0
Validation results

Uncode

Uncode

WordPress 4.9.8 theme
0
Critical alerts
  1. Title : Title The <title> tags can only contain a call to wp_title(). Use the wp_title filter to modify the output.
  2. Security breaches : Use of base64_decode() Found base64_decode in file vc_gallery.php.
    Line 185: $items = json_decode( base64_decode( strip_tags( $items ) ), true);
    Found base64_decode in file uncode_index.php.
    Line 339: $items = json_decode( base64_decode( strip_tags( $items ) ), true);
    Line 340: $matrix_items = json_decode( base64_decode( strip_tags( $matrix_items ) ), true);
    Found base64_decode in file radium-importer.php.
    Line 891: $options = unserialize( base64_decode( $data ) );
  3. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe width="100%" scrolling="no" frameborder="no" src="' . $iframe_url . '&color='.$accent_color.'&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false"> in file elements.php.
    Line 165: $content_html = '<iframe width='100%' scrolling='no' frameborder='no' src='' . $iframe_url .
    Found <iframe width="100%" scrolling="no" frameborder="no" src="' . $iframe_url . '&color='.$accent_color.'&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false"> in file helpers.php.
    Line 632: $media_oembed = '<iframe width='100%' scrolling='no' frameborder='no' src='' . $iframe_url .
  4. Malware : Operations on file system fopen was found in the file parsers.php
    Line 419: $fp = $this->fopen( $file, 'r' );
    Line 637: function fopen( $filename, $mode = 'r' ) {
    Line 640: return fopen( $filename, $mode );
    fclose was found in the file parsers.php
    Line 468: $this->fclose($fp);
    Line 655: function fclose( $fp ) {
    Line 658: return fclose( $fp );
    fopen was found in the file parsers.php
    Line 419: $fp = $this->fopen( $file, 'r' );
    Line 637: function fopen( $filename, $mode = 'r' ) {
    Line 640: return fopen( $filename, $mode );
    fopen was found in the file parsers.php
    Line 419: $fp = $this->fopen( $file, 'r' );
    Line 637: function fopen( $filename, $mode = 'r' ) {
    Line 640: return fopen( $filename, $mode );
    fclose was found in the file parsers.php
    Line 468: $this->fclose($fp);
    Line 655: function fclose( $fp ) {
    Line 658: return fclose( $fp );
    fclose was found in the file parsers.php
    Line 468: $this->fclose($fp);
    Line 655: function fclose( $fp ) {
    Line 658: return fclose( $fp );
  5. Admin menu : Themes should use add_theme_page() for adding admin pages. File radium-importer.php :
    Line 95: add_submenu_page('uncode-system-status', esc_html__('Import Demo','uncode')
    File class-tgm-plugin-activation.php :
    Line 729: $this->page_hook = add_submenu_page( $args['parent_slug'], $args['page_title'], $args['menu_ti
    File init.php :
    Line 239: remove_action('admin_notices', array('RevSliderAdmin', 'add_plugins_page_notices'));
    File support.php :
    Line 30: add_submenu_page( 'uncode-system-status', esc_html__( 'Support', 'uncode' )
    File admin.php :
    Line 18: add_menu_page( 'UNCODE', UNCODE_NAME, 'administrator', 'uncode-system-statu
    File admin.php :
    Line 19: add_submenu_page( 'uncode-system-status', 'UNCODE', esc_html__('System Stat
    Line 1153: add_submenu_page( 'tools.php', 'Export', 'Export', 'manage_options', 'uncod
    Line 1840: add_submenu_page( 'uncode-system-status', 'UNCODE', esc_html__( 'Related Po
    File admin.php :
    Line 19: add_submenu_page( 'uncode-system-status', 'UNCODE', esc_html__('System Stat
    Line 1153: add_submenu_page( 'tools.php', 'Export', 'Export', 'manage_options', 'uncod
    Line 1840: add_submenu_page( 'uncode-system-status', 'UNCODE', esc_html__( 'Related Po
    File admin.php :
    Line 19: add_submenu_page( 'uncode-system-status', 'UNCODE', esc_html__('System Stat
    Line 1153: add_submenu_page( 'tools.php', 'Export', 'Export', 'manage_options', 'uncod
    Line 1840: add_submenu_page( 'uncode-system-status', 'UNCODE', esc_html__( 'Related Po
    File media-enhanced.php :
    Line 4: add_submenu_page( 'upload.php', esc_html__('Add oEmbed, external IMG, SVG c
    File font-system.php :
    Line 51: $this->fonts_page_name = add_submenu_page('uncode-system-status', 'Font Stacks', 'Font Stacks', 'edi
    File ot-cleanup-api.php :
    Line 82: $theme_check_bs = 'add_menu_page';
    File ot-settings-api.php :
    Line 99: $theme_check_bs   = 'add_menu_page';
    File ot-settings-api.php :
    Line 100: $theme_check_bs2  = 'add_submenu_page';
  6. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was layersliderwp.zip revslider.zip uncode-daves-wordpress-live-search.zip vcparticlesbackground.zip uncode-core.zip uncode-js_composer.zip vc_clipboard.zip uncode-privacy.zip.
Warning
  1. theme tags : Presence of bad theme tagsFound wrong tag in style.css header.
  2. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function __, with the arguments in file footer.php.Found a translation function that is missing a text-domain. Function __, with the arguments in file headers.php.Found a translation function that is missing a text-domain. Function __, with the arguments in file headers.php.Found a translation function that is missing a text-domain. Function __, with the arguments in file elements.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'To use Uncode and register your product, please make sure you are running at least PHP 5.6 or greater. WordPress officially recommends PHP 7.2 or greater. Please ask your host to update your PHP version. %s' in file welcome.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are uncode, woocommerce, wordpress-importer, tgmpa, option-tree, related-posts-for-wp.
  3. Custom elements : Presence of custom headerNo reference to custom header was found in the theme.
  4. Editor style : Presence of editor styleNo reference to add_editor_style() was found in the theme. It is recommended that the theme implements editor styling, so as to make the editor content match the resulting post output in the theme, for a better user experience.
  5. I18N implementation : Proper use of ___all(Possible variable $footer_content found in translation function in footer.php. Translation function calls should not contain PHP variables.
    Line 148: if (function_exists('qtranxf_getLanguage')) $footer_content = __($footer_content);
    Possible variable $this found in translation function in headers.php. Translation function calls should not contain PHP variables.
    Line 272: if (function_exists('qtranxf_getLanguage')) $this->html = __($this->html);
    Line 287: if (function_exists('qtranxf_getLanguage')) $this->html = __($this->html);
    Possible variable $this found in translation function in headers.php. Translation function calls should not contain PHP variables.
    Line 272: if (function_exists('qtranxf_getLanguage')) $this->html = __($this->html);
    Line 287: if (function_exists('qtranxf_getLanguage')) $this->html = __($this->html);
    Possible variable $block_text found in translation function in elements.php. Translation function calls should not contain PHP variables.
    Line 1068: if (function_exists('qtranxf_getLanguage')) $block_text = __($block_text);
  6. Screenshot : Screenshot fileBad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file media-enhanced.php.
    Line 297: <h2><?php esc_html_e('Add oEmbed, external IMG, SVG code, HTML or Shortcode','uncode'); ?> <a href='upload.php?page=add-other' class='add-new-h2'><?php esc_html_e('Add New','u
    Line 375: <input name='save' type='submit' class='button button-primary button-large' id='publish' data-url='<?php echo get_site_url().'/wp-admin/upload.php?page=add-other'; ?>' value='<?php esc_html_e('Save','uncode'); ?
    Line 379: <input name='save' type='submit' class='button button-primary button-large' id='publish' data-url='<?php echo get_site_url().'/wp-admin/upload.php?page=add-other&postid='.$_REQUEST['postid'].'&updated=1'; ?>' va
  2. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  3. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  4. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  5. Optional files : Presence of category template file category.phpThis theme does not contain optional file category.php.
  6. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  7. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  8. Optional files : Presence of author template file author.phpThis theme does not contain optional file author.php.
  9. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  10. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  11. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  12. Use of includes : Use of include or requireThe theme appears to use include or require : init.php
    Line 14: require_once( dirname( __FILE__ ) . '/importer/radium-importer.php' ); //lo
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : parsers.php
    Line 62: require_once (ABSPATH . '/wp-admin/includes/file.php');
    Line 268: require_once (ABSPATH . '/wp-admin/includes/file.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : radium-importer.php
    Line 149: require_once (ABSPATH . '/wp-admin/includes/file.php');
    Line 778: require_once($class_wp_importer);
    Line 793: require_once($class_wp_import);
    Line 807: require_once (ABSPATH . '/wp-admin/includes/file.php');
    Line 872: require_once (ABSPATH . '/wp-admin/includes/file.php');
    Line 978: require_once (ABSPATH . '/wp-admin/includes/file.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : wordpress-importer.php
    Line 168: require_once (ABSPATH . '/wp-admin/includes/file.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : loader.php
    Line 15: require_once 'class-api-license.php';
    Line 16: require_once 'class-envato-api.php';
    Line 17: require_once 'class-theme-registration.php';
    Line 18: require_once 'class-theme-updater.php';
    Line 19: require_once 'api-functions.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : customizer-woocommerce.php
    Line 237: include_once( get_template_directory() . '/woocommerce/widgets/widget-price
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : welcome.php
    Line 229: require_once (ABSPATH . '/wp-admin/includes/file.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : admin.php
    Line 7: require_once 'admin-pages/uncode-panel-functions.php';
    Line 9: require_once 'admin-pages/support.php';
    Line 13: require_once 'admin-pages/welcome.php';
    Line 762: require_once ('edit_custom_walker.php');
    Line 1017: require_once (ABSPATH . '/wp-admin/includes/file.php');
    Line 1174: require_once( UNCODE_EXPORT_TEMPLATE );
    Line 1176: require_once( 'export/uncode_export_template.php' );
    Line 1280: require_once(ABSPATH . 'wp-admin/includes/file.php');
    Line 1345: require_once( ABSPATH . 'wp-admin/includes/image.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : Data.php
    Line 67: require_once (ABSPATH . '/wp-admin/includes/file.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : font-system.php
    Line 672: require_once (ABSPATH . '/wp-admin/includes/file.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : ot-loader.php
    Line 544: include_once( $file );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.

This is a ThemeForest theme. Since Themeforest items are all checked by a human before they appear on their website, ThemeForest verification rules are more permissive than themecheck's and can give a better verification score ( Themeforest requirements ).

57
Critical alerts
  1. Title : Title The <title> tags can only contain a call to wp_title(). Use the wp_title filter to modify the output.
  2. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was layersliderwp.zip revslider.zip uncode-daves-wordpress-live-search.zip vcparticlesbackground.zip uncode-core.zip uncode-js_composer.zip vc_clipboard.zip uncode-privacy.zip.
Warning
  1. theme tags : Presence of bad theme tagsFound wrong tag in style.css header.
  2. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function __, with the arguments in file footer.php.Found a translation function that is missing a text-domain. Function __, with the arguments in file headers.php.Found a translation function that is missing a text-domain. Function __, with the arguments in file headers.php.Found a translation function that is missing a text-domain. Function __, with the arguments in file elements.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'To use Uncode and register your product, please make sure you are running at least PHP 5.6 or greater. WordPress officially recommends PHP 7.2 or greater. Please ask your host to update your PHP version. %s' in file welcome.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are uncode, woocommerce, wordpress-importer, tgmpa, option-tree, related-posts-for-wp.
  3. Screenshot : Screenshot fileBad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file media-enhanced.php.
    Line 297: <h2><?php esc_html_e('Add oEmbed, external IMG, SVG code, HTML or Shortcode','uncode'); ?> <a href='upload.php?page=add-other' class='add-new-h2'><?php esc_html_e('Add New','u
    Line 375: <input name='save' type='submit' class='button button-primary button-large' id='publish' data-url='<?php echo get_site_url().'/wp-admin/upload.php?page=add-other'; ?>' value='<?php esc_html_e('Save','uncode'); ?
    Line 379: <input name='save' type='submit' class='button button-primary button-large' id='publish' data-url='<?php echo get_site_url().'/wp-admin/upload.php?page=add-other&postid='.$_REQUEST['postid'].'&updated=1'; ?>' va
  2. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  3. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  4. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  5. Optional files : Presence of category template file category.phpThis theme does not contain optional file category.php.
  6. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  7. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  8. Optional files : Presence of author template file author.phpThis theme does not contain optional file author.php.
  9. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  10. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  11. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  12. Use of includes : Use of include or requireThe theme appears to use include or require : init.php
    Line 14: require_once( dirname( __FILE__ ) . '/importer/radium-importer.php' ); //lo
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : parsers.php
    Line 62: require_once (ABSPATH . '/wp-admin/includes/file.php');
    Line 268: require_once (ABSPATH . '/wp-admin/includes/file.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : radium-importer.php
    Line 149: require_once (ABSPATH . '/wp-admin/includes/file.php');
    Line 778: require_once($class_wp_importer);
    Line 793: require_once($class_wp_import);
    Line 807: require_once (ABSPATH . '/wp-admin/includes/file.php');
    Line 872: require_once (ABSPATH . '/wp-admin/includes/file.php');
    Line 978: require_once (ABSPATH . '/wp-admin/includes/file.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : wordpress-importer.php
    Line 168: require_once (ABSPATH . '/wp-admin/includes/file.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : loader.php
    Line 15: require_once 'class-api-license.php';
    Line 16: require_once 'class-envato-api.php';
    Line 17: require_once 'class-theme-registration.php';
    Line 18: require_once 'class-theme-updater.php';
    Line 19: require_once 'api-functions.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : customizer-woocommerce.php
    Line 237: include_once( get_template_directory() . '/woocommerce/widgets/widget-price
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : welcome.php
    Line 229: require_once (ABSPATH . '/wp-admin/includes/file.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : admin.php
    Line 7: require_once 'admin-pages/uncode-panel-functions.php';
    Line 9: require_once 'admin-pages/support.php';
    Line 13: require_once 'admin-pages/welcome.php';
    Line 762: require_once ('edit_custom_walker.php');
    Line 1017: require_once (ABSPATH . '/wp-admin/includes/file.php');
    Line 1174: require_once( UNCODE_EXPORT_TEMPLATE );
    Line 1176: require_once( 'export/uncode_export_template.php' );
    Line 1280: require_once(ABSPATH . 'wp-admin/includes/file.php');
    Line 1345: require_once( ABSPATH . 'wp-admin/includes/image.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : Data.php
    Line 67: require_once (ABSPATH . '/wp-admin/includes/file.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : font-system.php
    Line 672: require_once (ABSPATH . '/wp-admin/includes/file.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : ot-loader.php
    Line 544: include_once( $file );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes