is the conflict with the admin bar? I checked with firebug and can't see any problem, care to point me to it so I can attempt to fix it please?
Responses (19)
Geeky Developer — 9th May 2011 06:28 #
not yet...the 133-farms-theme-pack version 1.2 should be rolling out soon.
i think i bug that this morning..hehe..my upload update got time out:)
Founder & CEO — 11th May 2011 02:37 #
Updated!
Member — 11th May 2011 07:53 #
hehe, on it already!!!
Member — 11th May 2011 08:53 #
going through the themes, one by one and found this one:
BlogTheme by WooThemes
has an option where you can input a tracking code. I guess that would be .js and make it unsafe for usage on an open platform, right?
I could go edit its functions.php and take that option out, but generally speaking: have you checked the themes for options like this? I do think they should be removed.
Dignity by ThemeBox
seems to have a css glitch? http://screencast.com/t/MAfMC0pXw
Garland
has an option to show your own footer text. Not sure if it filters it though or if .js can be entered?
K2
has a .js option as well: Ajax Success JavaScript
JavaScript code that will be executed whenever Advanced Navigation is dynamically loaded.
Mystique
Advertisment blocks
Use the [ad] short code to insert these ads into posts, text widgets or footer
=> malicious code check? Remove completely?
Nature
seems to have a settings page without a setting? http://screencast.com/t/YzT2cX9cS
Member — 11th May 2011 13:12 #
P2
a few broken links on the frontpage, see some sample code:
Retweet
I think there is a small css glitch in normal view, wide view is fine? http://screencast.com/t/Zi06AFMybazV
comment press
- doesn't seem to correctly call the wp admin bar!? admin bar not being shown
day dream
- seems to create pages? or was it the comment press theme? kinda confusing for the users, ending up with extra pages. called: "comments by section" and "comments by user".
Geeky Developer — 11th May 2011 15:12 #
hi ovidiu
thanks for taking the time to checked them live one by one.
what browser did you check them on?
@Js insertion option and malicious code insertion
pretty sure they have some ks filter encode by original author..will check them out
@comment press
ahh..personally i did not fond of this theme...too much hardcoded code..auto db insert...reckon we removed them for theme pack:)?
@p2
they are working last time i checked...will retest them again...btw i'm on wp 3.1.2
are you on wp 3.2 bleeding?
will follow up the list and track them.
cheers
Member — 11th May 2011 15:21 #
thanks Richie.
This is not urgent, I can simply network disable the ones I don't want to use.
Just thought I'd post here seeing that I tested them one by one...
using wp 3.1.2 and Google Chrome 12.0.742.30 beta-m
I wouldn't bet on that since most of these themes are made for wp single (not multisite) so why would anyone check for security probs seeing that they are admins and running the themes on their own blog, which is not the case with multisite :-)
Member — 19th May 2011 11:19 #
will there be anymore feedback on this thread? Otherwise I'll go ahead and start editing the themes I don't deem safe as listed above.
Geeky Developer — 19th May 2011 12:19 #
hi
we updated the 133 farms themes to version 1.3 couple of hours ago.
some css and p2 upload fix you mention applied...see changelog
yes..you can start editing the themes for the security issue you mention.
although i think i removed the google analystic in blogtheme and garland already.
cheers
Member — 19th May 2011 12:21 #
cool, thanks a lot.
I will check the themes, update the ones I use and then check the ones i mentioned here again.
Member — 19th May 2011 15:47 #
Thank you very much Ovidiu for taking the time to check these points which are really important in open multisite environments and report them here (I can't resist to offer you some rep points). I hope that these things will be checked carefully by the great WPMU DEV team.
And were the links to Wordpress.com removed from the themes?
Please let me finally share this plugin which helps a lot for checking a few things into the themes:
http://wordpress.org/extend/plugins/tac/
Cheers
Laurent
Member — 20th May 2011 20:34 #
Ok, it looks like all links to wp.com have been removed. Thanks! :-)
Member — 23rd May 2011 10:10 #
haven't gotten around to check again, but what were the changes?
btw. I just realized none of the WPMUDEV 133 pack themes is reporting an update anymore, was that part of the newest change or is this just happening on my installation??
Member — 8th July 2011 07:06 #
could someone activate the Daisy Rae Gemini theme and check if the top menu is obstructing the header image as it does on this test blog here: http://adi.zice.ro please?
Geeky Developer — 8th July 2011 07:52 #
@ovidiu
the latest 133 theme pack remove the [WPMU DEV] in description and also added higher version to the style.css that why theres no update notification anymore
#Daisy Rae Gemini
try open the theme footer.php and moved the <?php wp_footer(); ?> to before end </body>
seem like the footer css is conflcted with the wpadminbar css.
Member — 8th July 2011 07:53 #
ok, will check.
so are you saying there is a newer version of the theme pack out already?
Geeky Developer — 8th July 2011 08:01 #
the latest version should be 1.3.1..check one of the theme style.css and if theres no [WPMU DEV] in description and version: 133farmthemes....then its the latest updated one:)
Member — 8th July 2011 08:24 #
- upgraded to the latest theme pack
- tried moving wp_footer() around but didn't help
- where is the conflict with the admin bar? I checked with firebug and can't see any problem, care to point me to it so I can attempt to fix it please?
Member — 11th July 2011 10:10 #
anyone?
Become a member