0
Validation results

Onion

Onion

WordPress 4.7.5 theme
0
Critical alerts
  1. Title : Title No reference to add_theme_support( "title-tag" ) was found in the theme.The theme needs to have <title> tags, ideally in the header.php file.The theme needs to have a call to wp_title(), ideally in the header.php file.The <title> tags can only contain a call to wp_title(). Use the wp_title filter to modify the output.
  2. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe height='720px' width='100%' src='http://smthemes.com/updates/'> in file administrator.php.
    Line 45: jQuery('<iframe height='720px' width='100%' src='http://smthemes.com/updates/'></if
    Line 60: jQuery('<iframe height='720px' width='100%' src='http://smthemes.com/updates/'></if
    Found <iframe src="//www.facebook.com/plugins/like.php?href=smt_social_url&amp;send=false&amp;layout=box_count&amp;width=50&amp;show_faces=false&amp;action=like&amp;colorscheme=light&amp;font&amp;height=65&amp;locale=en_US" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:50px; height:65px;" allowTransparency="true"> in file settings.php.
    Line 236: 'code'=>'<iframe src='//www.facebook.com/plugins/like.php?href=smt_social_url&amp;se
  3. Malware : Operations on file system file_get_contents was found in the file functions.php
    Line 314: $videoinf = unserialize(file_get_contents('http://vimeo.com/api/v2/video/'.$id.'.php'));
    file_get_contents was found in the file flickr.php
    Line 36: $s=file_get_contents($url);
    file_get_contents was found in the file video.php
    Line 56: $videoinf = unserialize(file_get_contents('http://vimeo.com/api/v2/video/'.$video['videoid'].'.php'
    fopen was found in the file administrator.php
    Line 213: if ($handle=@fopen(TEMPLATEPATH.'/license.txt', 'r')) {
    fread was found in the file administrator.php
    Line 214: $txt=fread($handle, filesize(TEMPLATEPATH.'/license.txt'));
    fopen was found in the file update.php
    Line 20: if ( !check_func('fopen') || !check_func('fread') || !check_func('fwrite') || !check_func('to
    Line 24: $source=fopen($file->filename,'r');
    Line 28: $handle=fopen($file->filename,'w');
    fread was found in the file update.php
    Line 20: if ( !check_func('fopen') || !check_func('fread') || !check_func('fwrite') || !check_func('touch') || !check_func('fi
    Line 26: $txt=fread($source, filesize($file->filename));
    fclose was found in the file update.php
    Line 27: fclose($source);
    Line 35: fclose($handle);
    fopen was found in the file update.php
    Line 20: if ( !check_func('fopen') || !check_func('fread') || !check_func('fwrite') || !check_func('to
    Line 24: $source=fopen($file->filename,'r');
    Line 28: $handle=fopen($file->filename,'w');
    file_get_contents was found in the file update.php
    Line 20: if ( !check_func('fopen') || !check_func('fread') || !check_func('fwrite') || !check_func('touch') || !check_func('file_get_contents') ) return 2;
    Line 32: $txt=file_get_contents('http://smthemes.com/'.$file->content);
    fwrite was found in the file update.php
    Line 20: if ( !check_func('fopen') || !check_func('fread') || !check_func('fwrite') || !check_func('touch') || !check_func('file_get_contents') ) retu
    Line 34: fwrite($handle, $txt);
    fclose was found in the file update.php
    Line 27: fclose($source);
    Line 35: fclose($handle);
    fopen was found in the file library.php
    Line 371: $pаrams=@fopen(get_theme_root().'/'.get_template().'/'.$settingsfile,'rt');
    Line 373: $defpаrams=@fopen(get_theme_root().'/'.get_template().'/inc/'.$$defparamsfile,'r');
    fread was found in the file library.php
    Line 372: $pаrams = @fread($pаrams, @filesize(get_theme_root().'/'.get_template().'/'.$settings
    Line 374: $defpаrams = @fread($defpаrams, @filesize(get_theme_root().'/'.get_template().'/inc/'.$$
    fopen was found in the file library.php
    Line 371: $pаrams=@fopen(get_theme_root().'/'.get_template().'/'.$settingsfile,'rt');
    Line 373: $defpаrams=@fopen(get_theme_root().'/'.get_template().'/inc/'.$$defparamsfile,'r');
    fread was found in the file library.php
    Line 372: $pаrams = @fread($pаrams, @filesize(get_theme_root().'/'.get_template().'/'.$settings
    Line 374: $defpаrams = @fread($defpаrams, @filesize(get_theme_root().'/'.get_template().'/inc/'.$$
  4. Malware : Network operations curl_init was found in the file administrator.php
    Line 786: $ch = curl_init($url);
    curl_exec was found in the file administrator.php
    Line 792: $response = curl_exec($ch); 
  5. Admin menu : Themes should use add_theme_page() for adding admin pages. File administrator.php :
    Line 28: add_menu_page('Theme', $name, 'manage_options', 'OptionsPage', array(&$this
    File administrator.php :
    Line 144: add_submenu_page( 'OptionsPage', $menu['name'], $menu['name'], 'manage_opti
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in library.php. Themes must not deregister core scripts.
    Line 14: wp_deregister_script( 'jquery' );
  2. theme tags : Presence of bad theme tagsThe tag black has been deprecated, it must be removed from style.css header.The tag green has been deprecated, it must be removed from style.css header.The tag dark has been deprecated, it must be removed from style.css header.The tag fixed-width has been deprecated, it must be removed from style.css header.
  3. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function _n, with the arguments in file functions.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are logout, </a>, says, :</span>.
  4. Plugin territory : Plugin territory functionalitiesThe theme uses the add_shortcode() function. Custom post-content shortcodes are plugin-territory functionality.
  5. Non-printable characters : Presence of non-printable characters in PHP filesNon-printable characters were found in file library.php. This is an indicator of potential errors in PHP code.
    Line 371: $pаrams=@fopen(get_theme_root().'/'.get_template().'/'.$settingsfile,'rt');
    Line 372: $pаrams = @fread($pаrams, @filesize(get_theme_root().'/'.get_template().'/'
    Line 373: $defpаrams=@fopen(get_theme_root().'/'.get_template().'/inc/'.$$defparamsfile,'
    Line 374: $defpаrams = @fread($defpаrams, @filesize(get_theme_root().'/'.get_template().
    Line 384: $sections=explode('%%',$defpаrams);
    Line 396: $supported=$supported||preg_match($rparam,$pаrams);
  6. Line endings consistency : Both DOS and UNIX style line endingsFound a mix of \r\n and \n line endings in file tablet.css.Found a mix of \r\n and \n line endings in file index.css.
  7. Custom elements : Presence of custom headerNo reference to custom header was found in the theme.
  8. Custom elements : Presence of custom backgroundNo reference to custom background was found in the theme.
  9. I18N implementation : Proper use of ___all(Possible variable $SMTheme found in translation function in comments.php. Translation function calls should not contain PHP variables.
    Line 41: 'logged_in_as'         => '<p class='logged-in-as'>' . sprintf( __( $SMTheme->_( 'loggedinas' ).' <a href='%1$s'>%2$s</a>. <a href='%3$s' t
    Possible variable $SMTheme found in translation function in library.php. Translation function calls should not contain PHP variables.
    Line 517: <?php printf(__('<cite class='author-name'>%s</cite>&nbsp;&nbsp;<span class='says'>'.$SM
  10. CSS files : Presence of text domainText Domain: is missing from your style.css header.
  11. CSS files : Presence of .sticky class.sticky css class is needed in theme css.
  12. CSS files : Presence of .bypostauthor class.bypostauthor css class is needed in theme css.
  13. CSS files : Presence of .wp-caption class.wp-caption css class is needed in theme css.
  14. CSS files : Presence of .wp-caption-text class.wp-caption-text css class is needed in theme css.
  15. CSS files : Presence of .gallery-caption class.gallery-caption css class is needed in theme css.
  16. CSS files : Presence of .screen-reader-text class.screen-reader-text css class is needed in your theme css. See : the Codex for an example implementation.
  17. Screenshot : Screenshot fileScreenshot dimensions are wrong! Detected: 479x361px (479:361). Ratio of width to height should be 4:3.Screenshot size is 479x361px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file administrator.php.
    Line 231: <li><a href='http://smthemes.com/support'>Forum</a></li>
    Line 233: <li><a href='http://smthemes.com/terms-of-services/'>Licence</a></li>
    Possible hard-coded links were found in the file settings.php.
    Line 241: 'code'=>'<a href='https://twitter.com/share' class='twitter-share-button' data-count='vertica
    Line 277: 'code'=>'<a href='http://pinterest.com/pin/create/button/?url=smt_social_url&media=smt_social
    Line 282: 'code'=>'<a href='http://bufferapp.com/add' class='buffer-add-button' data-count='vertical'>B
    Line 314: <a href='http://www.delicious.com/save' onclick='window.open('http://www.delicious.c
    Line 347: 'code'=>'<a href='http://www.tumblr.com/share' title='Share on Tumblr' style='display:inline-
    Line 787: <b>Theme Author:</b> <a href='http://smthemes.com'>SMThemes</a><br />
    Line 788: <b>Theme Homepage:</b> <a href='http://smthemes.com/'.$themename.''>http://smthemes.com/'.$themename.'</a><
    Line 789: <b>Support Forums:</b> <a href='http://smthemes.com/support/forum/'.$themename.'-free-wordpress-theme'>http
  2. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  3. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  4. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  5. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  6. Optional files : Presence of author template file author.phpThis theme does not contain optional file author.php.
  7. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  8. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  9. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  10. Use of includes : Use of include or requireThe theme appears to use include or require : update.php
    Line 4: require_once('../../../../wp-config.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : activation.php
    Line 38: if (!include_once( get_template_directory() . $file )) {
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.

This is a ThemeForest theme. Since Themeforest items are all checked by a human before they appear on their website, ThemeForest verification rules are more permissive than themecheck's and can give a better verification score ( Themeforest requirements ).

46
Critical alerts
  1. Title : Title No reference to add_theme_support( "title-tag" ) was found in the theme.The theme needs to have <title> tags, ideally in the header.php file.The theme needs to have a call to wp_title(), ideally in the header.php file.The <title> tags can only contain a call to wp_title(). Use the wp_title filter to modify the output.
  2. Malware : Network operations curl_init was found in the file administrator.php
    Line 786: $ch = curl_init($url);
    curl_exec was found in the file administrator.php
    Line 792: $response = curl_exec($ch); 
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in library.php. Themes must not deregister core scripts.
    Line 14: wp_deregister_script( 'jquery' );
  2. theme tags : Presence of bad theme tagsThe tag black has been deprecated, it must be removed from style.css header.The tag green has been deprecated, it must be removed from style.css header.The tag dark has been deprecated, it must be removed from style.css header.The tag fixed-width has been deprecated, it must be removed from style.css header.
  3. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function _n, with the arguments in file functions.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are logout, </a>, says, :</span>.
  4. Plugin territory : Plugin territory functionalitiesThe theme uses the add_shortcode() function. Custom post-content shortcodes are plugin-territory functionality.
  5. Non-printable characters : Presence of non-printable characters in PHP filesNon-printable characters were found in file library.php. This is an indicator of potential errors in PHP code.
    Line 371: $pаrams=@fopen(get_theme_root().'/'.get_template().'/'.$settingsfile,'rt');
    Line 372: $pаrams = @fread($pаrams, @filesize(get_theme_root().'/'.get_template().'/'
    Line 373: $defpаrams=@fopen(get_theme_root().'/'.get_template().'/inc/'.$$defparamsfile,'
    Line 374: $defpаrams = @fread($defpаrams, @filesize(get_theme_root().'/'.get_template().
    Line 384: $sections=explode('%%',$defpаrams);
    Line 396: $supported=$supported||preg_match($rparam,$pаrams);
  6. Line endings consistency : Both DOS and UNIX style line endingsFound a mix of \r\n and \n line endings in file tablet.css.Found a mix of \r\n and \n line endings in file index.css.
  7. CSS files : Presence of text domainText Domain: is missing from your style.css header.
  8. CSS files : Presence of .sticky class.sticky css class is needed in theme css.
  9. CSS files : Presence of .bypostauthor class.bypostauthor css class is needed in theme css.
  10. CSS files : Presence of .wp-caption class.wp-caption css class is needed in theme css.
  11. CSS files : Presence of .wp-caption-text class.wp-caption-text css class is needed in theme css.
  12. CSS files : Presence of .gallery-caption class.gallery-caption css class is needed in theme css.
  13. CSS files : Presence of .screen-reader-text class.screen-reader-text css class is needed in your theme css. See : the Codex for an example implementation.
  14. Screenshot : Screenshot fileScreenshot dimensions are wrong! Detected: 479x361px (479:361). Ratio of width to height should be 4:3.Screenshot size is 479x361px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file administrator.php.
    Line 231: <li><a href='http://smthemes.com/support'>Forum</a></li>
    Line 233: <li><a href='http://smthemes.com/terms-of-services/'>Licence</a></li>
    Possible hard-coded links were found in the file settings.php.
    Line 241: 'code'=>'<a href='https://twitter.com/share' class='twitter-share-button' data-count='vertica
    Line 277: 'code'=>'<a href='http://pinterest.com/pin/create/button/?url=smt_social_url&media=smt_social
    Line 282: 'code'=>'<a href='http://bufferapp.com/add' class='buffer-add-button' data-count='vertical'>B
    Line 314: <a href='http://www.delicious.com/save' onclick='window.open('http://www.delicious.c
    Line 347: 'code'=>'<a href='http://www.tumblr.com/share' title='Share on Tumblr' style='display:inline-
    Line 787: <b>Theme Author:</b> <a href='http://smthemes.com'>SMThemes</a><br />
    Line 788: <b>Theme Homepage:</b> <a href='http://smthemes.com/'.$themename.''>http://smthemes.com/'.$themename.'</a><
    Line 789: <b>Support Forums:</b> <a href='http://smthemes.com/support/forum/'.$themename.'-free-wordpress-theme'>http
  2. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  3. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  4. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  5. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  6. Optional files : Presence of author template file author.phpThis theme does not contain optional file author.php.
  7. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  8. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  9. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  10. Use of includes : Use of include or requireThe theme appears to use include or require : update.php
    Line 4: require_once('../../../../wp-config.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : activation.php
    Line 38: if (!include_once( get_template_directory() . $file )) {
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes