WordPress.org

Make WordPress Themes

Opened 3 years ago

Closed 3 years ago

#5491 closed theme (live)

THEME: Atahualpa - 3.6.8

Reported by: BytesForAll Owned by: chipbennett
Priority: Keywords: theme-atahualpa
Cc: lmmmuc@…

Description

Atahualpa - 3.6.8

Configure your custom theme: Fixed or flexible width layout, with min/max width, 0 - 4 sidebars, very browser safe (incl. IE6), create custom widget areas, import/export styles (several styles included), color pickers, over 200 options.

Theme URL - http://wordpress.bytesforall.com/
Author URL - http://forum.bytesforall.com/

SVN - http://themes.svn.wordpress.org/atahualpa/3.6.8
ZIP - http://wordpress.org/extend/themes/download/atahualpa.3.6.8.zip?nostats=1

Diff with previous version: http://themes.trac.wordpress.org/changeset?old_path=/atahualpa/3.6.7&new_path=/atahualpa/3.6.8

All previous tickets for this theme: http://themes.trac.wordpress.org/query?col=id&col=summary&col=keywords&col=owner&col=status&col=resolution&keywords=~theme-atahualpa&order=priority

https://themes.svn.wordpress.org/atahualpa/3.6.8/screenshot.png

Change History (2)

comment:1 chipbennett3 years ago

  • Owner set to chipbennett
  • Status changed from new to assigned

comment:2 chipbennett3 years ago

  • Resolution set to approved
  • Status changed from assigned to closed

Change Log

  • esc_js added to get_search_query, XSS vulnerability
  • issue with css.php: http://forum.bytesforall.com/showthread.php?t=14143
  • Page titles doubled & 'title' attrbute missing post title: http://forum.bytesforall.com/showthread.php?t=14718
  • PHP errors when adding widget areas: http://forum.bytesforall.com/showthread.php?t=14160
  • Site Title appended after the 'WordPress SEO by Yoast' title: http://forum.bytesforall.com/showthread.php?t=14816
  • PHP was still being advertised as being available at "Edit POST/PAGE info items"
  • CSS print style would not work right in some cases
  • replaced propretiary "bfa_escape" function with WP's esc_attr
  • replaced propretiary "Tabs" javascript with jQuery -> 1 file less to be loaded in the backend
  • The internal CSS & JS files for the Ata admin area are now added through WP
  • After you imported a style, you had to reload the amdin area manually to see the new values. Now the page reloads automatically after a style was imported.
  • Removed several PHP Notices in the included widgets Recent Posts/Popular Posts/Popular in Category
  • Changed the page slug (see browser URL field) of the Atahualpa admin area from "functions.php" to "atahualpa-options"
  • Replaced <?php bloginfo('template_directory'); ?> with '/wp-content/themes/atahualpa' in the CSS image paths of all 5 included styles.

Issues found by the theme check plugin:

  • Both DOS and UNIX style line endings were found in the file bfa_theme_options.php
  • text domain missing at some places in functions.php, comments.php, legacy.comments.php and comments-paged.php

Required, Can Be Fixed in Next Revision

  • Regarding this fix for search form XSS:
    // Search box
    if ( $bfa_ata['show_search_box'] == "Yes" ) 
    { 
    	echo '<td valign="bottom" class="search-box" align="right"><div class="searchbox">
    	<form method="get" class="searchform" action="' . home_url() . '/">
    		<div class="searchbox-form">' . 
    		// Since 3.6.8: Removed check whether get_search_query() exists and added esc_js 
    			'<input type="text" class="text inputblur" onfocus="this.value=\'' .
    			( get_search_query() ? esc_js(get_search_query()) : '' ) . '\'" 
    			value="' . ( get_search_query() ? esc_js(get_search_query()) : $bfa_ata['searchbox_text'] ) . 
    			'" onblur="this.value=\'' . ( get_search_query() ? esc_js(get_search_query()) : 
    			$bfa_ata['searchbox_text'] ) . '\'" name="s" />' .
    		'</div>
    		</form>
    	</div>
    	</td>';
    } 
    
    The default (i.e. Theme-option provided) value $bfa_ata['searchbox_text'] also needs to be escaped. All Theme options must be escaped on output; please verify all other such output as well.

Review Summary

  • Previous Version of Theme approved
  • No previous-ticket required issues
  • Diff-review only
  • Theme has required issues, but these can be addressed in the next Theme revision
  • Ticket being resolved as approved
Note: See TracTickets for help on using tickets.