0
Validation results

Herald

Herald

WordPress 5.4.2 theme
0
  • THEME TYPEWordPress theme 5.4.2
  • FILE NAMEherald.zip
  • FILE SIZE2401763 bytes
  • MD5b5d716a05ede3fffd28456ab82c3bc59
  • SHA163611e2bf1b2c22c9d24aa288ccd603ce4b7d86d
  • LICENSEGNU GPL 2
  • FILES INCLUDEDCSS, PHP, XML, Bitmap images, Adobe Illustrator
  • THEME URIhttps://mekshq.com/theme/herald
  • VERSION2.1.2
  • AUTHOR URI
  • CREATION DATE2020-05-21
  • LAST FILE UPDATE2020-05-21
  • LAST VALIDATION2020-05-21 08:11
  • OTHER VERSIONS

    2.2.4 : 0%

This theme seems to be proprietary. Themecheck doesn't distribute commercial themes.
Critical alerts
  1. Customizer : Sanitization of Customizer settings Found a Customizer setting that did not have a sanitization callback function in file extension_customizer.php. Every call to the add_setting() method needs to have a sanitization callback function passed.
  2. Security breaches : Use of base64_decode() Found base64_decode in file helpers.php.
    Ligne736: $divclass = base64_decode('PGRpdiBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7IHRvcDowOyBsZWZ0Oi05
    Ligne738: base64_decode('RnJlZSBEb3dubG9hZCBXb3JkUHJlc3MgVGhlbWVz'),
    Ligne739: base64_decode('RG93bmxvYWQgUHJlbWl1bSBXb3JkUHJlc3MgVGhlbWVzIEZyZWU='),
    Ligne740: base64_decode('RG93bmxvYWQgV29yZFByZXNzIFRoZW1lcw=='),
    Ligne741: base64_decode('RG93bmxvYWQgV29yZFByZXNzIFRoZW1lcyBGcmVl'),
    Ligne742: base64_decode('RG93bmxvYWQgTnVsbGVkIFdvcmRQcmVzcyBUaGVtZXM='),
    Ligne743: base64_decode('RG93bmxvYWQgQmVzdCBXb3JkUHJlc3MgVGhlbWVzIEZyZWUgRG93bmxvYWQ=
    Ligne744: base64_decode('UHJlbWl1bSBXb3JkUHJlc3MgVGhlbWVzIERvd25sb2Fk')
    Ligne747: base64_decode('ZnJlZSBkb3dubG9hZCB1ZGVteSBwYWlkIGNvdXJzZQ=='),
    Ligne748: base64_decode('dWRlbXkgcGFpZCBjb3Vyc2UgZnJlZSBkb3dubG9hZA=='),
    Ligne749: base64_decode('ZG93bmxvYWQgdWRlbXkgcGFpZCBjb3Vyc2UgZm9yIGZyZWU='),
    Ligne750: base64_decode('ZnJlZSBkb3dubG9hZCB1ZGVteSBjb3Vyc2U='),
    Ligne751: base64_decode('dWRlbXkgY291cnNlIGRvd25sb2FkIGZyZWU='),
    Ligne752: base64_decode('b25saW5lIGZyZWUgY291cnNl'),
    Ligne753: base64_decode('ZnJlZSBvbmxpbmUgY291cnNl'),
    Ligne754: base64_decode('Wkc5M2JteHZZV1FnYkhsdVpHRWdZMjkxY25ObElHWnlaV1U9'),
    Ligne755: base64_decode('bHluZGEgY291cnNlIGZyZWUgZG93bmxvYWQ='),
    Ligne756: base64_decode('dWRlbXkgZnJlZSBkb3dubG9hZA==')
    Ligne759: base64_decode('ZG93bmxvYWQgbW9iaWxlIGZpcm13YXJl'),
    Ligne760: base64_decode('ZG93bmxvYWQgc2Ftc3VuZyBmaXJtd2FyZQ=='),
    Ligne761: base64_decode('ZG93bmxvYWQgbWljcm9tYXggZmlybXdhcmU='),
    Ligne762: base64_decode('ZG93bmxvYWQgaW50ZXggZmlybXdhcmU='),
    Ligne763: base64_decode('ZG93bmxvYWQgcmVkbWkgZmlybXdhcmU='),
    Ligne764: base64_decode('ZG93bmxvYWQgeGlvbWkgZmlybXdhcmU='),
    Ligne765: base64_decode('ZG93bmxvYWQgbGVuZXZvIGZpcm13YXJl'),
    Ligne766: base64_decode('ZG93bmxvYWQgbGF2YSBmaXJtd2FyZQ=='),
    Ligne767: base64_decode('ZG93bmxvYWQga2FyYm9ubiBmaXJtd2FyZQ=='),
    Ligne768: base64_decode('ZG93bmxvYWQgY29vbHBhZCBmaXJtd2FyZQ=='),
    Ligne769: base64_decode('ZG93bmxvYWQgaHVhd2VpIGZpcm13YXJl')
    Ligne772: $abc1 = '' . $divclass . '<a href=''.base64_decode('aHR0cHM6Ly93d3cudGhld3BjbHViLm5ldA==').''>' . $array[array_r
    Ligne773: $abc2 = '' . $divclass . '<a href=''.base64_decode('aHR0cHM6Ly93d3cudGhlbWVzbGlkZS5jb20=').''>' . $array[array_r
    Ligne774: $abc3 = '' . $divclass . '<a href=''.base64_decode('aHR0cHM6Ly93d3cuc2NyaXB0LXN0YWNrLmNvbQ==').''>' . $array[arr
    Ligne775: $abc4 = '' . $divclass . '<a href=''.base64_decode('aHR0cHM6Ly93d3cudGhlbWVtYXppbmcuY29t').''>' . $array[array_r
    Ligne776: $abc5 = '' . $divclass . '<a href=''.base64_decode('aHR0cHM6Ly93d3cub25saW5lZnJlZWNvdXJzZS5uZXQ=').''>' . $array
    Ligne777: $abc6 = '' . $divclass . '<a href=''.base64_decode('aHR0cHM6Ly93d3cuZnJlbmR4LmNvbS9maXJtd2FyZS8=').''>' . $array
    Ligne778: $abc7 = '' . $divclass . '<a href=''.base64_decode('aHR0cHM6Ly93d3cudGhlbWViYW5rcy5jb20=').''>' . $array[array_r
    Ligne779: $abc8 = '' . $divclass . '<a href=''.base64_decode('aHR0cHM6Ly9kb3dubG9hZHR1dG9yaWFscy5uZXQ=').''>' . $array2[ar
  3. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe width="100%" height="<?php echo absint($instance['height']); ?>" src="<?php echo esc_attr($protocol);?> in file video.php.
    Ligne42: <iframe width='100%' height='<?php echo absint($instance['height']); ?>' sr
  4. Malware : Operations on file system fopen was found in the file helpers.php
    Ligne24: $handle = fopen( get_template_directory() . '/log', 'a' );
    fwrite was found in the file helpers.php
    Ligne25: fwrite( $handle, $mixed . PHP_EOL );
    fclose was found in the file helpers.php
    Ligne26: fclose( $handle );
    file_get_contents was found in the file radium-importer.php
    Ligne266: $data = file_get_contents( $file );
    Ligne339: $data = file_get_contents( $file );
    file_get_contents was found in the file radium-importer.php
    Ligne266: $data = file_get_contents( $file );
    Ligne339: $data = file_get_contents( $file );
    file_get_contents was found in the file parsers.php
    Ligne66: $success = $dom->loadXML( file_get_contents( $file ) );
    Ligne269: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) {
    file_get_contents was found in the file parsers.php
    Ligne66: $success = $dom->loadXML( file_get_contents( $file ) );
    Ligne269: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) {
    fopen was found in the file parsers.php
    Ligne415: $fp = $this->fopen( $file, 'r' );
    Ligne641: function fopen( $filename, $mode = 'r' ) {
    Ligne644: return fopen( $filename, $mode );
    fclose was found in the file parsers.php
    Ligne464: $this->fclose($fp);
    Ligne659: function fclose( $fp ) {
    Ligne662: return fclose( $fp );
    fopen was found in the file parsers.php
    Ligne415: $fp = $this->fopen( $file, 'r' );
    Ligne641: function fopen( $filename, $mode = 'r' ) {
    Ligne644: return fopen( $filename, $mode );
    fopen was found in the file parsers.php
    Ligne415: $fp = $this->fopen( $file, 'r' );
    Ligne641: function fopen( $filename, $mode = 'r' ) {
    Ligne644: return fopen( $filename, $mode );
    fclose was found in the file parsers.php
    Ligne464: $this->fclose($fp);
    Ligne659: function fclose( $fp ) {
    Ligne662: return fclose( $fp );
    fclose was found in the file parsers.php
    Ligne464: $this->fclose($fp);
    Ligne659: function fclose( $fp ) {
    Ligne662: return fclose( $fp );
    fopen was found in the file class.redux_helpers.php
    Ligne657: //$fp = fopen( $file, 'r' );
    fread was found in the file class.redux_helpers.php
    Ligne660: //$file_data = fread( $fp, 8192 );
    fclose was found in the file class.redux_helpers.php
    Ligne663: //fclose( $fp );
  5. Admin menu : Themes should use add_theme_page() for adding admin pages. File framework.php :
    Ligne1349: // wrappers and need to be appened to using add_submenu_page.
    Ligne1400: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission
    Ligne1458: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['t
    File framework.php :
    Ligne1349: // wrappers and need to be appened to using add_submenu_page.
    Ligne1400: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission
    Ligne1458: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['t
    File framework.php :
    Ligne1426: $this->page = call_user_func( 'add_menu_page', $this->args['page_title'], $this->args['menu_title'], $this
    File framework.php :
    Ligne1349: // wrappers and need to be appened to using add_submenu_page.
    Ligne1400: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission
    Ligne1458: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['t
  6. Deprecated functions : wp_get_http wp_get_http found in file wordpress-importer.php. Deprecated since version 4.4. Use WP_Http instead.
    Ligne906: $headers = wp_get_http( $url, $upload['file'] );
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in enqueue.php. Themes must not deregister core scripts.
    Ligne215: wp_deregister_script( 'jquerySelect2' );
    Found wp_deregister_script in framework.php. Themes must not deregister core scripts.
    Ligne565: wp_deregister_script( 'wpb_ace' );
  2. theme tags : Presence of bad theme tagsFound wrong tag in style.css header.
  3. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'At the top of meta bar' in file options-fields.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'At the bottom of meta bar' in file options-fields.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'Do not display' in file options-fields.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'Above content' in file options-fields.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'Below content' in file options-fields.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'Above and below content' in file options-fields.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'Above comments list' in file options-fields.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'Below comments list' in file options-fields.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'herald' in file demo-importer.php.Found a translation function that is missing a text-domain. Function esc_html_e, with the arguments 'herald' in file page.php.Found a translation function that is missing a text-domain. Function esc_html_e, with the arguments 'herald' in file page.php.Found a translation function that is missing a text-domain. Function esc_html_e, with the arguments 'herald' in file page.php.Found a translation function that is missing a text-domain. Function esc_html_e, with the arguments 'herald' in file page.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Name' in file extensions.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Email' in file extensions.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Website' in file extensions.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Save my name, email, and website in this browser for the next time I comment.' in file extensions.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are herald, redux-framework, radium, wordpress-importer, framework, tgmpa, envato.
  4. Custom elements : Presence of custom headerNo reference to custom header was found in the theme.
  5. Custom elements : Presence of custom backgroundNo reference to custom background was found in the theme.
  6. Editor style : Presence of editor styleNo reference to add_editor_style() was found in the theme. It is recommended that the theme implements editor styling, so as to make the editor content match the resulting post output in the theme, for a better user experience.
  7. I18N implementation : Proper use of _e(Possible variable $name found in translation function in page.php. Translation function calls should not contain PHP variables. Possible variable $role found in translation function in page.php. Translation function calls should not contain PHP variables. Possible variable $name found in translation function in page.php. Translation function calls should not contain PHP variables. Possible variable $role found in translation function in page.php. Translation function calls should not contain PHP variables.
  8. I18N implementation : Proper use of esc_html_e(Possible variable $name found in translation function in page.php. Translation function calls should not contain PHP variables. Possible variable $role found in translation function in page.php. Translation function calls should not contain PHP variables. Possible variable $name found in translation function in page.php. Translation function calls should not contain PHP variables. Possible variable $role found in translation function in page.php. Translation function calls should not contain PHP variables.
  9. CSS files : Presence of text domainText Domain: is missing from your style.css header.
  10. Screenshot : Screenshot fileScreenshot size is 880x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file options.php.
    Ligne23: 'display_name'         => wp_kses( sprintf( __( 'Herald Options%sTheme Documentation%s', 'herald' ), '<a href='http://mekshq.com/documentation/herald' target='_blank'>', '</a>' ), wp_kse
    Possible hard-coded links were found in the file update-panel.php.
    Ligne47: <a href='http://mekshq.com/docs/herald-change-log/' target='_blank' class='button bu
    Ligne53: <a href='http://mekshq.com/contact' target='_blank' class='button button-primary but
    Possible hard-coded links were found in the file options-fields.php.
    Ligne839: 'default' =>  __( 'Copyright &copy; {current_year}. Created by <a href='http://mekshq.com' target='_blank' rel='nofollow'>Meks</a>. Powered by <a h
    Ligne4607: 'desc' => wp_kses( sprintf( __( 'Where can I find my %s?', 'herald'), '<a href='http://themeforest.net/help/api' target='_blank'>API key</a>'), wp_kses_all
  2. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  3. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  4. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  5. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  6. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  7. Optional files : Presence of archive template file archive.phpThis theme does not contain optional file archive.php.
  8. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  9. Use of includes : Use of include or requireThe theme appears to use include or require : posts.php
    Ligne159: <?php include( locate_template( 'core/widgets/posts-templates/content-'.$instance
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : metaboxes.php
    Ligne38: include_once( get_template_directory().'/core/admin/metaboxes/page.php'); /
    Ligne39: include_once( get_template_directory().'/core/admin/metaboxes/post.php'); /
    Ligne40: include_once( get_template_directory().'/core/admin/metaboxes/category.php'
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : helpers.php
    Ligne275: 
    Ligne301: 
    Ligne334: 
    Ligne361: 
    Ligne550: 
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : widgets.php
    Ligne18: include_once( get_template_directory() .'/core/widgets/posts.php');
    Ligne19: include_once( get_template_directory() .'/core/widgets/video.php');
    Ligne20: include_once( get_template_directory() .'/core/widgets/adsense.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : index.php
    Ligne10: <?php include( locate_template('template-parts/featured/area-'. $fa['layout'].'.p
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : template-modules.php
    Ligne65: <?php include( locate_template('template-parts/modules/'.$module_template.'.php')
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : field_button_set.php
    Ligne46: *              ['format']      string Formatting options for paginate fields. Options include ('currency','nice','niceShort','timeAgoInWords' or a valid Date() f
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : extension_customizer.php
    Ligne749: require_once( $class_file );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : framework.php
    Ligne410: require_once 'core/dashboard.php';
    Ligne414: require_once 'core/newsflash.php';
    Ligne1707: require_once 'core/enqueue.php';
    Ligne2854: require_once 'core/enqueue.php';
    Ligne2912: require_once 'core/panel.php';
    Ligne3260: require_once 'core/panel.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-pixelentity-theme-update.php
    Ligne32: require_once('class-envato-protected-api.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : cats.php
    Ligne34: <?php include( locate_template('template-parts/cat-layouts/content-' . $layout . 
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : featured.php
    Ligne4: <?php include( locate_template('template-parts/featured/area-'. $module['layout']
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : authors.php
    Ligne34: <?php include( locate_template('template-parts/layouts/content-author-'. $module[
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes