0
Validation results

The Keynote

The Keynote

WordPress 4.9.8 theme
0
Critical alerts
  1. Customizer : Sanitization of Customizer settings Found a Customizer setting that did not have a sanitization callback function in file gdlr-customizer.php. Every call to the add_setting() method needs to have a sanitization callback function passed.
  2. Security breaches : Use of base64_decode() Found base64_decode in file twitteroauth.php.
    Line 208: $decoded_sig = base64_decode($signature);
  3. Security breaches : Use of base64_encode() Found base64_encode in file twitteroauth.php.
     return base64_encode(hash_hmac('sha1', $base_string, $key, true));
     return base64_encode($signature);
  4. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe src="https://www.youtube' . ($theme_option['disable-cookie-youtube'] == 'enable'? '-nocookie': '') . '.com/embed/' . $id[1] . '?wmode=transparent' . $id[2] . '" width="' . $width . '" height="' . $height . '" > in file gdlr-media.php.
    Line 66: return '<iframe src='https://www.youtube' . ($theme_option['disable-cookie-youtube'
  5. Malware : Operations on file system file_get_contents was found in the file gdlr-font-loader.php
    Line 68: $google_fonts = json_decode(file_get_contents($google_font_file), true);
    file_get_contents was found in the file gdlr-function-regist.php
    Line 81: $default_admin_option = unserialize(file_get_contents($default_file));
    fopen was found in the file gdlr-function-regist.php
    Line 104: //$file_stream = @fopen($file_url, 'w');
    fwrite was found in the file gdlr-function-regist.php
    Line 105: //fwrite($file_stream, serialize($theme_option));
    fclose was found in the file gdlr-function-regist.php
    Line 106: //fclose($file_stream);
    fopen was found in the file gdlr-admin-option.php
    Line 22: $file_stream = @fopen($file_url, 'w');
    fwrite was found in the file gdlr-admin-option.php
    Line 57: fwrite( $file_stream, str_replace('#gdlr#', $value, $option['selector']) . 
    Line 93: fwrite($file_stream, $style);
    Line 98: fwrite($file_stream, $end_of_file);
    Line 102: fwrite($file_stream, str_replace('\r\n', '\n', $theme_option['additional-st
    fwrite was found in the file gdlr-admin-option.php
    Line 57: fwrite( $file_stream, str_replace('#gdlr#', $value, $option['selector']) . 
    Line 93: fwrite($file_stream, $style);
    Line 98: fwrite($file_stream, $end_of_file);
    Line 102: fwrite($file_stream, str_replace('\r\n', '\n', $theme_option['additional-st
    fwrite was found in the file gdlr-admin-option.php
    Line 57: fwrite( $file_stream, str_replace('#gdlr#', $value, $option['selector']) . 
    Line 93: fwrite($file_stream, $style);
    Line 98: fwrite($file_stream, $end_of_file);
    Line 102: fwrite($file_stream, str_replace('\r\n', '\n', $theme_option['additional-st
    fwrite was found in the file gdlr-admin-option.php
    Line 57: fwrite( $file_stream, str_replace('#gdlr#', $value, $option['selector']) . 
    Line 93: fwrite($file_stream, $style);
    Line 98: fwrite($file_stream, $end_of_file);
    Line 102: fwrite($file_stream, str_replace('\r\n', '\n', $theme_option['additional-st
    fclose was found in the file gdlr-admin-option.php
    Line 106: fclose($file_stream);
    file_get_contents was found in the file goodlayers-importer.php
    Line 37: $widget_data = unserialize(file_get_contents($widget_file));
    fopen was found in the file goodlayers-importer.php
    Line 68: //$file_stream = @fopen($widget_file, 'w');
    fwrite was found in the file goodlayers-importer.php
    Line 69: //fwrite($file_stream, serialize($widget_data));
    fclose was found in the file goodlayers-importer.php
    Line 70: //fclose($file_stream);	
    file_get_contents was found in the file gdlr-paypal.php
    Line 169: $raw_post_data = file_get_contents('php://input');
    file_get_contents was found in the file twitteroauth.php
    Line 278: file_get_contents(self::$POST_INPUT)
  6. Malware : Network operations curl_init was found in the file gdlr-paypal.php
    Line 193: $ch = curl_init($paypal_action);
    curl_exec was found in the file gdlr-paypal.php
    Line 203: if( !($res = curl_exec($ch)) ) {
    curl_init was found in the file twitteroauth.php
    Line 1069: $ci = curl_init();
    curl_exec was found in the file twitteroauth.php
    Line 1095: $response = curl_exec($ci);
  7. Admin menu : Themes should use add_theme_page() for adding admin pages. File gdlr-admin-panel.php :
    Line 47: $page = add_menu_page($this->setting['page_title'], $this->setting['menu_title'], 
    File class-tgm-plugin-activation.php :
    Line 412: $this->page_hook = call_user_func( 'add_submenu_page', $args['parent_slug'], $args['page_title'], $args['menu_t
  8. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was gdlr-conference.zip gdlr-portfolio.zip masterslider.zip goodlayers-importer.zip gdlr-shortcode.zip.
Warning
  1. theme tags : Presence of bad theme tagsThe tag white has been deprecated, it must be removed from style.css header.The tag light has been deprecated, it must be removed from style.css header.The tag yellow has been deprecated, it must be removed from style.css header.The tag fluid-layout has been deprecated, it must be removed from style.css header.
  2. Text domain : Incorrect use of translation functions.Wrong installation directory for the theme name. The directory name must match the slug of the theme. This theme's correct slug and text-domain is the-keynote.
  3. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'This theme requires the following plugin: %1$s.', 'This theme requires the following plugins: %1$s.' in file gdlr-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'This theme recommends the following plugin: %1$s.', 'This theme recommends the following plugins: %1$s.' in file gdlr-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to install the %s plugin. Contact the administrator of this site for help on getting the plugin installed.', 'Sorry, but you do not have the correct permissions to install the %s plugins. Contact the administrator of this site for help on getting the plugins installed.' in file gdlr-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following required plugin is currently inactive: %1$s.', 'The following required plugins are currently inactive: %1$s.' in file gdlr-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following recommended plugin is currently inactive: %1$s.', 'The following recommended plugins are currently inactive: %1$s.' in file gdlr-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to activate the %s plugin. Contact the administrator of this site for help on getting the plugin activated.', 'Sorry, but you do not have the correct permissions to activate the %s plugins. Contact the administrator of this site for help on getting the plugins activated.' in file gdlr-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following plugin needs to be updated to its latest version to ensure maximum compatibility with this theme: %1$s.', 'The following plugins need to be updated to their latest version to ensure maximum compatibility with this theme: %1$s.' in file gdlr-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to update the %s plugin. Contact the administrator of this site for help on getting the plugin updated.', 'Sorry, but you do not have the correct permissions to update the %s plugins. Contact the administrator of this site for help on getting the plugins updated.' in file gdlr-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Begin installing plugin', 'Begin installing plugins' in file gdlr-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Activate installed plugin', 'Activate installed plugins' in file gdlr-plugin-activation.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are gdlr_translate, thekeynote, tgmpa, gdlr-conference.
  4. Plugin territory : Plugin territory functionalitiesThe theme uses the register_taxonomy() function, which is plugin-territory functionality.The theme uses the add_shortcode() function. Custom post-content shortcodes are plugin-territory functionality.
  5. Custom elements : Presence of custom headerNo reference to custom header was found in the theme.
  6. Custom elements : Presence of custom backgroundNo reference to custom background was found in the theme.
  7. Featured image : Use of the_post_thumbnail() instead of custom fields for thumbnailsNo reference to the_post_thumbnail was found in the theme.
  8. Screenshot : Screenshot fileScreenshot size is 880x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file twitteroauth.php.
    Line 1134: echo '<strong>'.$tweets->errors[0]->message.'!</strong><br />You\'ll need to regenerate it <a href='https://dev.twitter.com/apps' target='_blank'>here</a>!' . $after_widget;
  2. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  3. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  4. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  5. Optional files : Presence of category template file category.phpThis theme does not contain optional file category.php.
  6. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  7. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  8. Optional files : Presence of author template file author.phpThis theme does not contain optional file author.php.
  9. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  10. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  11. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  12. Use of includes : Use of include or requireThe theme appears to use include or require : gdlr-framework.php
    Line 10: include_once('function/gdlr-sidebar-generator.php');
    Line 13: include_once('function/gdlr-admin-panel.php');	
    Line 14: include_once('function/gdlr-admin-panel-html.php');	
    Line 17: include_once('function/gdlr-customizer.php');	
    Line 20: include_once('function/gdlr-page-builder.php');	
    Line 21: include_once('function/gdlr-page-builder-html.php');	
    Line 24: include_once('function/gdlr-page-options.php');	
    Line 27: include_once('function/gdlr-tax-meta.php');		
    Line 30: include_once('function/gdlr-include-script.php');	
    Line 33: include_once('function/gdlr-font-loader.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : gdlr-plugin-activation.php
    Line 2: require_once(GDLR_LOCAL_PATH . '/include/plugin/class-tgm-plugin-activation
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : gdlr-paypal.php
    Line 22: 
    Line 25: 
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.

This is a ThemeForest theme. Since Themeforest items are all checked by a human before they appear on their website, ThemeForest verification rules are more permissive than themecheck's and can give a better verification score ( Themeforest requirements ).

34
Critical alerts
  1. Customizer : Sanitization of Customizer settings Found a Customizer setting that did not have a sanitization callback function in file gdlr-customizer.php. Every call to the add_setting() method needs to have a sanitization callback function passed.
  2. Malware : Network operations curl_init was found in the file gdlr-paypal.php
    Line 193: $ch = curl_init($paypal_action);
    curl_exec was found in the file gdlr-paypal.php
    Line 203: if( !($res = curl_exec($ch)) ) {
    curl_init was found in the file twitteroauth.php
    Line 1069: $ci = curl_init();
    curl_exec was found in the file twitteroauth.php
    Line 1095: $response = curl_exec($ci);
  3. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was gdlr-conference.zip gdlr-portfolio.zip masterslider.zip goodlayers-importer.zip gdlr-shortcode.zip.
Warning
  1. theme tags : Presence of bad theme tagsThe tag white has been deprecated, it must be removed from style.css header.The tag light has been deprecated, it must be removed from style.css header.The tag yellow has been deprecated, it must be removed from style.css header.The tag fluid-layout has been deprecated, it must be removed from style.css header.
  2. Text domain : Incorrect use of translation functions.Wrong installation directory for the theme name. The directory name must match the slug of the theme. This theme's correct slug and text-domain is the-keynote.
  3. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'This theme requires the following plugin: %1$s.', 'This theme requires the following plugins: %1$s.' in file gdlr-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'This theme recommends the following plugin: %1$s.', 'This theme recommends the following plugins: %1$s.' in file gdlr-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to install the %s plugin. Contact the administrator of this site for help on getting the plugin installed.', 'Sorry, but you do not have the correct permissions to install the %s plugins. Contact the administrator of this site for help on getting the plugins installed.' in file gdlr-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following required plugin is currently inactive: %1$s.', 'The following required plugins are currently inactive: %1$s.' in file gdlr-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following recommended plugin is currently inactive: %1$s.', 'The following recommended plugins are currently inactive: %1$s.' in file gdlr-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to activate the %s plugin. Contact the administrator of this site for help on getting the plugin activated.', 'Sorry, but you do not have the correct permissions to activate the %s plugins. Contact the administrator of this site for help on getting the plugins activated.' in file gdlr-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following plugin needs to be updated to its latest version to ensure maximum compatibility with this theme: %1$s.', 'The following plugins need to be updated to their latest version to ensure maximum compatibility with this theme: %1$s.' in file gdlr-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to update the %s plugin. Contact the administrator of this site for help on getting the plugin updated.', 'Sorry, but you do not have the correct permissions to update the %s plugins. Contact the administrator of this site for help on getting the plugins updated.' in file gdlr-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Begin installing plugin', 'Begin installing plugins' in file gdlr-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Activate installed plugin', 'Activate installed plugins' in file gdlr-plugin-activation.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are gdlr_translate, thekeynote, tgmpa, gdlr-conference.
  4. Plugin territory : Plugin territory functionalitiesThe theme uses the register_taxonomy() function, which is plugin-territory functionality.The theme uses the add_shortcode() function. Custom post-content shortcodes are plugin-territory functionality.
  5. Featured image : Use of the_post_thumbnail() instead of custom fields for thumbnailsNo reference to the_post_thumbnail was found in the theme.
  6. Screenshot : Screenshot fileScreenshot size is 880x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file twitteroauth.php.
    Line 1134: echo '<strong>'.$tweets->errors[0]->message.'!</strong><br />You\'ll need to regenerate it <a href='https://dev.twitter.com/apps' target='_blank'>here</a>!' . $after_widget;
  2. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  3. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  4. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  5. Optional files : Presence of category template file category.phpThis theme does not contain optional file category.php.
  6. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  7. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  8. Optional files : Presence of author template file author.phpThis theme does not contain optional file author.php.
  9. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  10. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  11. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  12. Use of includes : Use of include or requireThe theme appears to use include or require : gdlr-framework.php
    Line 10: include_once('function/gdlr-sidebar-generator.php');
    Line 13: include_once('function/gdlr-admin-panel.php');	
    Line 14: include_once('function/gdlr-admin-panel-html.php');	
    Line 17: include_once('function/gdlr-customizer.php');	
    Line 20: include_once('function/gdlr-page-builder.php');	
    Line 21: include_once('function/gdlr-page-builder-html.php');	
    Line 24: include_once('function/gdlr-page-options.php');	
    Line 27: include_once('function/gdlr-tax-meta.php');		
    Line 30: include_once('function/gdlr-include-script.php');	
    Line 33: include_once('function/gdlr-font-loader.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : gdlr-plugin-activation.php
    Line 2: require_once(GDLR_LOCAL_PATH . '/include/plugin/class-tgm-plugin-activation
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : gdlr-paypal.php
    Line 22: 
    Line 25: 
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes