has it been updated?

this plugin jsut popped up in the last updated plugins feed :slight_smile: => https://premium.wpmudev.org/project-feed/updated

the changelog doesn’t list any changes after april 2010 so has it been updated?

  • Ovidiu
    • Code Wrangler

    going through the themes, one by one and found this one:

    BlogTheme by WooThemes

    has an option where you can input a tracking code. I guess that would be .js and make it unsafe for usage on an open platform, right?

    I could go edit its functions.php and take that option out, but generally speaking: have you checked the themes for options like this? I do think they should be removed.

    Dignity by ThemeBox

    seems to have a css glitch? http://screencast.com/t/MAfMC0pXw


    has an option to show your own footer text. Not sure if it filters it though or if .js can be entered?


    has a .js option as well: Ajax Success JavaScript

    JavaScript code that will be executed whenever Advanced Navigation is dynamically loaded.


    Advertisment blocks

    Use the [ad] short code to insert these ads into posts, text widgets or footer

    => malicious code check? Remove completely?


    seems to have a settings page without a setting? http://screencast.com/t/YzT2cX9cS

  • Ovidiu
    • Code Wrangler


    a few broken links on the frontpage, see some sample code:

    <div id="media-buttons" class="hide-if-no-js">
    <a href="http://adi.zice.ro/wp-admin/media-upload.php?p2-upload=true&post_id=0&type=image&TB_iframe=1" id="add_image" class="thickbox" title="Add an Image">
    <img src="http://adi.zice.ro/wp-admin/http://adi.zice.ro/wp-admin/images/media-button-image.gif?ver=20100531" alt="Add an Image" onclick="return false;"/>


    I think there is a small css glitch in normal view, wide view is fine? http://screencast.com/t/Zi06AFMybazV

    comment press

    – doesn’t seem to correctly call the wp admin bar!? admin bar not being shown

    day dream

    – seems to create pages? or was it the comment press theme? kinda confusing for the users, ending up with extra pages. called: “comments by section” and “comments by user”.

  • Richie_KS
    • HummingBird

    hi ovidiu

    thanks for taking the time to checked them live one by one.

    what browser did you check them on?

    @js insertion option and malicious code insertion

    pretty sure they have some ks filter encode by original author..will check them out

    @comment press

    ahh..personally i did not fond of this theme…too much hardcoded code..auto db insert…reckon we removed them for theme pack:slight_smile:?


    they are working last time i checked…will retest them again…btw i’m on wp 3.1.2

    are you on wp 3.2 bleeding?

    will follow up the list and track them.


  • Ovidiu
    • Code Wrangler

    thanks Richie.

    This is not urgent, I can simply network disable the ones I don’t want to use.

    Just thought I’d post here seeing that I tested them one by one…

    using wp 3.1.2 and Google Chrome 12.0.742.30 beta-m

    @js insertion option and malicious code insertion

    pretty sure they have some ks filter encode by original author..will check them out

    I wouldn’t bet on that since most of these themes are made for wp single (not multisite) so why would anyone check for security probs seeing that they are admins and running the themes on their own blog, which is not the case with multisite :slight_smile:

  • Richie_KS
    • HummingBird


    we updated the 133 farms themes to version 1.3 couple of hours ago.

    some css and p2 upload fix you mention applied…see changelog

    yes..you can start editing the themes for the security issue you mention.

    although i think i removed the google analystic in blogtheme and garland already.


  • Lorange
    • The Incredible Code Injector

    Thank you very much Ovidiu for taking the time to check these points which are really important in open multisite environments and report them here (I can’t resist to offer you some rep points). I hope that these things will be checked carefully by the great WPMU DEV team.

    And were the links to WordPress.com removed from the themes?

    Please let me finally share this plugin which helps a lot for checking a few things into the themes:


    TAC stands for Theme Authenticity Checker. Currently, TAC searches the source files of every installed theme for signs of malicious code. If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code. As of v1.3 TAC also searches for and displays static links.



  • Richie_KS
    • HummingBird


    the latest 133 theme pack remove the [WPMU DEV] in description and also added higher version to the style.css that why theres no update notification anymore

    #Daisy Rae Gemini

    try open the theme footer.php and moved the <?php wp_footer(); ?> to before end </body>

    seem like the footer css is conflcted with the wpadminbar css.

  • Ovidiu
    • Code Wrangler

    – upgraded to the latest theme pack

    – tried moving wp_footer() around but didn’t help

    – where is the conflict with the admin bar? I checked with firebug and can’t see any problem, care to point me to it so I can attempt to fix it please?

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.