0
Validation results

Gather

Gather

WordPress 4.9.8 theme
0
Critical alerts
  1. Customizer : Sanitization of Customizer settings Found a Customizer setting that did not have a sanitization callback function in file extension_customizer.php. Every call to the add_setting() method needs to have a sanitization callback function passed.
  2. Security breaches : Use of base64_decode() Found base64_decode in file cth_eventbrite.php.
    Ligne22: <?php echo rawurldecode( base64_decode( strip_tags( $content ) ) );?>
  3. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe src="http://eventbrite.com/tickets-external?eid=18380787430&amp;ref=etckt&amp;v=2" height="350"> in file vc_shortcodes.php.
    Ligne1615: 'value' => '<iframe  src='http://eventbrite.com/tickets-external?eid=18380787430&amp;re
  4. Malware : Operations on file system file_get_contents was found in the file parsers.php
    Ligne69: $success = $dom->loadXML( file_get_contents( $file ) );
    Ligne274: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) {
    file_get_contents was found in the file parsers.php
    Ligne69: $success = $dom->loadXML( file_get_contents( $file ) );
    Ligne274: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) {
    fopen was found in the file parsers.php
    Ligne422: $fp = $this->fopen( $file, 'r' );
    Ligne648: function fopen( $filename, $mode = 'r' ) {
    Ligne651: return fopen( $filename, $mode );
    fclose was found in the file parsers.php
    Ligne471: $this->fclose($fp);
    Ligne666: function fclose( $fp ) {
    Ligne669: return fclose( $fp );
    fopen was found in the file parsers.php
    Ligne422: $fp = $this->fopen( $file, 'r' );
    Ligne648: function fopen( $filename, $mode = 'r' ) {
    Ligne651: return fopen( $filename, $mode );
    fopen was found in the file parsers.php
    Ligne422: $fp = $this->fopen( $file, 'r' );
    Ligne648: function fopen( $filename, $mode = 'r' ) {
    Ligne651: return fopen( $filename, $mode );
    fclose was found in the file parsers.php
    Ligne471: $this->fclose($fp);
    Ligne666: function fclose( $fp ) {
    Ligne669: return fclose( $fp );
    fclose was found in the file parsers.php
    Ligne471: $this->fclose($fp);
    Ligne666: function fclose( $fp ) {
    Ligne669: return fclose( $fp );
    file_get_contents was found in the file CTHMailChimp.php
    Ligne8: * Uses curl if available, falls back to file_get_contents and HTTP stream.
    Ligne83: $result    = file_get_contents($url, null, stream_context_create(array(
    file_get_contents was found in the file admin-config.php
    Ligne1019: 'content'  => file_get_contents( dirname( __FILE__ ) . '/../README.md' )
    fopen was found in the file class.redux_helpers.php
    Ligne643: //$fp = fopen( $file, 'r' );
    fread was found in the file class.redux_helpers.php
    Ligne646: //$file_data = fread( $fp, 8192 );
    fclose was found in the file class.redux_helpers.php
    Ligne649: //fclose( $fp );
  5. Malware : Network operations curl_init was found in the file CTHMailChimp.php
    Ligne69: if (function_exists('curl_init') && function_exists('curl_setopt')) {
    Ligne70: $ch = curl_init();
    curl_exec was found in the file CTHMailChimp.php
    Ligne80: $result = curl_exec($ch);
  6. Admin menu : Themes should use add_theme_page() for adding admin pages. File admin-config.php :
    Ligne137: // For a full list of options, visit: http://codex.wordpress.org/Function_Reference/add_submenu_page#Parameters
    File framework.php :
    Ligne1331: // wrappers and need to be appened to using add_submenu_page.
    Ligne1382: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission
    Ligne1440: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['t
    File framework.php :
    Ligne1331: // wrappers and need to be appened to using add_submenu_page.
    Ligne1382: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission
    Ligne1440: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['t
    File framework.php :
    Ligne1408: $this->page = call_user_func( 'add_menu_page', $this->args['page_title'], $this->args['menu_title'], $this
    File framework.php :
    Ligne1331: // wrappers and need to be appened to using add_submenu_page.
    Ligne1382: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission
    Ligne1440: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['t
    File welcome.php :
    Ligne195: $page = 'add_management_page';
  7. Deprecated functions : screen_icon screen_icon found in file wordpress-importer.php. Deprecated since version 3.8.
    Ligne1063: screen_icon();
  8. Deprecated functions : wp_get_http wp_get_http found in file wordpress-importer.php. Deprecated since version 4.4. Use WP_Http instead.
    Ligne925: $headers = wp_get_http( $url, $upload['file'] );
  9. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was cth_gather_plugins.zip.
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in framework.php. Themes must not deregister core scripts.
    Ligne565: wp_deregister_script( 'wpb_ace' );
    Found wp_deregister_script in enqueue.php. Themes must not deregister core scripts.
    Ligne213: wp_deregister_script( 'jquerySelect2' );
  2. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'This theme requires the following plugin: %1$s.', 'This theme requires the following plugins: %1$s.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'This theme recommends the following plugin: %1$s.', 'This theme recommends the following plugins: %1$s.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to install the %s plugin. Contact the administrator of this site for help on getting the plugin installed.', 'Sorry, but you do not have the correct permissions to install the %s plugins. Contact the administrator of this site for help on getting the plugins installed.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following required plugin is currently inactive: %1$s.', 'The following required plugins are currently inactive: %1$s.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following recommended plugin is currently inactive: %1$s.', 'The following recommended plugins are currently inactive: %1$s.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to activate the %s plugin. Contact the administrator of this site for help on getting the plugin activated.', 'Sorry, but you do not have the correct permissions to activate the %s plugins. Contact the administrator of this site for help on getting the plugins activated.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following plugin needs to be updated to its latest version to ensure maximum compatibility with this theme: %1$s.', 'The following plugins need to be updated to their latest version to ensure maximum compatibility with this theme: %1$s.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to update the %s plugin. Contact the administrator of this site for help on getting the plugin updated.', 'Sorry, but you do not have the correct permissions to update the %s plugins. Contact the administrator of this site for help on getting the plugins updated.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Begin installing plugin', 'Begin installing plugins' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Begin activating plugin', 'Begin activating plugins' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'gather' in file functions.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'gather' in file functions.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are gather, tgmpa, cmb, wordpress-importer, wpb, redux-framework-demo, domik, redux-framework, themecheck.
  3. PHP short tags : Presence of PHP short tagsPHP short tags were found in file parsedown.php. "This practice is discouraged because they are only available if enabled with short_open_tag php.ini configuration file directive, or if PHP was configured with the --enable-short-tags option" (php.net), which is not the case on many servers.
    Ligne14: # Modified by Dovy Paukstys to remove <? shortcode-like declaration.
  4. Deprecated functions : screen_iconscreen_icon found in file wordpress-importer.php. Deprecated since version 3.8.
    Ligne1063: screen_icon();
  5. I18N implementation : Proper use of ___all(Possible variable $prev found in translation function in functions.php. Translation function calls should not contain PHP variables. Possible variable $next found in translation function in functions.php. Translation function calls should not contain PHP variables.
    Ligne576: $pagination = array('base' => str_replace(999999999, '%#%', get_pagenum_link(999999999)), 'format' => '', 'current' => max(1, get_query_var('paged')), 'total' => $pages, 'prev_text' => __($prev, 'gather'), 'next_text' => __($next, 'gather'), 'type' => 'list', 'end_size' => 3, 'mid_size' => 3);
  6. Screenshot : Screenshot fileBad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  2. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  3. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  4. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  5. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  6. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  7. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  8. Use of includes : Use of include or requireThe theme appears to use include or require : class-tgm-plugin-activation.php
    Ligne1061: require_once( ABSPATH . 'wp-admin/includes/class-wp-list-table.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : metabox-functions.php
    Ligne488: require_once 'init.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : init.php
    Ligne227: @include( $file );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : admin-config.php
    Ligne1043: require_once( ABSPATH .'/wp-admin/includes/file.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : framework.php
    Ligne414: require_once 'core/dashboard.php';
    Ligne417: require_once 'core/newsflash.php';
    Ligne1685: require_once 'core/enqueue.php';
    Ligne2842: require_once 'core/enqueue.php';
    Ligne2900: require_once 'core/panel.php';
    Ligne3229: require_once 'core/panel.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : extension_customizer.php
    Ligne142: include_once( ReduxFramework::$_dir . 'core/enqueue.php' );
    Ligne751: require_once( $class_file );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : welcome.php
    Ligne372: require_once 'views/about.php';
    Ligne387: require_once 'views/changelog.php';
    Ligne402: require_once 'views/extensions.php';
    Ligne418: require_once 'views/support.php';
    Ligne433: require_once 'views/credits.php';
    Ligne448: require_once 'views/status_report.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : field_button_set.php
    Ligne46: *              ['format']      string Formatting options for paginate fields. Options include ('currency','nice','niceShort','timeAgoInWords' or a valid Date() f
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.

This is a ThemeForest theme. Since Themeforest items are all checked by a human before they appear on their website, ThemeForest verification rules are more permissive than themecheck's and can give a better verification score ( Themeforest requirements ).

0
Critical alerts
  1. Customizer : Sanitization of Customizer settings Found a Customizer setting that did not have a sanitization callback function in file extension_customizer.php. Every call to the add_setting() method needs to have a sanitization callback function passed.
  2. Malware : Network operations curl_init was found in the file CTHMailChimp.php
    Ligne69: if (function_exists('curl_init') && function_exists('curl_setopt')) {
    Ligne70: $ch = curl_init();
    curl_exec was found in the file CTHMailChimp.php
    Ligne80: $result = curl_exec($ch);
  3. Deprecated functions : screen_icon screen_icon found in file wordpress-importer.php. Deprecated since version 3.8.
    Ligne1063: screen_icon();
  4. Deprecated functions : wp_get_http wp_get_http found in file wordpress-importer.php. Deprecated since version 4.4. Use WP_Http instead.
    Ligne925: $headers = wp_get_http( $url, $upload['file'] );
  5. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was cth_gather_plugins.zip.
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in framework.php. Themes must not deregister core scripts.
    Ligne565: wp_deregister_script( 'wpb_ace' );
    Found wp_deregister_script in enqueue.php. Themes must not deregister core scripts.
    Ligne213: wp_deregister_script( 'jquerySelect2' );
  2. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'This theme requires the following plugin: %1$s.', 'This theme requires the following plugins: %1$s.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'This theme recommends the following plugin: %1$s.', 'This theme recommends the following plugins: %1$s.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to install the %s plugin. Contact the administrator of this site for help on getting the plugin installed.', 'Sorry, but you do not have the correct permissions to install the %s plugins. Contact the administrator of this site for help on getting the plugins installed.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following required plugin is currently inactive: %1$s.', 'The following required plugins are currently inactive: %1$s.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following recommended plugin is currently inactive: %1$s.', 'The following recommended plugins are currently inactive: %1$s.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to activate the %s plugin. Contact the administrator of this site for help on getting the plugin activated.', 'Sorry, but you do not have the correct permissions to activate the %s plugins. Contact the administrator of this site for help on getting the plugins activated.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following plugin needs to be updated to its latest version to ensure maximum compatibility with this theme: %1$s.', 'The following plugins need to be updated to their latest version to ensure maximum compatibility with this theme: %1$s.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to update the %s plugin. Contact the administrator of this site for help on getting the plugin updated.', 'Sorry, but you do not have the correct permissions to update the %s plugins. Contact the administrator of this site for help on getting the plugins updated.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Begin installing plugin', 'Begin installing plugins' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Begin activating plugin', 'Begin activating plugins' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'gather' in file functions.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'gather' in file functions.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are gather, tgmpa, cmb, wordpress-importer, wpb, redux-framework-demo, domik, redux-framework, themecheck.
  3. PHP short tags : Presence of PHP short tagsPHP short tags were found in file parsedown.php. "This practice is discouraged because they are only available if enabled with short_open_tag php.ini configuration file directive, or if PHP was configured with the --enable-short-tags option" (php.net), which is not the case on many servers.
    Ligne14: # Modified by Dovy Paukstys to remove <? shortcode-like declaration.
  4. Deprecated functions : screen_iconscreen_icon found in file wordpress-importer.php. Deprecated since version 3.8.
    Ligne1063: screen_icon();
  5. Screenshot : Screenshot fileBad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  2. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  3. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  4. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  5. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  6. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  7. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  8. Use of includes : Use of include or requireThe theme appears to use include or require : class-tgm-plugin-activation.php
    Ligne1061: require_once( ABSPATH . 'wp-admin/includes/class-wp-list-table.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : metabox-functions.php
    Ligne488: require_once 'init.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : init.php
    Ligne227: @include( $file );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : admin-config.php
    Ligne1043: require_once( ABSPATH .'/wp-admin/includes/file.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : framework.php
    Ligne414: require_once 'core/dashboard.php';
    Ligne417: require_once 'core/newsflash.php';
    Ligne1685: require_once 'core/enqueue.php';
    Ligne2842: require_once 'core/enqueue.php';
    Ligne2900: require_once 'core/panel.php';
    Ligne3229: require_once 'core/panel.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : extension_customizer.php
    Ligne142: include_once( ReduxFramework::$_dir . 'core/enqueue.php' );
    Ligne751: require_once( $class_file );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : welcome.php
    Ligne372: require_once 'views/about.php';
    Ligne387: require_once 'views/changelog.php';
    Ligne402: require_once 'views/extensions.php';
    Ligne418: require_once 'views/support.php';
    Ligne433: require_once 'views/credits.php';
    Ligne448: require_once 'views/status_report.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : field_button_set.php
    Ligne46: *              ['format']      string Formatting options for paginate fields. Options include ('currency','nice','niceShort','timeAgoInWords' or a valid Date() f
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes