WordPress.org

Make WordPress Themes

Opened 3 years ago

Closed 3 years ago

#2612 closed theme (not-approved)

THEME: raindrops - 0.283

Reported by: nobita Owned by: emiluzelac
Priority: Keywords: theme-raindrops,
Cc: a.tenman@…

Description

raindrops - 0.283

This theme file has the automatic arrangement of color function in specifying the layout customizing function and the reference color by Yahoo User Interface. The color can specify the tradition color and the American tradition color of Japan by the name.

Theme URL - http://www.tenman.info/wp3/raindrops/
Author URL - http://www.tenman.info/

SVN - http://themes.svn.wordpress.org/raindrops/0.283
ZIP - http://wordpress.org/extend/themes/download/raindrops.0.283.zip?nostats=1

Diff with previous version: http://themes.trac.wordpress.org/changeset?old_path=/raindrops/0.280&new_path=/raindrops/0.283

All previous tickets for this theme: http://themes.trac.wordpress.org/query?col=id&col=summary&col=keywords&col=owner&col=status&col=resolution&keywords=~theme-raindrops&order=priority

https://themes.svn.wordpress.org/raindrops/0.283/screenshot.png

Change History (3)

comment:1 chipbennett3 years ago

  • Owner set to emiluzelac
  • Status changed from new to assigned

comment:2 emiluzelac3 years ago

Theme-Check

An automated theme-check does not load due to this warning: (only partial code show, as the error is over page long)

WARNING: Found add_theme_page(TMN_TABLE_TITLE, 'RAINDROPS Options', 'edit_theme_options', FILE, array($this, 'SubMenu_GUI')); } } function form_user_input(){ global $raindrops_base_setting; global $wpdb; $option_value = "-"; $deliv = htmlspecialchars(

The theme is using "PHP Extension and Application Repository" in /lib/ folder to manipulate with the CSS styles improperly embed in functions.php file. That is also in conflict with theme-check plugin.

For instance if you have #site-description { in CSS style this will be your div ID, however if you are using #site-description { in PHP file, the "#" will automaticaly understand that as comments.

See PHP: Comments

In raindrops/lib/individual-css.php you have a code that requires /wp-config.php file

<?php

    $config_dir = dirname(dirname(dirname(dirname(dirname(__FILE__)))));

    if(file_exists($config_dir.'/wp-config.php')){
        require_once($config_dir.'/wp-config.php');
    }else{
        require_once(dirname($config_dir).'/wp-config.php') or die("error");
    }


    $table = $table_prefix.'options';

    $link = mysql_connect(DB_HOST,DB_USER,DB_PASSWORD);
    $sdb = mysql_select_db(DB_NAME,$link);
    $sql = 'SELECT * FROM `'.$table.'` WHERE `option_name` LIKE \'_raindrops_indv_css\'';
    $result = mysql_query($sql, $link);
    $rows = mysql_fetch_row($result);

header('Content-type: text/css');
    echo $rows[3];
?>

Theme must not have any access to wp-config.php at any time, especially with clear username and password as set above. This is could be a security issue.

Markup Validation

Validation Output: 1 Error
Line 3, Column 17: syntax of attribute value does not conform to declared value

<html xml:lang="" xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

The value of an attribute contained something that is not allowed by the specified syntax for that type of attribute. For instance, the “selected” attribute must be either minimized as “selected” or spelled out in full as “selected="selected"”; the variant “selected=""” is not allowed.

References:

comment:3 Frumph3 years ago

  • Resolution set to not-approved
  • Status changed from assigned to closed
Note: See TracTickets for help on using tickets.