Помогите расшифровать выдачу валидатора по шаблону Вордпресс

Тема в разделе "PHP", создана пользователем seobro, 7 окт 2015.

  1. seobro

    seobro

    Регистрация:
    25 фев 2013
    Сообщения:
    93
    Симпатии:
    7
    Надо понять, смысл этих строк.. Внести ясность: malware, base64, wtf..


    Код:
    Title : Title
    
    No reference to add_theme_support( "title-tag" ) was found in the theme. It is recommended that the theme implement this functionality for WordPress 4.1 and above.
    The <title> tags can only contain a call to wp_title(). Use the wp_title filter to modify the output.
    The <title> tags can only contain a call to wp_title(). Use the wp_title filter to modify the output.
    The <title> tags can only contain a call to wp_title(). Use the wp_title filter to modify the output.

    Код:
    Security breaches : Use of base64_decode()
    
    Found base64_decode in file OAuth.php.
    
    Line 202: $decoded_sig = base64_decode($signature);
    
    Found base64_decode in file functions.php.
    Line 410: update_option('codeus_theme_options', unserialize(base64_decode($settings['settings'])));
    Line 413: update_option('codeus_theme_options', unserialize(base64_decode($_REQUEST['import_settings'])));
    
    Found base64_decode in file functions.php.
    Line 405: update_option('codeus_theme_options', unserialize(base64_decode($settings['settings'])));
    Line 408: update_option('codeus_theme_options', unserialize(base64_decode($_REQUEST['import_settings'])));
    Код:
    Security breaches : Use of base64_encode()
    
    Found base64_encode in file OAuth.php.
    
    return base64_encode(hash_hmac('sha1', $base_string, $key, true));
    return base64_encode($signature);
    
    Found base64_encode in file functions.php.
    <textarea name='import_settings' cols='100' rows='8'><?php if($settings = get_option('codeus_theme_options')) { echo base64_encode(serialize($settings)); } ?></textarea>
    update_option('codeus_theme_options_backup', array('date' => time(), 'settings' => base64_encode(serialize($settings))));
    
    Found base64_encode in file functions.php.
    <textarea name='import_settings' cols='100' rows='8'><?php if($settings = get_option('codeus_theme_options')) { echo base64_encode(serialize($settings)); } ?></textarea>
    update_option('codeus_theme_options_backup', array('date' => time(), 'settings' => base64_encode(serialize($settings))));

    Код:
    Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site
    
    Found <iframe class="wrap-box-element" width="100%" height="<?php echo (int)codeus_get_option('contacts_map_height'); ?>" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" src="https://maps.google.com/maps?q=<?php echo $lat = (float)codeus_get_option('contacts_map_latitude'); ?> in file header.php.
    
    Line 109: <div class='block map'><iframe class='wrap-box-element' width='100%' height='<?php echo (int)codeu
    
    Found <iframe src="//www.facebook.com/plugins/likebox.php?href=<?php echo urlencode($fb_page_url); ?> in file widgets.php.
    Line 744: <div><iframe src='//www.facebook.com/plugins/likebox.php?href=<?php echo urlenco
    
    Found <iframe class="wrap-box-element" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" src="https://maps.google.com/maps?q='.$lat.','.$long.'&amp;ll='.$lat.','.$long.'&amp;z='.$zoom.'&amp;output=embed"> in file shortcodes.php.
    Line 1551: $return_html .= '<iframe class='wrap-box-element' frameborder='0' scrolling='no' marginheigh

    Код:
    Malware : Operations on file system
    
    fopen was found in the file twitter.lib.php
    
    Line 137: $fh = fopen($myFile, 'w') or die('can't open file');
    
    fwrite was found in the file twitter.lib.php
    Line 139: fwrite($fh, $stringData);
    
    fclose was found in the file twitter.lib.php
    Line 140: fclose($fh);
    
    file_get_contents was found in the file twitter.lib.php
    Line 146: $file = file_get_contents($tweets_cache_path, true);
    
    file_get_contents was found in the file OAuth.php
    Line 272: file_get_contents(self::$POST_INPUT)
    
    file_get_contents was found in the file functions.php
    Line 999: $fontsList = json_decode(file_get_contents($font_file));
    
    file_get_contents was found in the file functions.php
    Line 994: $fontsList = json_decode(file_get_contents($font_file));
    Malware : Network operations
    
    curl_init was found in the file twitter.lib.php
    
    Line 86: $curl_handle = curl_init();
    
    curl_exec was found in the file twitter.lib.php
    Line 90: $data = curl_exec($curl_handle);
    
    curl_init was found in the file twitteroauth.php
    Line 199: $ci = curl_init();
    
    curl_exec was found in the file twitteroauth.php
    Line 225: $response = curl_exec($ci);
    Код:
    Deprecated functions : wp_tiny_mce
    
    wp_tiny_mce found in file black-studio-tinymce-widget.php. Deprecated since version 3.2. Use wp_editor instead.
    
    Line 219: if (function_exists('wp_tiny_mce')) {
    Line 220: wp_tiny_mce(false, array());
    Line 222: if (function_exists('wp_tiny_mce_preload_dialogs')) {
    Line 223: wp_tiny_mce_preload_dialogs();
    Line 228: if (function_exists('wp_tiny_mce')) {
    Line 229: wp_tiny_mce(false, array());
    Deprecated functions : wp_preload_dialogs
    
    wp_preload_dialogs found in file black-studio-tinymce-widget.php. Deprecated since version 3.2. Use wp_editor() instead.
    
    Line 231: if (function_exists('wp_preload_dialogs')) {
    Line 232: wp_preload_dialogs(array('plugins' => 'wpdialogs,wplink,wpfullscreen'));
     
  2. dobrinia

    dobrinia

    Регистрация:
    23 апр 2013
    Сообщения:
    5
    Симпатии:
    0
    Все нормально у вас, не переживайте.
    В вашем случае эти функции не несут угроз.
     
  3. $iD

    $iD Команда форума

    Регистрация:
    13 мар 2012
    Сообщения:
    3.580
    Симпатии:
    1.482
    по сути берутся сэттинги, тут какие-то $_REQUEST['import_settings'] из запроса и просто декодирует и десереализует и пихает куда-то в опции..
    но в целом ничего серьёзного.

    Malware ругается на то, что курлом отправляется запрос куда-то на твиттер (по идее). валидатор какой-то стрёмный, он просто боится base_64 и curl)

    без самого шаблона сказать трудно что куда и откуда ноги растут.
     
  4. seobro

    seobro

    Регистрация:
    25 фев 2013
    Сообщения:
    93
    Симпатии:
    7
    валидадор этот все шаблоны забраковал

    Вот он, Шаблон