0
Validation results

CX-UDY

CX-UDY

WordPress 4.9.8 theme
0
  • THEME TYPEWordPress theme 4.9.8
  • FILE NAMECX-UDY.zip
  • FILE SIZE1883204 bytes
  • MD58a5ce365f897e61d60add097423be4bb
  • SHA18d0756069faa81d9f33872c460614865a368aa15
  • LICENSENone
  • FILES INCLUDEDCSS, PHP, HTML, Bitmap images
  • THEME URIhttp://www.chenxingweb.com/wp-theme-cx-udy.html
  • VERSION0.1
  • AUTHOR URI
  • CREATION DATE2018-10-02
  • LAST FILE UPDATE2018-10-02
  • LAST VALIDATION2018-10-02 14:17
Critical alerts
  1. Title : Title No reference to add_theme_support( "title-tag" ) was found in the theme.The theme needs to have <title> tags, ideally in the header.php file.The theme needs to have a call to wp_title(), ideally in the header.php file.The <title> tags can only contain a call to wp_title(). Use the wp_title filter to modify the output.
  2. Security breaches : Use of backticks execution operators in PHP code Found ` in file timthumb.php.
    Line 765: $out = `$exec -o1 $tempfile`; //you can use up to -o7 but it really slows things d
    Line 780: $out = `$exec $tempfile $tempfile2`;
    Line 969: $out = `$command`;
  3. Security breaches : Use of base64_decode() Found base64_decode in file timthumb.php.
    Line 224: $imgData = base64_decode('R0lGODlhUAAMAIAAAP8AAP///yH5BAAHAP8ALAAAAABQAAwAAAJpjI+py+0P
    Found base64_decode in file options_feild.php.
    Line 1: <?php
    /***************************************
    
    ## Theme URI: http://www.chenxingweb.com/wp-theme-cx-udy.html
    ## Author: 晨星博客
    ## Author URI: http://www.chenxingweb.com
    ## Description: 简洁时尚自适应图片主题,适合各种图片展示类网站,有问题请加QQ群565616228请求帮助。
    ## Theme Name: CX-UDY
    ## Version: 0.1
    
    ****************************************/
    
    class ashuwp_options_feild extends ashuwp_framework_core {
      var $ashu_option, $options, $pageinfo, $saved_optionname;
      
      function __construct($ashu_option, $pageinfo) {
        $this->options = $ashu_option;
        $this->pageinfo = $pageinfo;
        $this->make_data_available();
        
        add_action( 'admin_menu', array(&$this, 'add_admin_menu') );
    	
        if( isset($_GET['page']) && ($_GET['page'] == $this->pageinfo['filename']) ) {
          add_action('admin_enqueue_scripts', array(&$this, 'enqueue_css_js'));
        }
      }
      
      function add_admin_menu() {
        if($this->pageinfo['child']) {
          $parent_slug = $this->pageinfo['parent_slug'];
          add_submenu_page($parent_slug, $this->pageinfo['full_name'], $this->pageinfo['full_name'], 'manage_options', $this->pageinfo['filename'], array(&$this, 'initialize'));
        }else{
          add_menu_page($this->pageinfo['full_name'], $this->pageinfo['full_name'], 'manage_options', $this->pageinfo['filename'], array(&$this, 'initialize'),'',26);
        }
      }
      
      function make_data_available() {
        global $ashu_option;
        $this->saved_optionname = 'ashu_'.$this->pageinfo['optionname'];
        $ashu_option[$this->pageinfo['optionname']] = get_option($this->saved_optionname);
        $ashu_option[$this->pageinfo['optionname']] = $this->htmlspecialchars_deep($ashu_option[$this->pageinfo['optionname']],ENT_QUOTES);
        
        $option_conf = $this->options;
        foreach ($option_conf as $key => $option) {
          if( isset($option['id']) && isset($ashu_option[$this->pageinfo['optionname']][$option['id']])){
            $this->options[$key]['std'] = $ashu_option[$this->pageinfo['optionname']][$option['id']];
          }
        }
      }
      
      function htmlspecialchars_deep ($mixed, $quote_style=ENT_QUOTES, $charset='UTF-8') {
        if (is_array($mixed)) {
          foreach ($mixed as $key => $value) {
            $mixed[$key] = $this->htmlspecialchars_deep($value, $quote_style, $charset);
          }
        } elseif (is_string($mixed)) {
          $mixed = htmlspecialchars_decode($mixed, $quote_style);
          //$mixed = htmlspecialchars(htmlspecialchars_decode($mixed, $quote_style),$quote_style,$charset);
        }
        return $mixed;
      }
    
      function initialize() {
        $this->get_save_options();
        $this->make_data_available();
        $this->display();
      }
      
      function display() {
        $saveoption = false;
        echo '<div class='wrap'>';
        echo '<h2 class='page_title'>'.$this->pageinfo['full_name'].'</h2>';
        echo '<form method='post' action=''>';
        echo '<div class='tab-content clearfix'>';
        $this->tab_toggle($this->options);
        
        foreach ($this->options as $option) {
          if( ( $option['type']=='open' || $option['type']=='close' || $option['type']=='title') || ( isset($option['id']) && isset($option['std']) && method_exists($this, $option['type']) ) ) {
            
            if( !isset($option['std']) )
              $option['std'] = '';
            
            if(in_array($option['type'],array('text','textarea',)))
              $option['std'] = htmlspecialchars($option['std']);
            
            $this->{$option['type']}($option);
            $saveoption = true;
          }
        }
        $str = 'aHR0cDovL3RoZW1lLmNoZW54aW5nd2ViLmNvbS9jeC11ZHk=';
    	 echo '<div class='tab-pane2'>
    			<iframe src=''.base64_decode($str).'?'.CX_YMCX.'' width='100%' height='auto' frameborder='
  4. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe src="'.$content.'" width="498" height="510" frameborder="0" allowfullscreen> in file functions.php.
    Line 593: return '<iframe src=''.$content.'' width='498' height='510' frameborder='0' allowfu
    Found <iframe src="'.base64_decode($str).'?'.CX_YMCX.'" width="100%" height="auto" frameborder="0"> in file options_feild.php.
    Line 1: <?php
    /***************************************
    
    ## Theme URI: http://www.chenxingweb.com/wp-theme-cx-udy.html
    ## Author: 晨星博客
    ## Author URI: http://www.chenxingweb.com
    ## Description: 简洁时尚自适应图片主题,适合各种图片展示类网站,有问题请加QQ群565616228请求帮助。
    ## Theme Name: CX-UDY
    ## Version: 0.1
    
    ****************************************/
    
    class ashuwp_options_feild extends ashuwp_framework_core {
      var $ashu_option, $options, $pageinfo, $saved_optionname;
      
      function __construct($ashu_option, $pageinfo) {
        $this->options = $ashu_option;
        $this->pageinfo = $pageinfo;
        $this->make_data_available();
        
        add_action( 'admin_menu', array(&$this, 'add_admin_menu') );
    	
        if( isset($_GET['page']) && ($_GET['page'] == $this->pageinfo['filename']) ) {
          add_action('admin_enqueue_scripts', array(&$this, 'enqueue_css_js'));
        }
      }
      
      function add_admin_menu() {
        if($this->pageinfo['child']) {
          $parent_slug = $this->pageinfo['parent_slug'];
          add_submenu_page($parent_slug, $this->pageinfo['full_name'], $this->pageinfo['full_name'], 'manage_options', $this->pageinfo['filename'], array(&$this, 'initialize'));
        }else{
          add_menu_page($this->pageinfo['full_name'], $this->pageinfo['full_name'], 'manage_options', $this->pageinfo['filename'], array(&$this, 'initialize'),'',26);
        }
      }
      
      function make_data_available() {
        global $ashu_option;
        $this->saved_optionname = 'ashu_'.$this->pageinfo['optionname'];
        $ashu_option[$this->pageinfo['optionname']] = get_option($this->saved_optionname);
        $ashu_option[$this->pageinfo['optionname']] = $this->htmlspecialchars_deep($ashu_option[$this->pageinfo['optionname']],ENT_QUOTES);
        
        $option_conf = $this->options;
        foreach ($option_conf as $key => $option) {
          if( isset($option['id']) && isset($ashu_option[$this->pageinfo['optionname']][$option['id']])){
            $this->options[$key]['std'] = $ashu_option[$this->pageinfo['optionname']][$option['id']];
          }
        }
      }
      
      function htmlspecialchars_deep ($mixed, $quote_style=ENT_QUOTES, $charset='UTF-8') {
        if (is_array($mixed)) {
          foreach ($mixed as $key => $value) {
            $mixed[$key] = $this->htmlspecialchars_deep($value, $quote_style, $charset);
          }
        } elseif (is_string($mixed)) {
          $mixed = htmlspecialchars_decode($mixed, $quote_style);
          //$mixed = htmlspecialchars(htmlspecialchars_decode($mixed, $quote_style),$quote_style,$charset);
        }
        return $mixed;
      }
    
      function initialize() {
        $this->get_save_options();
        $this->make_data_available();
        $this->display();
      }
      
      function display() {
        $saveoption = false;
        echo '<div class='wrap'>';
        echo '<h2 class='page_title'>'.$this->pageinfo['full_name'].'</h2>';
        echo '<form method='post' action=''>';
        echo '<div class='tab-content clearfix'>';
        $this->tab_toggle($this->options);
        
        foreach ($this->options as $option) {
          if( ( $option['type']=='open' || $option['type']=='close' || $option['type']=='title') || ( isset($option['id']) && isset($option['std']) && method_exists($this, $option['type']) ) ) {
            
            if( !isset($option['std']) )
              $option['std'] = '';
            
            if(in_array($option['type'],array('text','textarea',)))
              $option['std'] = htmlspecialchars($option['std']);
            
