12
Validation results

OneMax

OneMax

WordPress 4.8.2 theme
12
Critical alerts
  1. Customizer : Sanitization of Customizer settings Found a Customizer setting that did not have a sanitization callback function in file extension_customizer.php. Every call to the add_setting() method needs to have a sanitization callback function passed.
  2. Malware : Operations on file system file_get_contents was found in the file functions.php
    Ligne19: //$old_adaptive=file_get_contents($adaptive_file);
    Ligne41: $htaccess_old_contents = file_get_contents( $htaccess_path );
    Ligne50: $htaccess_old_contents = file_get_contents( $htaccess_path );
    file_put_contents was found in the file functions.php
    Ligne21: //@file_put_contents( $adaptive_file, $new_adaptive );
    Ligne43: @file_put_contents( $htaccess_path, $htaccess_new_contents );
    Ligne52: @file_put_contents( $htaccess_path, $htaccess_new_contents );
    fopen was found in the file functions.php
    Ligne40: if(( ! file_exists( $htaccess_path ) && @fopen( $htaccess_path, 'w' ) ) || (   file_exists( $htaccess_path ) && is_w
    Ligne49: if(( ! file_exists( $htaccess_path ) && @fopen( $htaccess_path, 'w' ) ) || (   file_exists( $htaccess_path ) && is_w
    file_get_contents was found in the file functions.php
    Ligne19: //$old_adaptive=file_get_contents($adaptive_file);
    Ligne41: $htaccess_old_contents = file_get_contents( $htaccess_path );
    Ligne50: $htaccess_old_contents = file_get_contents( $htaccess_path );
    file_put_contents was found in the file functions.php
    Ligne21: //@file_put_contents( $adaptive_file, $new_adaptive );
    Ligne43: @file_put_contents( $htaccess_path, $htaccess_new_contents );
    Ligne52: @file_put_contents( $htaccess_path, $htaccess_new_contents );
    fopen was found in the file functions.php
    Ligne40: if(( ! file_exists( $htaccess_path ) && @fopen( $htaccess_path, 'w' ) ) || (   file_exists( $htaccess_path ) && is_w
    Ligne49: if(( ! file_exists( $htaccess_path ) && @fopen( $htaccess_path, 'w' ) ) || (   file_exists( $htaccess_path ) && is_w
    file_get_contents was found in the file functions.php
    Ligne19: //$old_adaptive=file_get_contents($adaptive_file);
    Ligne41: $htaccess_old_contents = file_get_contents( $htaccess_path );
    Ligne50: $htaccess_old_contents = file_get_contents( $htaccess_path );
    file_put_contents was found in the file functions.php
    Ligne21: //@file_put_contents( $adaptive_file, $new_adaptive );
    Ligne43: @file_put_contents( $htaccess_path, $htaccess_new_contents );
    Ligne52: @file_put_contents( $htaccess_path, $htaccess_new_contents );
    fopen was found in the file attachment.php
    Ligne276: $fp = fopen($file, 'r');
    fread was found in the file attachment.php
    Ligne277: $data = fread($fp, filesize($file));
    fclose was found in the file attachment.php
    Ligne278: fclose($fp);
    file_get_contents was found in the file parsers.php
    Ligne66: $success = $dom->loadXML( file_get_contents( $file ) );
    Ligne269: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) {
    file_get_contents was found in the file parsers.php
    Ligne66: $success = $dom->loadXML( file_get_contents( $file ) );
    Ligne269: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) {
    fopen was found in the file parsers.php
    Ligne415: $fp = $this->fopen( $file, 'r' );
    Ligne641: function fopen( $filename, $mode = 'r' ) {
    Ligne644: return fopen( $filename, $mode );
    fclose was found in the file parsers.php
    Ligne464: $this->fclose($fp);
    Ligne659: function fclose( $fp ) {
    Ligne662: return fclose( $fp );
    fopen was found in the file parsers.php
    Ligne415: $fp = $this->fopen( $file, 'r' );
    Ligne641: function fopen( $filename, $mode = 'r' ) {
    Ligne644: return fopen( $filename, $mode );
    fopen was found in the file parsers.php
    Ligne415: $fp = $this->fopen( $file, 'r' );
    Ligne641: function fopen( $filename, $mode = 'r' ) {
    Ligne644: return fopen( $filename, $mode );
    fclose was found in the file parsers.php
    Ligne464: $this->fclose($fp);
    Ligne659: function fclose( $fp ) {
    Ligne662: return fclose( $fp );
    fclose was found in the file parsers.php
    Ligne464: $this->fclose($fp);
    Ligne659: function fclose( $fp ) {
    Ligne662: return fclose( $fp );
    file_get_contents was found in the file radium-importer.php
    Ligne263: $data = file_get_contents( $file );
    Ligne338: $data = file_get_contents( $file );
    file_get_contents was found in the file radium-importer.php
    Ligne263: $data = file_get_contents( $file );
    Ligne338: $data = file_get_contents( $file );
    fwrite was found in the file scss.inc.php
    Ligne831: //fwrite(STDERR, 'Line $line DEBUG: $value\n');
    file_get_contents was found in the file scss.inc.php
    Ligne1654: //$code = file_get_contents($path);
    Ligne4433: //$imports = unserialize(file_get_contents($icache));
    Ligne4473: //$css = $this->scss->compile(file_get_contents($in), $in);
    Ligne4537: //echo file_get_contents($output);
    file_get_contents was found in the file scss.inc.php
    Ligne1654: //$code = file_get_contents($path);
    Ligne4433: //$imports = unserialize(file_get_contents($icache));
    Ligne4473: //$css = $this->scss->compile(file_get_contents($in), $in);
    Ligne4537: //echo file_get_contents($output);
    file_get_contents was found in the file scss.inc.php
    Ligne1654: //$code = file_get_contents($path);
    Ligne4433: //$imports = unserialize(file_get_contents($icache));
    Ligne4473: //$css = $this->scss->compile(file_get_contents($in), $in);
    Ligne4537: //echo file_get_contents($output);
    file_put_contents was found in the file scss.inc.php
    Ligne4482: //file_put_contents($out, $css);
    Ligne4483: //file_put_contents($this->importsCacheName($out),
    file_put_contents was found in the file scss.inc.php
    Ligne4482: //file_put_contents($out, $css);
    Ligne4483: //file_put_contents($this->importsCacheName($out),
    file_get_contents was found in the file scss.inc.php
    Ligne1654: //$code = file_get_contents($path);
    Ligne4433: //$imports = unserialize(file_get_contents($icache));
    Ligne4473: //$css = $this->scss->compile(file_get_contents($in), $in);
    Ligne4537: //echo file_get_contents($output);
    fopen was found in the file class.redux_helpers.php
    Ligne657: //$fp = fopen( $file, 'r' );
    fread was found in the file class.redux_helpers.php
    Ligne660: //$file_data = fread( $fp, 8192 );
    fclose was found in the file class.redux_helpers.php
    Ligne663: //fclose( $fp );
    readfile was found in the file adaptive-images.php
    Ligne69: readfile($filename);
  3. Admin menu : Themes should use add_theme_page() for adding admin pages. File framework.php :
    Ligne1338: // wrappers and need to be appened to using add_submenu_page.
    Ligne1389: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission
    Ligne1447: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['t
    File framework.php :
    Ligne1338: // wrappers and need to be appened to using add_submenu_page.
    Ligne1389: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission
    Ligne1447: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['t
    File framework.php :
    Ligne1415: $this->page = call_user_func( 'add_menu_page', $this->args['page_title'], $this->args['menu_title'], $this
    File framework.php :
    Ligne1338: // wrappers and need to be appened to using add_submenu_page.
    Ligne1389: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission
    Ligne1447: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['t
  4. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was visual-composer.zip contact-form7.zip layerslider.zip slider-revolution.zip onemax-core.zip.
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in framework.php. Themes must not deregister core scripts.
    Ligne561: wp_deregister_script( 'wpb_ace' );
    Found wp_deregister_script in enqueue.php. Themes must not deregister core scripts.
    Ligne215: wp_deregister_script( 'jquerySelect2' );
  2. theme tags : Presence of bad theme tagsFound wrong tag in style.css header.
  3. Text domain : Incorrect use of translation functions.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are onemax, req-core, redux-framework, wordpress-importer, radium, framework, themecheck.
  4. Plugin territory : Plugin territory functionalitiesThe theme uses the add_shortcode() function. Custom post-content shortcodes are plugin-territory functionality.
  5. Custom elements : Presence of custom headerNo reference to custom header was found in the theme.
  6. Custom elements : Presence of custom backgroundNo reference to custom background was found in the theme.
  7. Editor style : Presence of editor styleNo reference to add_editor_style() was found in the theme. It is recommended that the theme implements editor styling, so as to make the editor content match the resulting post output in the theme, for a better user experience.
  8. Screenshot : Screenshot fileBad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  2. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  3. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  4. Optional files : Presence of category template file category.phpThis theme does not contain optional file category.php.
  5. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  6. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  7. Optional files : Presence of author template file author.phpThis theme does not contain optional file author.php.
  8. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  9. Optional files : Presence of archive template file archive.phpThis theme does not contain optional file archive.php.
  10. Use of includes : Use of include or requireThe theme appears to use include or require : extension_color_scheme.php
    Ligne90: //include_once($this->extension_dir . 'color_scheme/inc/class.customizer.php'
    Ligne114: include_once($this->extension_dir . 'color_scheme/inc/class.color_scheme_fu
    Ligne175: include_once($this->extension_dir . 'color_scheme/inc/class.color_scheme_fu
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class.customizer.php
    Ligne15: include_once($ext_dir . 'color_scheme/inc/class.color_scheme_functions.php'
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : framework.php
    Ligne405: require_once 'core/dashboard.php';
    Ligne410: require_once 'core/newsflash.php';
    Ligne1696: require_once 'core/enqueue.php';
    Ligne2845: require_once 'core/enqueue.php';
    Ligne2903: require_once 'core/panel.php';
    Ligne3232: require_once 'core/panel.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : extension_customizer.php
    Ligne749: require_once( $class_file );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : scss.inc.php
    Ligne2818: 
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : field_button_set.php
    Ligne46: *              ['format']      string Formatting options for paginate fields. Options include ('currency','nice','niceShort','timeAgoInWords' or a valid Date() f
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : vc_onemax.php
    Ligne19: //include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
    Ligne20: require (dirname(__FILE__).'/icons_params.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.

This is a ThemeForest theme. Since Themeforest items are all checked by a human before they appear on their website, ThemeForest verification rules are more permissive than themecheck's and can give a better verification score ( Themeforest requirements ).

55
Critical alerts
  1. Customizer : Sanitization of Customizer settings Found a Customizer setting that did not have a sanitization callback function in file extension_customizer.php. Every call to the add_setting() method needs to have a sanitization callback function passed.
  2. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was visual-composer.zip contact-form7.zip layerslider.zip slider-revolution.zip onemax-core.zip.
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in framework.php. Themes must not deregister core scripts.
    Ligne561: wp_deregister_script( 'wpb_ace' );
    Found wp_deregister_script in enqueue.php. Themes must not deregister core scripts.
    Ligne215: wp_deregister_script( 'jquerySelect2' );
  2. theme tags : Presence of bad theme tagsFound wrong tag in style.css header.
  3. Text domain : Incorrect use of translation functions.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are onemax, req-core, redux-framework, wordpress-importer, radium, framework, themecheck.
  4. Plugin territory : Plugin territory functionalitiesThe theme uses the add_shortcode() function. Custom post-content shortcodes are plugin-territory functionality.
  5. Screenshot : Screenshot fileBad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  2. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  3. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  4. Optional files : Presence of category template file category.phpThis theme does not contain optional file category.php.
  5. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  6. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  7. Optional files : Presence of author template file author.phpThis theme does not contain optional file author.php.
  8. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  9. Optional files : Presence of archive template file archive.phpThis theme does not contain optional file archive.php.
  10. Use of includes : Use of include or requireThe theme appears to use include or require : extension_color_scheme.php
    Ligne90: //include_once($this->extension_dir . 'color_scheme/inc/class.customizer.php'
    Ligne114: include_once($this->extension_dir . 'color_scheme/inc/class.color_scheme_fu
    Ligne175: include_once($this->extension_dir . 'color_scheme/inc/class.color_scheme_fu
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class.customizer.php
    Ligne15: include_once($ext_dir . 'color_scheme/inc/class.color_scheme_functions.php'
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : framework.php
    Ligne405: require_once 'core/dashboard.php';
    Ligne410: require_once 'core/newsflash.php';
    Ligne1696: require_once 'core/enqueue.php';
    Ligne2845: require_once 'core/enqueue.php';
    Ligne2903: require_once 'core/panel.php';
    Ligne3232: require_once 'core/panel.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : extension_customizer.php
    Ligne749: require_once( $class_file );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : scss.inc.php
    Ligne2818: 
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : field_button_set.php
    Ligne46: *              ['format']      string Formatting options for paginate fields. Options include ('currency','nice','niceShort','timeAgoInWords' or a valid Date() f
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : vc_onemax.php
    Ligne19: //include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
    Ligne20: require (dirname(__FILE__).'/icons_params.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes