0
Validation results

Oshin - JOJOThemes.com

Oshin - JOJOThemes.com

WordPress 4.9.8 theme
0
    Error 8 : Undefined index: slug
    In /home/www/themecheck/themecheck/controllers/controller_results.php line 772
  • THEME TYPEWordPress theme 4.9.8
  • FILE NAMEoshine.zip
  • FILE SIZE15342968 bytes
  • MD54535c166bed27fc97218f3c82f58bc5d
  • SHA12d30a1e2fc6a772f70c380d3ebffb27bc1ac0775
  • LICENSEGNU GPL 2
  • FILES INCLUDEDCSS, PHP, XML, Bitmap images, Adobe Illustrator
  • THEME URIhttp://brandexponents.com/oshin/
  • VERSION4.6.1
  • AUTHOR URI
  • TAGSblack, green, white, light, two-columns, three-columns, left-sidebar, right-sidebar, fixed-layout, responsive-layout, custom-header, custom-menu, featured-images, flexible-header, full-width-template, post-formats, sticky-post, theme-options, translation-ready
  • CREATION DATE2017-03-12
  • LAST FILE UPDATE2017-03-12
  • LAST VALIDATION2017-03-12 18:34
  • OTHER VERSIONS

    6.5.3 : 0%

Critical alerts
  1. Customizer : Sanitization of Customizer settings Found a Customizer setting that did not have a sanitization callback function in file extension_customizer.php. Every call to the add_setting() method needs to have a sanitization callback function passed.
  2. Security breaches : Use of base64_encode() Found base64_encode in file class-wp-twitter-api.php.
     $bearer_token_credentials_64 = base64_encode( $bearer_token_credentials );
  3. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe src='//www.facebook.com/plugins/like.php?href=".urlencode($url)."&amp;send=false&amp;layout=button_count&amp;width=100&amp;show_faces=false&amp;action=like&amp;colorscheme=light&amp;font&amp;height=35&amp;appId=173868296037629' scrolling='no' frameborder='0' style='border:none; overflow:hidden; width:100px; height:20px;' allowTransparency='true'> in file helpers.php.
    Line 152: $out = '<iframe src='//www.facebook.com/plugins/like.php?href='.urlencode($url).'&a
    Found <iframe class="be-youtube-video gallery" src="https://www.youtube.com/embed/'.$video_id.'?wmode=transparent" style="border: none;"> in file common-helpers.php.
    Line 211: return '<iframe class='be-youtube-video gallery' src='https://www.youtube.com/embed
  4. Malware : Operations on file system file_get_contents was found in the file ajax-handler.php
    Line 401: $result    = file_get_contents($url, null, stream_context_create(array(
    file_get_contents was found in the file be-themes-update-config.php
    Line 249: 'content'   => nl2br(file_get_contents(trailingslashit(dirname(__FILE__)) . 'README.html'))
    file_get_contents was found in the file be-themes-options-config.php
    Line 3609: 'content'   => nl2br(file_get_contents(trailingslashit(dirname(__FILE__)) . 'README.html'))
    file_get_contents was found in the file Pinterest.class.php
    Line 184: return file_get_contents($cache_file);
    file_put_contents was found in the file Pinterest.class.php
    Line 206: file_put_contents($cache_file, $contents, LOCK_EX);
    fwrite was found in the file scss.inc.php
    Line 831: //fwrite(STDERR, 'Line $line DEBUG: $value\n');
    file_get_contents was found in the file scss.inc.php
    Line 1654: //$code = file_get_contents($path);
    Line 4433: //$imports = unserialize(file_get_contents($icache));
    Line 4473: //$css = $this->scss->compile(file_get_contents($in), $in);
    Line 4537: //echo file_get_contents($output);
    file_get_contents was found in the file scss.inc.php
    Line 1654: //$code = file_get_contents($path);
    Line 4433: //$imports = unserialize(file_get_contents($icache));
    Line 4473: //$css = $this->scss->compile(file_get_contents($in), $in);
    Line 4537: //echo file_get_contents($output);
    file_get_contents was found in the file scss.inc.php
    Line 1654: //$code = file_get_contents($path);
    Line 4433: //$imports = unserialize(file_get_contents($icache));
    Line 4473: //$css = $this->scss->compile(file_get_contents($in), $in);
    Line 4537: //echo file_get_contents($output);
    file_put_contents was found in the file scss.inc.php
    Line 4482: //file_put_contents($out, $css);
    Line 4483: //file_put_contents($this->importsCacheName($out),
    file_put_contents was found in the file scss.inc.php
    Line 4482: //file_put_contents($out, $css);
    Line 4483: //file_put_contents($this->importsCacheName($out),
    file_get_contents was found in the file scss.inc.php
    Line 1654: //$code = file_get_contents($path);
    Line 4433: //$imports = unserialize(file_get_contents($icache));
    Line 4473: //$css = $this->scss->compile(file_get_contents($in), $in);
    Line 4537: //echo file_get_contents($output);
    fopen was found in the file class.redux_helpers.php
    Line 657: //$fp = fopen( $file, 'r' );
    fread was found in the file class.redux_helpers.php
    Line 660: //$file_data = fread( $fp, 8192 );
    fclose was found in the file class.redux_helpers.php
    Line 663: //fclose( $fp );
  5. Malware : Network operations curl_init was found in the file ajax-handler.php
    Line 387: if (function_exists('curl_init') && function_exists('curl_setopt')){
    Line 388: $ch = curl_init();
    curl_exec was found in the file ajax-handler.php
    Line 397: $result = curl_exec($ch);
    curl_init was found in the file Pinterest.class.php
    Line 152: $curl = curl_init();
    curl_exec was found in the file Pinterest.class.php
    Line 162: $response = curl_exec($curl);
  6. Admin menu : Themes should use add_theme_page() for adding admin pages. File functions.php :
    Line 308: remove_action('admin_notices', array('RevSliderAdmin', 'add_plugins_page_notices'));
    File be-themes-update-config.php :
    Line 307: 'page_parent'       => 'themes.php',            // For a full list of options, visit: http://codex.wordpress.org/Function_Reference/add_submenu_page#Parameters
    File be-themes-options-config.php :
    Line 3668: 'page_parent'       => 'themes.php',            // For a full list of options, visit: http://codex.wordpress.org/Function_Reference/add_submenu_page#Parameters
    File framework.php :
    Line 1347: // wrappers and need to be appened to using add_submenu_page.
    Line 1398: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission
    Line 1456: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['t
    File framework.php :
    Line 1347: // wrappers and need to be appened to using add_submenu_page.
    Line 1398: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission
    Line 1456: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['t
    File framework.php :
    Line 1424: $this->page = call_user_func( 'add_menu_page', $this->args['page_title'], $this->args['menu_title'], $this
    File framework.php :
    Line 1347: // wrappers and need to be appened to using add_submenu_page.
    Line 1398: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission
    Line 1456: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['t
    File welcome.php :
    Line 199: $page = 'add_management_page';
  7. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was meta-box-conditional-logic.zip meta-box-show-hide.zip revslider.zip masterslider.zip be-portfolio-post.zip be-page-builder.zip be-themes-one-click-import.zip meta-box-tabs.zip.
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in functions.php. Themes must not deregister core scripts.
    Line 215: wp_deregister_script( 'modernizr' );
    Line 219: wp_deregister_script( 'vimeo-api' );
    Line 224: wp_deregister_script( 'be-main-plugins-js' );
    Line 229: wp_deregister_script( 'be-theme-plugins-js' );
    Line 238: wp_deregister_script( 'be-scrollToSections-js' );
    Line 243: wp_deregister_script( 'be-canvas-js' );
    Line 248: wp_deregister_script( 'be-nprogress-js' );
    Line 253: wp_deregister_script( 'be-magnificpopup-js' );
    Line 258: wp_deregister_script( 'be-backgroundcheck-js' );
    Line 263: // wp_deregister_script( 'map-api' );
    Line 267: // wp_deregister_script( 'jquery_ui_custom' );
    Line 271: wp_deregister_script( 'be-themes-script-js' );
    Found wp_deregister_script in be-woo-functions.php. Themes must not deregister core scripts.
    Line 34: wp_deregister_script( 'be-themes-woocommerce-js' );
    Found wp_deregister_script in framework.php. Themes must not deregister core scripts.
    Line 565: wp_deregister_script( 'wpb_ace' );
    Found wp_deregister_script in enqueue.php. Themes must not deregister core scripts.
    Line 215: wp_deregister_script( 'jquerySelect2' );
  2. theme tags : Presence of bad theme tagsThe tag black has been deprecated, it must be removed from style.css header.The tag green has been deprecated, it must be removed from style.css header.The tag white has been deprecated, it must be removed from style.css header.The tag light has been deprecated, it must be removed from style.css header.The tag fixed-layout has been deprecated, it must be removed from style.css header.The tag responsive-layout has been deprecated, it must be removed from style.css header.
  3. Text domain : Incorrect use of translation functions.Wrong installation directory for the theme name. The directory name must match the slug of the theme. This theme's correct slug and text-domain is oshin-jojothemes-com.
  4. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'Current theme preview' in file be-themes-update-config.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'Current theme preview' in file be-themes-update-config.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'This <a href="%1$s">child theme</a> requires its parent theme, %2$s.' in file be-themes-update-config.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'Current theme preview' in file be-themes-options-config.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'Current theme preview' in file be-themes-options-config.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'This <a href="%1$s">child theme</a> requires its parent theme, %2$s.' in file be-themes-options-config.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'be-themes' in file helpers.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'be-themes' in file helpers.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Install Required Plugins' in file be-tgm-plugins.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Install Plugins' in file be-tgm-plugins.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Installing Plugin: %s' in file be-tgm-plugins.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Something went wrong with the plugin API.' in file be-tgm-plugins.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'This theme requires the following plugin: %1$s.', 'This theme requires the following plugins: %1$s.' in file be-tgm-plugins.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'This theme recommends the following plugin: %1$s.', 'This theme recommends the following plugins: %1$s.' in file be-tgm-plugins.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to install the %s plugin. Contact the administrator of this site for help on getting the plugin installed.', 'Sorry, but you do not have the correct permissions to install the %s plugins. Contact the administrator of this site for help on getting the plugins installed.' in file be-tgm-plugins.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following required plugin is currently inactive: %1$s.', 'The following required plugins are currently inactive: %1$s.' in file be-tgm-plugins.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following recommended plugin is currently inactive: %1$s.', 'The following recommended plugins are currently inactive: %1$s.' in file be-tgm-plugins.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to activate the %s plugin. Contact the administrator of this site for help on getting the plugin activated.', 'Sorry, but you do not have the correct permissions to activate the %s plugins. Contact the administrator of this site for help on getting the plugins activated.' in file be-tgm-plugins.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following plugin needs to be updated to its latest version to ensure maximum compatibility with this theme: %1$s.', 'The following plugins need to be updated to their latest version to ensure maximum compatibility with this theme: %1$s.' in file be-tgm-plugins.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to update the %s plugin. Contact the administrator of this site for help on getting the plugin updated.', 'Sorry, but you do not have the correct permissions to update the %s plugins. Contact the administrator of this site for help on getting the plugins updated.' in file be-tgm-plugins.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Begin installing plugin', 'Begin installing plugins' in file be-tgm-plugins.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Activate installed plugin', 'Activate installed plugins' in file be-tgm-plugins.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Return to Required Plugins Installer' in file be-tgm-plugins.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Plugin activated successfully.' in file be-tgm-plugins.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'All plugins installed and activated successfully. %s' in file be-tgm-plugins.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are be-themes, woothemes, rwmb, meta-box, woocommerce, tgmpa, be_themes, wp_twitter_api, redux-framework, themecheck.
  5. Plugin territory : Plugin territory functionalitiesThe theme uses the add_shortcode() function. Custom post-content shortcodes are plugin-territory functionality.
  6. I18N implementation : Proper use of ___all(Possible variable $theme_text_domain found in translation function in be-tgm-plugins.php. Translation function calls should not contain PHP variables.
    Line 178: 'page_title'                       			=> __( 'Install Required Plugins', $theme_text_domain ),
    Possible variable $theme_text_domain found in translation function in be-tgm-plugins.php. Translation function calls should not contain PHP variables.
    Line 179: 'menu_title'                       			=> __( 'Install Plugins', $theme_text_domain ),
    Possible variable $theme_text_domain found in translation function in be-tgm-plugins.php. Translation function calls should not contain PHP variables.
    Line 180: 'installing'                       			=> __( 'Installing Plugin: %s', $theme_text_domain ), // %1$s = plugin name
    Possible variable $theme_text_domain found in translation function in be-tgm-plugins.php. Translation function calls should not contain PHP variables.
    Line 181: 'oops'                             			=> __( 'Something went wrong with the plugin API.', $theme_text_domain ),
    Possible variable $theme_text_domain found in translation function in be-tgm-plugins.php. Translation function calls should not contain PHP variables.
    Line 192: 'return'                           			=> __( 'Return to Required Plugins Installer', $theme_text_domain ),
    Possible variable $theme_text_domain found in translation function in be-tgm-plugins.php. Translation function calls should not contain PHP variables.
    Line 193: 'plugin_activated'                 			=> __( 'Plugin activated successfully.', $theme_text_domain ),
    Possible variable $theme_text_domain found in translation function in be-tgm-plugins.php. Translation function calls should not contain PHP variables.
    Line 194: 'complete' 									=> __( 'All plugins installed and activated successfully. %s', $theme_text_dom
  7. CSS files : Presence of text domainText Domain: is missing from your style.css header.
  8. Screenshot : Screenshot fileScreenshot size is 880x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. favicon presence : Favicon managementPossible Favicon found in header.php. Favicons are handled by the Site Icon setting in the customizer since version 4.3.
  2. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file core.php.
    Line 40: $links[] = '<a href='https://metabox.io/docs/'>' . __( 'Documentation', 'meta-box' ) . '</a>';
    Line 41: $links[] = '<a href='https://metabox.io/plugins/'>' . __( 'Extensions', 'meta-box' ) . '</a>';
    Possible hard-coded links were found in the file welcome.php.
    Line 480: <a href='http://docs.reduxframework.com/' class='docs button button-primary'>Docs</a
    Line 483: <a href='https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=MMFMHW
  3. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  4. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  5. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  6. Optional files : Presence of author template file author.phpThis theme does not contain optional file author.php.
  7. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  8. Use of includes : Use of include or requireThe theme appears to use include or require : be-woo-functions.php
    Line 233: require_once( get_template_directory() .'/woocommerce/class-wc-widget-cart.
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : be-themes-update-config.php
    Line 88: require_once( ABSPATH .'/wp-admin/includes/file.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : be-themes-options-config.php
    Line 88: require_once( ABSPATH .'/wp-admin/includes/file.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : Autolink.php
    Line 10: require_once 'Regex.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : widget-functions.php
    Line 100: require_once( get_template_directory() .'/functions/widgets/recent_post_wid
    Line 101: require_once( get_template_directory() .'/functions/widgets/brankic-photost
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : common-helpers.php
    Line 386: require_once( get_template_directory().'/functions/twitter/Autolink.php' );
    Line 423: require_once( get_template_directory().'/functions/twitter/class-wp-twitter
    Line 590: require_once( get_template_directory().'/functions/Pintrest/Pinterest.class
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : framework.php
    Line 410: //     require_once 'core/dashboard.php';
    Line 414: //         require_once 'core/newsflash.php';
    Line 1705: require_once 'core/enqueue.php';
    Line 2852: require_once 'core/enqueue.php';
    Line 2910: require_once 'core/panel.php';
    Line 3239: require_once 'core/panel.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : extension_customizer.php
    Line 749: require_once( $class_file );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : scss.inc.php
    Line 2818: 
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : welcome.php
    Line 376: require_once 'views/about.php';
    Line 391: require_once 'views/changelog.php';
    Line 406: require_once 'views/extensions.php';
    Line 422: require_once 'views/support.php';
    Line 437: require_once 'views/credits.php';
    Line 452: require_once 'views/status_report.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : field_button_set.php
    Line 46: *              ['format']      string Formatting options for paginate fields. Options include ('currency','nice','niceShort','timeAgoInWords' or a valid Date() f
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes