0
Validation results

MediCenter Themekiller.com

MediCenter Themekiller.com

WordPress 4.9.8 theme
0
Critical alerts
  1. Title : Title The <title> tags can only contain a call to wp_title(). Use the wp_title filter to modify the output.
  2. Security breaches : Use of PHP sytem calls Found shell_exec in file tmhUtilities.php.
    Ligne235: $style = shell_exec('stty -g');
    Ligne238: shell_exec('stty -echo');
    Ligne241: shell_exec('stty -icanon -echo min 1 time 0');
    Ligne260: shell_exec('stty ' . $style);
    Found popen in file class.phpmailer.php.
    Ligne606: if(!@$mail = popen($sendmail, 'w')) {
    Ligne621: if(!@$mail = popen($sendmail, 'w')) {
  3. Security breaches : Modification of PHP server settings Found ini_set in file class.phpmailer.php.
    Ligne654: ini_set('sendmail_from', $this->Sender);
    Ligne684: ini_set('sendmail_from', $old_from);
  4. Security breaches : Use of base64_encode() Found base64_encode in file tmhOAuth.php.
     base64_encode(
    Found base64_encode in file class.smtp.php.
     fputs($this->smtp_conn, base64_encode($username) . $this->CRLF);
     fputs($this->smtp_conn, base64_encode($password) . $this->CRLF);
    Found base64_encode in file class.phpmailer.php.
     $encoded = chunk_split(base64_encode($str), 76, $this->LE);
     $encoded = base64_encode($str);
     $chunk = base64_encode($chunk);
     return base64_encode($signature);
     $DKIMb64  = base64_encode(pack('H*', sha1($body))) ; // Base64 of packed binary SHA-1 h
  5. Malware : Operations on file system fopen was found in the file tmhUtilities.php
    Ligne219: $handle = fopen('php://stdin','r');
    fwrite was found in the file tmhUtilities.php
    Ligne249: fwrite(STDOUT, '\x08 \x08');
    Ligne253: fwrite(STDOUT, '*');
    fwrite was found in the file tmhUtilities.php
    Ligne249: fwrite(STDOUT, '\x08 \x08');
    Ligne253: fwrite(STDOUT, '*');
    file_get_contents was found in the file theme-options.php
    Ligne286: $json_data = file_get_contents($json_file);
    fclose was found in the file class.pop3.php
    Ligne318: fclose($this->pop_conn);
    fwrite was found in the file class.pop3.php
    Ligne345: $bytes_sent = fwrite($this->pop_conn, $string, strlen($string));
    fclose was found in the file class.smtp.php
    Ligne298: fclose($this->smtp_conn);
    file_put_contents was found in the file class.phpmailer.php
    Ligne1237: file_put_contents($file, $body); //TODO check this worked
    file_get_contents was found in the file class.phpmailer.php
    Ligne1242: $body = file_get_contents($signed);
    Ligne1473: $file_buffer  = file_get_contents($path);
    Ligne2215: $privKeyStr = file_get_contents($this->DKIM_private);
    file_get_contents was found in the file class.phpmailer.php
    Ligne1242: $body = file_get_contents($signed);
    Ligne1473: $file_buffer  = file_get_contents($path);
    Ligne2215: $privKeyStr = file_get_contents($this->DKIM_private);
    fopen was found in the file class.phpmailer.php
    Ligne1700: $fp = fopen('php://temp/', 'r+');
    fclose was found in the file class.phpmailer.php
    Ligne1709: fclose($fp);
    file_get_contents was found in the file class.phpmailer.php
    Ligne1242: $body = file_get_contents($signed);
    Ligne1473: $file_buffer  = file_get_contents($path);
    Ligne2215: $privKeyStr = file_get_contents($this->DKIM_private);
    file_get_contents was found in the file parsers.php
    Ligne66: $success = $dom->loadXML( file_get_contents( $file ) );
    Ligne269: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) {
    file_get_contents was found in the file parsers.php
    Ligne66: $success = $dom->loadXML( file_get_contents( $file ) );
    Ligne269: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) {
    fopen was found in the file parsers.php
    Ligne415: $fp = $this->fopen( $file, 'r' );
    Ligne641: function fopen( $filename, $mode = 'r' ) {
    Ligne644: return fopen( $filename, $mode );
    fclose was found in the file parsers.php
    Ligne464: $this->fclose($fp);
    Ligne659: function fclose( $fp ) {
    Ligne662: return fclose( $fp );
    fopen was found in the file parsers.php
    Ligne415: $fp = $this->fopen( $file, 'r' );
    Ligne641: function fopen( $filename, $mode = 'r' ) {
    Ligne644: return fopen( $filename, $mode );
    fopen was found in the file parsers.php
    Ligne415: $fp = $this->fopen( $file, 'r' );
    Ligne641: function fopen( $filename, $mode = 'r' ) {
    Ligne644: return fopen( $filename, $mode );
    fclose was found in the file parsers.php
    Ligne464: $this->fclose($fp);
    Ligne659: function fclose( $fp ) {
    Ligne662: return fclose( $fp );
    fclose was found in the file parsers.php
    Ligne464: $this->fclose($fp);
    Ligne659: function fclose( $fp ) {
    Ligne662: return fclose( $fp );
  6. Malware : Network operations curl_init was found in the file tmhOAuth.php
    Ligne635: $c = curl_init();
    curl_exec was found in the file tmhOAuth.php
    Ligne703: $response = curl_exec($c);
    fsockopen was found in the file class.pop3.php
    Ligne205: Rather than supress it with @fsockopen, let's capture it cleanly instead
    Ligne211: $this->pop_conn = fsockopen($host,    //  POP3 Host
    fsockopen was found in the file class.smtp.php
    Ligne128: $this->smtp_conn = @fsockopen($host,    // the host of the server
  7. Admin menu : Themes should use add_theme_page() for adding admin pages. File class-tgm-plugin-activation.php :
    Ligne415: $this->page_hook = call_user_func( 'add_submenu_page', $args['parent_slug'], $args['page_title'], $args['menu_t
    File theme-options.php :
    Ligne7: add_submenu_page('themes.php', ucfirst('medicenter'), 'Theme Options', 'edi
  8. Content width : Proper definition of content_width No content width has been defined. Example:
    if ( ! isset( $content_width ) ) $content_width = 900;
  9. Deprecated functions : screen_icon screen_icon found in file wordpress-importer.php. Deprecated since version 3.8.
    Ligne1032: screen_icon();
  10. Deprecated functions : wp_get_http wp_get_http found in file wordpress-importer.php. Deprecated since version 4.4. Use WP_Http instead.
    Ligne905: $headers = wp_get_http( $url, $upload['file'] );
  11. Deprecated functions : get_currentuserinfo get_currentuserinfo found in file form-edit-address.php. Deprecated since version 4.5. Use wp_get_current_user instead.
    Ligne23: get_currentuserinfo();
  12. Post pagination : Implementation The theme doesn't have post pagination code in it. Use posts_nav_link() or paginate_links() or the_posts_pagination() or the_posts_navigation() or next_posts_link() and previous_posts_link() to add post pagination.
  13. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was css3_web_pricing_tables_grids.zip js_composer.zip.
Warning
  1. theme tags : Presence of bad theme tagsThe tag light has been deprecated, it must be removed from style.css header.The tag white has been deprecated, it must be removed from style.css header.The tag flexible-width has been deprecated, it must be removed from style.css header.
  2. Text domain : Incorrect use of translation functions.Wrong installation directory for the theme name. The directory name must match the slug of the theme. This theme's correct slug and text-domain is medicenter-themekiller-com.
  3. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function __, with the arguments "js_composer" in file functions.php.Found a translation function that is missing a text-domain. Function __, with the arguments ' %1$s, %2$s' in file comments.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Install Required Plugins' in file plugins_activator.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Install Plugins' in file plugins_activator.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Installing Plugin: %s' in file plugins_activator.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Something went wrong with the plugin API.' in file plugins_activator.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'This theme requires the following plugin: %1$s.', 'This theme requires the following plugins: %1$s.' in file plugins_activator.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'This theme recommends the following plugin: %1$s.', 'This theme recommends the following plugins: %1$s.' in file plugins_activator.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to install the %s plugin. Contact the administrator of this site for help on getting the plugin installed.', 'Sorry, but you do not have the correct permissions to install the %s plugins. Contact the administrator of this site for help on getting the plugins installed.' in file plugins_activator.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following required plugin is currently inactive: %1$s.', 'The following required plugins are currently inactive: %1$s.' in file plugins_activator.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following recommended plugin is currently inactive: %1$s.', 'The following recommended plugins are currently inactive: %1$s.' in file plugins_activator.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to activate the %s plugin. Contact the administrator of this site for help on getting the plugin activated.', 'Sorry, but you do not have the correct permissions to activate the %s plugins. Contact the administrator of this site for help on getting the plugins activated.' in file plugins_activator.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following plugin needs to be updated to its latest version to ensure maximum compatibility with this theme: %1$s. Please check update instructions <a href="http://support.quanticalabs.com/forum/topic/6423/faq-frequently-asked-questions#question_55">here</a>.', 'The following plugins need to be updated to their latest version to ensure maximum compatibility with this theme: %1$s. Please check update instructions <a href="http://support.quanticalabs.com/forum/topic/6423/faq-frequently-asked-questions#question_55">here</a>.' in file plugins_activator.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to update the %s plugin. Contact the administrator of this site for help on getting the plugin updated.', 'Sorry, but you do not have the correct permissions to update the %s plugins. Contact the administrator of this site for help on getting the plugins updated.' in file plugins_activator.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Begin installing plugin', 'Begin installing plugins' in file plugins_activator.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Activate installed plugin', 'Activate installed plugins' in file plugins_activator.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Return to Required Plugins Installer' in file plugins_activator.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Plugin activated successfully.' in file plugins_activator.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'All plugins installed and activated successfully. %s' in file plugins_activator.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are medicenter, tgmpa, woocommerce, js_composer, wordpress-importer.
  4. Plugin territory : Plugin territory functionalitiesThe theme uses the register_post_type() function, which is plugin-territory functionality.The theme uses the add_shortcode() function. Custom post-content shortcodes are plugin-territory functionality.
  5. Unwanted files : Windows thumbnail storethumbs.db was found.
  6. Fundamental theme elements : Presence of add_theme_support()Could not find add_theme_support( 'automatic-feed-links' ).
  7. Fundamental theme elements : Presence of wp_link_pages()Could not find wp_link_pages.
  8. Comment reply : Declaration of comment replyCould not find the comment-reply script enqueued, however a reference to 'comment-reply' was found. Make sure that the comment-reply js script is being enqueued properly on singular pages.
  9. Custom elements : Presence of custom headerNo reference to custom header was found in the theme.
  10. Deprecated functions : screen_iconscreen_icon found in file wordpress-importer.php. Deprecated since version 3.8.
    Ligne1032: screen_icon();
  11. Editor style : Presence of editor styleNo reference to add_editor_style() was found in the theme. It is recommended that the theme implements editor styling, so as to make the editor content match the resulting post output in the theme, for a better user experience.
  12. I18N implementation : Proper use of ___all(Possible variable $value found in translation function in photostream.php. Translation function calls should not contain PHP variables. Possible variable $value found in translation function in photostream.php. Translation function calls should not contain PHP variables. Possible variable $value found in translation function in small_slider.php. Translation function calls should not contain PHP variables. Possible variable $value found in translation function in small_slider.php. Translation function calls should not contain PHP variables. Possible variable $value found in translation function in slider.php. Translation function calls should not contain PHP variables. Possible variable $value found in translation function in carousel.php. Translation function calls should not contain PHP variables. Possible variable $value found in translation function in carousel.php. Translation function calls should not contain PHP variables. Possible variable $text_val found in translation function in functions.php. Translation function calls should not contain PHP variables. Possible variable $theme_text_domain found in translation function in plugins_activator.php. Translation function calls should not contain PHP variables. Possible variable $theme_text_domain found in translation function in plugins_activator.php. Translation function calls should not contain PHP variables. Possible variable $theme_text_domain found in translation function in plugins_activator.php. Translation function calls should not contain PHP variables. Possible variable $theme_text_domain found in translation function in plugins_activator.php. Translation function calls should not contain PHP variables. Possible variable $theme_text_domain found in translation function in plugins_activator.php. Translation function calls should not contain PHP variables. Possible variable $theme_text_domain found in translation function in plugins_activator.php. Translation function calls should not contain PHP variables. Possible variable $theme_text_domain found in translation function in plugins_activator.php. Translation function calls should not contain PHP variables.
  13. I18N implementation : Proper use of _x(Possible variable $themename found in translation function in sidebars.php. Translation function calls should not contain PHP variables. Possible variable $themename found in translation function in post-type-weekdays.php. Translation function calls should not contain PHP variables.
  14. CSS files : Presence of text domainText Domain: is missing from your style.css header.
  15. Date and time implementation : Use of the_time()At least one hard coded date was found in the file search.php. Function get_option( 'date_format' ) should be used instead.At least one hard coded date was found in the file single.php. Function get_option( 'date_format' ) should be used instead.
  16. Screenshot : Screenshot fileScreenshot size is 880x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file footer.php.
    Ligne41: <p class='TK'>Powered by <a href='http://www.themekiller.com/' title='themekiller' rel='follow'> themekiller.
    Possible hard-coded links were found in the file widget-twitter.php.
    Ligne144: 1. <a href='https://dev.twitter.com/apps/new' target='_blank'>Add a new Twitter applica
  2. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  3. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  4. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  5. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  6. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  7. Optional files : Presence of author template file author.phpThis theme does not contain optional file author.php.
  8. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  9. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  10. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  11. Use of includes : Use of include or requireThe theme appears to use include or require : sidebar-header.php
    Ligne3: include('searchform.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : search.php
    Ligne167: require_once('pagination.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : theme-options.php
    Ligne235: require_once('importer/importer.php');
    Ligne258: require_once('importer/importer.php');
    Ligne384: require_once('importer/importer.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : shortcodes.php
    Ligne53: //require_once('accordion.php');
    Ligne55: //require_once('nested_tabs.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : single.php
    Ligne162: require_once('comments-form.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : importer.php
    Ligne14: require_once($class_wp_importer);
    Ligne23: require_once($class_wp_import);
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : plugins_activator.php
    Ligne2: require_once('class-tgm-plugin-activation.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes