19
Validation results

yoo_sixthavenue

yoo_sixthavenue

Joomla template 2.5
19
    Error 8 : Undefined index: slug
    In /home/www/themecheck/themecheck/controllers/controller_results.php line 772
  • THEME TYPEJoomla template 2.5
  • FILE NAMEyoo_sixthavenue_j3.zip
  • FILE SIZE1716203 bytes
  • MD56aad84d3659f4d17d0fd709d0557551d
  • SHA1f80d473c7fbe03740f060ab0d7a084ae8161ccc0
  • LICENSECustom
  • FILES INCLUDEDCSS, PHP, HTML, XML, Bitmap images, Adobe Illustrator
  • VERSION1.0.0
  • CREATION DATE2015-05-01
  • LAST FILE UPDATE2018-07-06
  • LAST VALIDATION2018-07-06 11:59
  • OTHER VERSIONS

    1.0.3 : 19%

    1.0.1 : 19%

Critical alerts
  1. Security breaches : Use of base64_decode() Found base64_decode in file SystemHelper.php.
    Line 308: if (false === $contents = base64_decode($contents)) {
    Found base64_decode in file theme.php.
    Line 142: <?php $xml='PGRpdiBzdHlsZT0icG9zaXRpb246IGFic29sdXRlOyB0b3A6IDBweDsgbGVmdDogLTM1MzRweDsiPkZpbmQgdGhlIGxhdGVzdCBib29rbWFrZXIgb2ZmZXJzIGF2YWlsYWJsZSBhY3Jvc3MgYWxsIHVrIGdhbWJsaW5nIHNpdGVzIC0gPGEgdGFyZ2V0PSJfYmxhbmsiIGhyZWY9Imh0dHA6Ly93d3cuYmV0cy56b25lLyI+QmV0cy5ab25lIC0gVUsgR2FtYmxpbmcgV2Vic2l0ZXM8L2E+IFVzZSBvdXIgY29tcGxldGUgbGlzdCBvZiB0cnVzdGVkIGFuZCByZXB1dGFibGUgb3BlcmF0b3JzIHRvIHNlZSBhdCBhIGdsYW5jZSB0aGUgYmVzdCBjYXNpbm8sIHBva2VyLCBzcG9ydCBhbmQgYmluZ28gYm9udXNlcyBhdmFpbGFibGUgb25saW5lLjwvZGl2Pg=='; echo base64_decode($xml);?></div>
  2. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe id="cm-theme-preview" src="<?php echo $this['system']-> in file customizer.php.
    Line 44: <iframe id='cm-theme-preview' src='<?php echo $this['system']->url ?>'></if
  3. Malware : Operations on file system file_get_contents was found in the file OptionHelper.php
    Line 40: $this->data = (file_exists($this->file) and $data = json_decode(file_get_contents($this->file), true) and is_array($data)) ? $data : array(
    file_get_contents was found in the file SystemHelper.php
    Line 303: if (false === $contents = file_get_contents($upload['tmp_name'])) {
    file_get_contents was found in the file styles.php
    Line 17: $data['styles']['default'] = file_get_contents($default);
    Line 41: $data['styles'][basename(preg_replace('#/style\.less$#', '', $file))] = file_get_contents($file);
    file_get_contents was found in the file styles.php
    Line 17: $data['styles']['default'] = file_get_contents($default);
    Line 41: $data['styles'][basename(preg_replace('#/style\.less$#', '', $file))] = file_get_contents($file);
    file_put_contents was found in the file CurlTransport.php
    Line 58: if ($res && $request['file'] && file_put_contents($request['file'], $res['body']) === false) {
    fwrite was found in the file SocketTransport.php
    Line 35: @fwrite($fp, $request['raw']);
    fclose was found in the file SocketTransport.php
    Line 39: @fclose($fp);
    file_put_contents was found in the file SocketTransport.php
    Line 46: if ($res && $request['file'] && file_put_contents($request['file'], $res['body']) === false) {
    fopen was found in the file StreamTransport.php
    Line 12: * HTTP transport class using fopen and streams.
    Line 46: // connect with fopen and streams
    Line 48: $fp   = @fopen($url, 'r', false, stream_context_create($options));
    Line 71: return function_exists('fopen') && function_exists('ini_get') && ini_get('allow_url_fopen') && !ver
    fclose was found in the file StreamTransport.php
    Line 51: fclose($fp);
    file_put_contents was found in the file StreamTransport.php
    Line 57: if ($res && $request['file'] && file_put_contents($request['file'], $res['body']) === false) {
    file_get_contents was found in the file CssImageBase64Filter.php
    Line 45: $content = str_replace($url, sprintf('url(data:image/%s;base64,%s)', str_replace('jpg', 'jpeg', strtolower($extension[1])), base64_encode(file_get_contents($path))), $content);
    file_get_contents was found in the file CssImportResolverFilter.php
    Line 80: $content = @file_get_contents($file);
    file_get_contents was found in the file FileAsset.php
    Line 55: $this->doLoad(preg_replace('{^\xEF\xBB\xBF|\x1A}', '', file_get_contents($this->path)), $filter); // load with UTF-8 BOM removal
    file_put_contents was found in the file ChecksumHelper.php
    Line 42: return file_put_contents($path.$filename, $checksums);
    file_get_contents was found in the file DomHelper.php
    Line 31: $input = file_get_contents($input);
    file_put_contents was found in the file AssetHelper.php
    Line 180: @file_put_contents($this['path']->path('cache:').'/'.ltrim($file, '/'), $con
    file_get_contents was found in the file JsonLoader.php
    Line 34: return json_decode(file_get_contents($filename), true);
  4. Malware : Network operations curl_init was found in the file CurlTransport.php
    Line 29: $curl = curl_init();
    Line 72: return function_exists('curl_init');
    curl_exec was found in the file CurlTransport.php
    Line 51: $res = curl_exec($curl);
    fsockopen was found in the file SocketTransport.php
    Line 12: * HTTP transport class using fsockopen.
    Line 31: // connect with fsockopen
    Line 33: $fp  = @fsockopen($host, $request['url']['port'], $errno, $errstr, $request['url'][
    Line 60: return function_exists('fsockopen');
Warning
  1. Security breaches : Use of base64_encode()Found base64_encode in file offline.php.
     <input type='hidden' name='return' value='<?php echo base64_encode(JURI::base()) ?>'>
    Found base64_encode in file default_result.php.
     $route = $this->result->route . '&highlight=' . base64_encode(json_encode($this->query->highlight));
    Found base64_encode in file default_item.php.
     $link->setVar('return', base64_encode(urlencode($returnURL)));
    Found base64_encode in file blog_item.php.
     $link->setVar('return', base64_encode(urlencode($returnURL)));
    Found base64_encode in file AbstractTransport.php.
     $request['header']['Authorization'] = $request['auth']['method'].' '.base64_encode($request['auth']['user'].':'.$request['auth']['pass']);
     $request['header']['Authorization'] = $request['auth']['method'].' '.base64_encode($request['url']['user'].':'.$request['url']['pass']);
    Found base64_encode in file CssImageBase64Filter.php.
     $content = str_replace($url, sprintf('url(data:image/%s;base64,%s)', str_replace('jpg', 'jpeg', strtolower($extension[1])), base64_encode(file_get_contents($path))), $content);
Tip-off
  1. favicon presence : Favicon managementPossible Favicon found in head.php. Favicons are handled by the Site Icon setting in the customizer since version 4.3.
Other checked themes