            $this->{$option['type']}($option);
            $saveoption = true;
          }
        }
        $str = 'aHR0cDovL3RoZW1lLmNoZW54aW5nd2ViLmNvbS9jeC11ZHk=';
    	 echo '<div class='tab-pane2'>
    			<iframe src=''.base64_decode($str).'?'.CX_YMCX.'' width='100%' height='auto
  5. Malware : Operations on file system fopen was found in the file timthumb.php
    Line 802: $fp = fopen($tempfile,'r',0,$context);
    Line 809: $fh = fopen($lockFile, 'w');
    Line 1030: $fp = fopen($this->cachefile, 'rb');
    Line 1176: self::$curlFH = fopen($tempfile, 'w');
    file_put_contents was found in the file timthumb.php
    Line 803: file_put_contents($tempfile4, $this->filePrependSecurityBlock . $imgType . 
    Line 804: file_put_contents($tempfile4, $fp, FILE_APPEND);
    Line 1226: if(! file_put_contents($tempfile, $img)){
    file_put_contents was found in the file timthumb.php
    Line 803: file_put_contents($tempfile4, $this->filePrependSecurityBlock . $imgType . 
    Line 804: file_put_contents($tempfile4, $fp, FILE_APPEND);
    Line 1226: if(! file_put_contents($tempfile, $img)){
    fclose was found in the file timthumb.php
    Line 805: fclose($fp);
    Line 817: fclose($fh);
    Line 820: fclose($fh);
    Line 1042: fclose($fp);
    Line 1194: fclose(self::$curlFH);
    fopen was found in the file timthumb.php
    Line 802: $fp = fopen($tempfile,'r',0,$context);
    Line 809: $fh = fopen($lockFile, 'w');
    Line 1030: $fp = fopen($this->cachefile, 'rb');
    Line 1176: self::$curlFH = fopen($tempfile, 'w');
    fclose was found in the file timthumb.php
    Line 805: fclose($fp);
    Line 817: fclose($fh);
    Line 820: fclose($fh);
    Line 1042: fclose($fp);
    Line 1194: fclose(self::$curlFH);
    fclose was found in the file timthumb.php
    Line 805: fclose($fp);
    Line 817: fclose($fh);
    Line 820: fclose($fh);
    Line 1042: fclose($fp);
    Line 1194: fclose(self::$curlFH);
    fwrite was found in the file timthumb.php
    Line 1016: fwrite(self::$curlFH, $d);
    fopen was found in the file timthumb.php
    Line 802: $fp = fopen($tempfile,'r',0,$context);
    Line 809: $fh = fopen($lockFile, 'w');
    Line 1030: $fp = fopen($this->cachefile, 'rb');
    Line 1176: self::$curlFH = fopen($tempfile, 'w');
    fread was found in the file timthumb.php
    Line 1033: $imgType = fread($fp, 3);
    fclose was found in the file timthumb.php
    Line 805: fclose($fp);
    Line 817: fclose($fh);
    Line 820: fclose($fh);
    Line 1042: fclose($fp);
    Line 1194: fclose(self::$curlFH);
    file_get_contents was found in the file timthumb.php
    Line 1046: $content = file_get_contents ($this->cachefile);
    Line 1050: $this->debug(3, 'Served using file_get_contents and echo');
    Line 1212: $img = @file_get_contents ($url);
    Line 1247: $content = @file_get_contents ($file);
    fopen was found in the file timthumb.php
    Line 802: $fp = fopen($tempfile,'r',0,$context);
    Line 809: $fh = fopen($lockFile, 'w');
    Line 1030: $fp = fopen($this->cachefile, 'rb');
    Line 1176: self::$curlFH = fopen($tempfile, 'w');
    fclose was found in the file timthumb.php
    Line 805: fclose($fp);
    Line 817: fclose($fh);
    Line 820: fclose($fh);
    Line 1042: fclose($fp);
    Line 1194: fclose(self::$curlFH);
    file_get_contents was found in the file timthumb.php
    Line 1046: $content = file_get_contents ($this->cachefile);
    Line 1050: $this->debug(3, 'Served using file_get_contents and echo');
    Line 1212: $img = @file_get_contents ($url);
    Line 1247: $content = @file_get_contents ($file);
    file_put_contents was found in the file timthumb.php
    Line 803: file_put_contents($tempfile4, $this->filePrependSecurityBlock . $imgType . 
    Line 804: file_put_contents($tempfile4, $fp, FILE_APPEND);
    Line 1226: if(! file_put_contents($tempfile, $img)){
    readfile was found in the file timthumb.php
    Line 1243: $bytes = @readfile($file);
    file_get_contents was found in the file timthumb.php
    Line 1046: $content = file_get_contents ($this->cachefile);
    Line 1050: $this->debug(3, 'Served using file_get_contents and echo');
    Line 1212: $img = @file_get_contents ($url);
    Line 1247: $content = @file_get_contents ($file);
  6. Malware : Network operations curl_init was found in the file timthumb.php
    Line 1174: if(function_exists('curl_init')){
    Line 1183: $curl = curl_init($url);
    curl_exec was found in the file timthumb.php
    Line 1193: $curlResult = curl_exec($curl);
  7. Admin menu : Themes should use add_theme_page() for adding admin pages. File options_feild.php :
    Line 1: <?php
    /***************************************
    
    ## Theme URI: http://www.chenxingweb.com/wp-theme-cx-udy.html
    ## Author: 晨星博客
    ## Author URI: http://www.chenxingweb.com
    ## Description: 简洁时尚自适应图片主题,适合各种图片展示类网站,有问题请加QQ群565616228请求帮助。
    ## Theme Name: CX-UDY
    ## Version: 0.1
    
    ****************************************/
    
    class ashuwp_options_feild extends ashuwp_framework_core {
      var $ashu_option, $options, $pageinfo, $saved_optionname;
      
      function __construct($ashu_option, $pageinfo) {
        $this->options = $ashu_option;
        $this->pageinfo = $pageinfo;
        $this->make_data_available();
        
        add_action( 'admin_menu', array(&$this, 'add_admin_menu') );
    	
        if( isset($_GET['page']) && ($_GET['page'] == $this->pageinfo['filename']) ) {
          add_action('admin_enqueue_scripts', array(&$this, 'enqueue_css_js'));
        }
      }
      
      function add_admin_menu() {
        if($this->pageinfo['child']) {
          $parent_slug = $this->pageinfo['parent_slug'];
          add_submenu_page($parent_slug, $this->pageinfo['full_name'], $this->pageinf
    File options_feild.php :
    Line 1: <?php
    /***************************************
    
    ## Theme URI: http://www.chenxingweb.com/wp-theme-cx-udy.html
    ## Author: 晨星博客
    ## Author URI: http://www.chenxingweb.com
    ## Description: 简洁时尚自适应图片主题,适合各种图片展示类网站,有问题请加QQ群565616228请求帮助。
    ## Theme Name: CX-UDY
    ## Version: 0.1
    
    ****************************************/
    
    class ashuwp_options_feild extends ashuwp_framework_core {
      var $ashu_option, $options, $pageinfo, $saved_optionname;
      
      function __construct($ashu_option, $pageinfo) {
        $this->options = $ashu_option;
        $this->pageinfo = $pageinfo;
        $this->make_data_available();
        
        add_action( 'admin_menu', array(&$this, 'add_admin_menu') );
    	
        if( isset($_GET['page']) && ($_GET['page'] == $this->pageinfo['filename']) ) {
          add_action('admin_enqueue_scripts', array(&$this, 'enqueue_css_js'));
        }
      }
      
      function add_admin_menu() {
        if($this->pageinfo['child']) {
          $parent_slug = $this->pageinfo['parent_slug'];
          add_submenu_page($parent_slug, $this->pageinfo['full_name'], $this->pageinfo['full_name'], 'manage_options', $this->pageinfo['filename'], array(&$this, 'initialize'));
        }else{
          add_menu_page($this->pageinfo['full_name'], $this->pageinfo['full_name'], '
  8. Hidden admin bar : Hidden admin Bar Themes should not hide admin bar. Detected in file : functions.php.
  9. Content width : Proper definition of content_width No content width has been defined. Example:
    if ( ! isset( $content_width ) ) $content_width = 900;
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in functions.php. Themes must not deregister core scripts.
    Line 439: wp_deregister_script( 'jquery' );
  2. theme tags : Presence of bad theme tagsFound wrong tag in style.css header.
  3. Text domain : Incorrect use of translation functions.Wrong installation directory for the theme name. The directory name must match the slug of the theme. This theme's correct slug and text-domain is cx-udy.
  4. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function __, with the arguments '文章项目信息' in file functions.php.Found a translation function that is missing a text-domain. Function __, with the arguments '顶部导航' in file functions.php.Found a translation function that is missing a text-domain. Function __, with the arguments '首页导航' in file functions.php.Found a translation function that is missing a text-domain. Function __, with the arguments '底部导航' in file functions.php.Found a translation function that is missing a text-domain. Function __, with the arguments '移动版菜单' in file functions.php.Found a translation function that is missing a text-domain. Function __, with the arguments '编辑推荐' in file cx-widgets.php.Found a translation function that is missing a text-domain. Function _e, with the arguments 'Title:' in file cx-widgets.php.Found a translation function that is missing a text-domain. Function __, with the arguments '精选美图' in file cx-widgets.php.Found a translation function that is missing a text-domain. Function _e, with the arguments '标题:' in file cx-widgets.php.Found a translation function that is missing a text-domain. Function __, with the arguments '%1$s at %2$s' in file comment-template.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are chenxingweb.com, chenxing.
  5. Plugin territory : Plugin territory functionalitiesThe theme uses the register_post_type() function, which is plugin-territory functionality.The theme uses the add_shortcode() function. Custom post-content shortcodes are plugin-territory functionality.
  6. Fundamental theme elements : Presence of language_attributes()Could not find .
  7. Fundamental theme elements : Presence of add_theme_support()Could not find add_theme_support( 'automatic-feed-links' ).
  8. Fundamental theme elements : Presence of comment_form()Could not find comment_form.
  9. Fundamental theme elements : Presence of body_class()Could not find body_class call in body tag.
  10. Fundamental theme elements : Presence of wp_link_pages()Could not find wp_link_pages.
  11. Fundamental theme elements : Presence of post_class()Could not find post_class.
  12. Comment reply : Declaration of comment replyCould not find the comment-reply script enqueued, however a reference to 'comment-reply' was found. Make sure that the comment-reply js script is being enqueued properly on singular pages.
  13. Custom elements : Presence of custom headerNo reference to custom header was found in the theme.
  14. Custom elements : Presence of custom backgroundNo reference to custom background was found in the theme.
  15. Editor style : Presence of editor styleNo reference to add_editor_style() was found in the theme. It is recommended that the theme implements editor styling, so as to make the editor content match the resulting post output in the theme, for a better user experience.
  16. Featured image : Use of the_post_thumbnail() instead of custom fields for thumbnailsNo reference to the_post_thumbnail was found in the theme.
  17. CSS files : Presence of license typeLicense: is missing from style.css header.
  18. CSS files : Presence of license urlLicense URI: is missing from style.css header.
  19. CSS files : Presence of text domainText Domain: is missing from your style.css header.
  20. CSS files : Presence of .sticky class.sticky css class is needed in theme css.
  21. CSS files : Presence of .bypostauthor class.bypostauthor css class is needed in theme css.
  22. CSS files : Presence of .alignleft class.alignleft css class is needed in theme css.
  23. CSS files : Presence of .alignright class.alignright css class is needed in theme css.
  24. CSS files : Presence of .wp-caption class.wp-caption css class is needed in theme css.
  25. CSS files : Presence of .wp-caption-text class.wp-caption-text css class is needed in theme css.
  26. CSS files : Presence of .gallery-caption class.gallery-caption css class is needed in theme css.
  27. Date and time implementation : Use of the_time()At least one hard coded date was found in the file web-seo.php. Function get_option( 'date_format' ) should be used instead.
  28. Screenshot : Screenshot fileScreenshot dimensions are wrong! Detected: 330x260px (33:26). Ratio of width to height should be 4:3.Screenshot size is 330x260px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file functions.php.
    Line 1199: $output .= '<p class='footer_menus'>'.strip_tags(wp_nav_menu( $menus ), '<a>' ).'</p><p>版权所有 Copyright © by <a href='http://www.2zzt.com'>WordPress</a>';	
    Line 1203: $output .= '<a href='http://www.miitbeian.gov.cn/' rel='nofollow' target='_blank'>'.$_foot_ba.'<
  2. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  3. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  4. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  5. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  6. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  7. Optional files : Presence of archive template file archive.phpThis theme does not contain optional file archive.php.
  8. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  9. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  10. Use of includes : Use of include or requireThe theme appears to use include or require : timthumb.php
    Line 25: if( file_exists(dirname(__FILE__) . '/timthumb-config.php'))	require_once('timthumb-config.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes