0
Validation results

SpaLab

SpaLab

WordPress 4.7.4 theme
0
Critical alerts
  1. Customizer : Sanitization of Customizer settings Found a Customizer setting that did not have a sanitization callback function in file theme_customizer.php. Every call to the add_setting() method needs to have a sanitization callback function passed.
  2. Title : Title The <title> tags can only contain a call to wp_title(). Use the wp_title filter to modify the output.The <title> tags can only contain a call to wp_title(). Use the wp_title filter to modify the output.The <title> tags can only contain a call to wp_title(). Use the wp_title filter to modify the output.
  3. Security breaches : Use of base64_decode() Found base64_decode in file OAuth.php.
    Line 200: $decoded_sig = base64_decode($signature);
    Found base64_decode in file register_admin.php.
    Line 160: $data = unserialize(base64_decode($data)); //100% safe - ignore theme check nag
  4. Security breaches : Use of base64_encode() Found base64_encode in file OAuth.php.
     return base64_encode(hash_hmac('sha1', $base_string, $key, true));
     return base64_encode($signature);
  5. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe src='http".dt_ssl()."://player.vimeo.com/video/{$url}' width='{$width}' height='{$height}' frameborder='0'> in file tpl-portfolio.php.
    Line 206: echo '<div class='dt-video-wrap'><iframe src='http'.dt_ssl().'://player.vimeo.com/video/{$url}' width='{$wid
  6. Malware : Operations on file system file_get_contents was found in the file OAuth.php
    Line 270: file_get_contents(self::$POST_INPUT)
  7. Malware : Network operations curl_init was found in the file reservation-util.php
    Line 533: $ch = curl_init();
    curl_exec was found in the file reservation-util.php
    Line 551: $httpResponse = curl_exec($ch);
    curl_init was found in the file mailchimp.php
    Line 7: $ch = curl_init($url);
    Line 66: $ch = curl_init($url);
    Line 105: $ch = curl_init($url);
    curl_exec was found in the file mailchimp.php
    Line 15: $result = curl_exec($ch);
    Line 75: $result = curl_exec($ch);
    Line 115: $result = curl_exec($ch);
    curl_init was found in the file mailchimp.php
    Line 7: $ch = curl_init($url);
    Line 66: $ch = curl_init($url);
    Line 105: $ch = curl_init($url);
    curl_exec was found in the file mailchimp.php
    Line 15: $result = curl_exec($ch);
    Line 75: $result = curl_exec($ch);
    Line 115: $result = curl_exec($ch);
    curl_init was found in the file mailchimp.php
    Line 7: $ch = curl_init($url);
    Line 66: $ch = curl_init($url);
    Line 105: $ch = curl_init($url);
    curl_exec was found in the file mailchimp.php
    Line 15: $result = curl_exec($ch);
    Line 75: $result = curl_exec($ch);
    Line 115: $result = curl_exec($ch);
    curl_init was found in the file twitteroauth.php
    Line 199: $ci = curl_init();
    curl_exec was found in the file twitteroauth.php
    Line 225: $response = curl_exec($ci);
  8. Inapropriate constants : Use of STYLESHEETPATH Constant STYLESHEETPATH was found in the file skins.php. get_stylesheet_directory() should be used instead.
    Line 32: if( TEMPLATEPATH != STYLESHEETPATH && is_dir(STYLESHEETPATH . $dt_file_path) ){
    Constant STYLESHEETPATH was found in the file settings.php. get_stylesheet_directory() should be used instead.
    Line 90: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) ){
    Line 91: require_once (STYLESHEETPATH .$dt_file_path);
    Line 98: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) ){
    Line 99: require_once (STYLESHEETPATH .$dt_file_path);
    Line 106: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) ){
    Line 107: require_once (STYLESHEETPATH .$dt_file_path);
    Line 114: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) ){
    Line 115: require_once (STYLESHEETPATH .$dt_file_path);
    Line 122: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) ){
    Line 123: require_once (STYLESHEETPATH .$dt_file_path);
    Line 130: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) ){
    Line 131: require_once (STYLESHEETPATH .$dt_file_path);
    Line 138: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) ){
    Line 139: require_once (STYLESHEETPATH .$dt_file_path);
    Line 146: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) ){
    Line 147: require_once (STYLESHEETPATH .$dt_file_path);
    Line 154: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) ){
    Line 155: require_once (STYLESHEETPATH .$dt_file_path);
    Line 162: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) ){
    Line 163: require_once (STYLESHEETPATH .$dt_file_path);
    Line 170: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) ){
    Line 171: require_once (STYLESHEETPATH .$dt_file_path);
    Line 178: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) ){
    Line 179: require_once (STYLESHEETPATH .$dt_file_path);
    Line 189: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) ){
    Line 190: require_once (STYLESHEETPATH .$dt_file_path);
    Line 199: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) ){
    Line 200: require_once (STYLESHEETPATH .$dt_file_path);
    Constant STYLESHEETPATH was found in the file header.php. get_stylesheet_directory() should be used instead.
    Line 91: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) ){
    Line 92: require_once (STYLESHEETPATH .$dt_file_path);
    Line 203: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) ){
    Line 204: require_once (STYLESHEETPATH .$dt_file_path);
    Line 225: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) ){
    Line 226: require_once (STYLESHEETPATH .$dt_file_path);
  9. Inapropriate constants : Use of TEMPLATEPATH Constant TEMPLATEPATH was found in the file skins.php. get_template_directory() should be used instead.
    Line 32: if( TEMPLATEPATH != STYLESHEETPATH && is_dir(STYLESHEETPATH . $dt_file_path) ){
    Constant TEMPLATEPATH was found in the file settings.php. get_template_directory() should be used instead.
    Line 90: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) )
    Line 94: require_once (TEMPLATEPATH .$dt_file_path);
    Line 98: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) )
    Line 102: require_once (TEMPLATEPATH .$dt_file_path);
    Line 106: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) )
    Line 110: require_once (TEMPLATEPATH .$dt_file_path);
    Line 114: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) )
    Line 118: require_once (TEMPLATEPATH .$dt_file_path);
    Line 122: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) )
    Line 126: require_once (TEMPLATEPATH .$dt_file_path);
    Line 130: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) )
    Line 134: require_once (TEMPLATEPATH .$dt_file_path);
    Line 138: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) )
    Line 142: require_once (TEMPLATEPATH .$dt_file_path);
    Line 146: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) )
    Line 150: require_once (TEMPLATEPATH .$dt_file_path);
    Line 154: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) )
    Line 158: require_once (TEMPLATEPATH .$dt_file_path);
    Line 162: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) )
    Line 166: require_once (TEMPLATEPATH .$dt_file_path);
    Line 170: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) )
    Line 174: require_once (TEMPLATEPATH .$dt_file_path);
    Line 178: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) )
    Line 182: require_once (TEMPLATEPATH .$dt_file_path);
    Line 189: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) )
    Line 193: require_once (TEMPLATEPATH .$dt_file_path);
    Line 199: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) )
    Line 203: require_once (TEMPLATEPATH .$dt_file_path);
    Constant TEMPLATEPATH was found in the file header.php. get_template_directory() should be used instead.
    Line 91: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) )
    Line 95: require_once (TEMPLATEPATH .$dt_file_path);
    Line 203: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) )
    Line 207: require_once (TEMPLATEPATH .$dt_file_path);
    Line 225: if( TEMPLATEPATH != STYLESHEETPATH && is_file(STYLESHEETPATH . $dt_file_path) )
    Line 229: require_once (TEMPLATEPATH .$dt_file_path);
  10. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was designthemes-core-features.zip.
Warning
  1. Plugin territory : Plugin territory functionalitiesThe theme uses the add_shortcode() function. Custom post-content shortcodes are plugin-territory functionality.
  2. Screenshot : Screenshot fileScreenshot size is 600x450px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. theme tags : Presence of bad theme tagsThemes that use the tag accessibility-ready will need to undergo an accessibility review.
    See https://make.wordpress.org/themes/handbook/review/accessibility/
  2. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file admin_utils.php.
    Line 50: 'copyright-text' => 'Copyright &copy; 2014 Spa Lab Theme All Rights Reserved | <a href='http://themeforest.net/user/designthemes' title=''> Design Themes </a>');
    Possible hard-coded links were found in the file general.php.
    Line 28: ''=> 	__('Display Site Title <small><a href='options-general.php'>(click here to edit site title)</a></small>','dt_theme
  3. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  4. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  5. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  6. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  7. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  8. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  9. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  10. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  11. Use of includes : Use of include or requireThe theme appears to use include or require : settings.php
    Line 91: require_once (STYLESHEETPATH .$dt_file_path);
    Line 94: require_once (TEMPLATEPATH .$dt_file_path);
    Line 99: require_once (STYLESHEETPATH .$dt_file_path);
    Line 102: require_once (TEMPLATEPATH .$dt_file_path);
    Line 107: require_once (STYLESHEETPATH .$dt_file_path);
    Line 110: require_once (TEMPLATEPATH .$dt_file_path);
    Line 115: require_once (STYLESHEETPATH .$dt_file_path);
    Line 118: require_once (TEMPLATEPATH .$dt_file_path);
    Line 123: require_once (STYLESHEETPATH .$dt_file_path);
    Line 126: require_once (TEMPLATEPATH .$dt_file_path);
    Line 131: require_once (STYLESHEETPATH .$dt_file_path);
    Line 134: require_once (TEMPLATEPATH .$dt_file_path);
    Line 139: require_once (STYLESHEETPATH .$dt_file_path);
    Line 142: require_once (TEMPLATEPATH .$dt_file_path);
    Line 147: require_once (STYLESHEETPATH .$dt_file_path);
    Line 150: require_once (TEMPLATEPATH .$dt_file_path);
    Line 155: require_once (STYLESHEETPATH .$dt_file_path);
    Line 158: require_once (TEMPLATEPATH .$dt_file_path);
    Line 163: require_once (STYLESHEETPATH .$dt_file_path);
    Line 166: require_once (TEMPLATEPATH .$dt_file_path);
    Line 171: require_once (STYLESHEETPATH .$dt_file_path);
    Line 174: require_once (TEMPLATEPATH .$dt_file_path);
    Line 179: require_once (STYLESHEETPATH .$dt_file_path);
    Line 182: require_once (TEMPLATEPATH .$dt_file_path);
    Line 190: require_once (STYLESHEETPATH .$dt_file_path);
    Line 193: require_once (TEMPLATEPATH .$dt_file_path);
    Line 200: require_once (STYLESHEETPATH .$dt_file_path);
    Line 203: require_once (TEMPLATEPATH .$dt_file_path);
    Line 208: require_once(TEMPLATEPATH.'/framework/theme_options/import.php');
    Line 212: require_once(TEMPLATEPATH.'/framework/theme_options/backup.php'); ?>
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : menu.php
    Line 16: require_once(TEMPLATEPATH.'/framework/theme_options/settings.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : include.php
    Line 36: require_once(TEMPLATEPATH.'/framework/woocommerce/index.php');
    Line 37: require_once(TEMPLATEPATH.'/framework/woocommerce/giftcard_init.php');	
    Line 41: require_once( get_template_directory().'/framework/theme_customizer.php'); 
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : twitter.php
    Line 114: require_once 'twitteroauth/twitteroauth.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : twitteroauth.php
    Line 10: require_once('OAuth.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : header.php
    Line 92: require_once (STYLESHEETPATH .$dt_file_path);
    Line 95: require_once (TEMPLATEPATH .$dt_file_path);
    Line 204: require_once (STYLESHEETPATH .$dt_file_path);
    Line 207: require_once (TEMPLATEPATH .$dt_file_path);
    Line 226: require_once (STYLESHEETPATH .$dt_file_path);
    Line 229: require_once (TEMPLATEPATH .$dt_file_path);
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : PIE.php
    Line 17: include( 'PIE.htc' );?>
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes
Error 8 : Undefined index: slug
In /home/www/themecheck/themecheck/controllers/controller_results.php line 511
Error 8 : Undefined index: slug
In /home/www/themecheck/themecheck/controllers/controller_results.php line 511
Error 8 : Undefined index: slug
In /home/www/themecheck/themecheck/controllers/controller_results.php line 511