Validation results

Berliner

11 WARNINGS

Berliner

WordPress 6.5.2 theme

CHANGE BANNER STYLE :

THEME TYPEWordPress theme 6.5.2
FILE NAMEberliner.zip
FILE SIZE2156295 bytes
MD5337cbb532e75278675edb171a78f591e
SHA1aaf136deb0ebe2e069ab1b15ca2264e37f04462b
LICENSEGNU GPL 2
FILES INCLUDEDCSS, PHP, Bitmap images
VERSION1.8.1
CREATION DATE2020-05-29
LAST FILE UPDATE2020-05-29
LAST VALIDATION2020-05-29 08:01

This theme seems to be proprietary. Themecheck doesn't distribute commercial themes.

Critical alerts

Security breaches : Use of base64_decode() Found base64_decode in file WP_OAuth.php.

Ligne216: $decoded_sig = base64_decode($signature); // Completely Safe. Used for checking RSA-SHA1 s

Security breaches : Use of base64_encode() Found base64_encode in file WP_OAuth.php.

 return base64_encode(hash_hmac('sha1', $base_string, $key, true)); // Completely S

 return base64_encode($signature); // Completely Safe. Builds RSA-SHA1 signature fo

Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe src="//www.facebook.com/plugins/like.php?href=https%3A%2F%2Fwww.facebook.com%2Fcssigniter&width&layout=button_count&action=like&show_faces=true&share=false&height=21" scrolling="no" frameborder="0" style="border:none; overflow:hidden; height:21px;" allowTransparency="true"> in file ci_panel.php.
```
Ligne179: <iframe src='//www.facebook.com/plugins/like.php?href=https%3A%2F%2Fwww.fac
```

Malware : Operations on file system file_get_contents was found in the file WP_OAuth.php

Ligne286: file_get_contents(self::$POST_INPUT) // Completely Safe. Retrieves oAuth re

readfile was found in the file downloads_handler.php

Ligne74: readfile( $abs_file_path ); // Completely Safe. Forces browser to download

Malware : Network operations curl_init was found in the file wp_twitteroauth.php
```
Ligne217: $ci = curl_init();
```
curl_exec was found in the file wp_twitteroauth.php
```
Ligne243: $response = curl_exec($ci);
```

Admin menu : Themes should use add_theme_page() for adding admin pages. File class-tgm-plugin-activation.php :

Ligne641: $this->page_hook = call_user_func( 'add_submenu_page', $args['parent_slug'], $args['page_title'], $args['menu_t

Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was soundmanager2_flash_xdomain.zip.

Warning

theme tags : Presence of bad theme tagsFound wrong tag in style.css header.
Plugin territory : Plugin territory functionalitiesThe theme uses the register_post_type() function, which is plugin-territory functionality.The theme uses the add_shortcode() function. Custom post-content shortcodes are plugin-territory functionality.
Fundamental theme elements : Presence of wp_link_pages()Could not find wp_link_pages.
Custom elements : Presence of custom headerNo reference to custom header was found in the theme.
Custom elements : Presence of custom backgroundNo reference to custom background was found in the theme.
Editor style : Presence of editor styleNo reference to add_editor_style() was found in the theme. It is recommended that the theme implements editor styling, so as to make the editor content match the resulting post output in the theme, for a better user experience.
I18N implementation : Proper use of ___all(Possible variable $value found in translation function in localization.php. Translation function calls should not contain PHP variables.
CSS files : Presence of .sticky class.sticky css class is needed in theme css.
CSS files : Presence of .bypostauthor class.bypostauthor css class is needed in theme css.
Date and time implementation : Use of date_i18n()At least one hard coded date was found in the file generic.php. Function get_option( 'date_format' ) should be used instead.
Screenshot : Screenshot fileScreenshot size is 880x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".

Tip-off

Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
Optional files : Presence of author template file author.phpThis theme does not contain optional file author.php.
Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
Use of includes : Use of include or require
The theme appears to use include or require : generic.php
```
Ligne227: require( $_template_file );
```
If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
The theme appears to use include or require : wp_twitteroauth.php
```
Ligne19: if(!class_exists('WP_OAuthException')) require_once('WP_OAuth.php');
```
If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
The theme appears to use include or require : widgets.php
```
Ligne31: require_once($path.'/'.$file);
```
If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.

Other checked themes

WordPress 6.5.2 theme

VIEW ALL THEMES