function check($php_files, $css_files, $other_files)
{
$grep = '';
$ret = true;
$checks = array(array('preview_theme' => '', '4.3'), array('_preview_theme_template_filter' => '', '4.3'), array('_preview_theme_stylesheet_filter' => '', '4.3'), array('preview_theme_ob_filter' => '', '4.3'), array('preview_theme_ob_filter_callback' => '', '4.3'), array('wp_richedit_pre' => '', '4.3'), array('wp_htmledit_pre' => '', '4.3'), array('wp_ajax_wp_fullscreen_save_post' => '', '4.3'), array('post_permalink' => 'get_permalink', '4.4'), array('wp_get_http' => 'WP_Http', '4.4'), array('force_ssl_login' => 'force_ssl_admin', '4.4'), array('create_empty_blog' => '', '4.4'), array('get_admin_users_for_domain' => '', '4.4'), array('flush_widget_cache' => '', '4.4'));
foreach ($php_files as $php_key => $phpfile) {
foreach ($checks as $alt => $check) {
checkcount();
$version = $check;
$key = key($check);
$alt = $check[$key];
if (preg_match('/[\\s?]' . $key . '\\(/', $phpfile, $matches)) {
$filename = tc_filename($php_key);
$error = ltrim(rtrim($matches[0], '('));
$version = $check[0];
$grep = tc_grep($error, $php_key);
// Point out the deprecated function.
$error_msg = sprintf(__('%1$s found in the file %2$s. Deprecated since version %3$s.', 'theme-check'), '<strong>' . $error . '()</strong>', '<strong>' . $filename . '</strong>', '<strong>' . $version . '</strong>');
// Add alternative function when available.
if ($alt) {
$error_msg .= ' ' . sprintf(__('Use %s instead.', 'theme-check'), '<strong>' . $alt . '</strong>');
}
// Add the precise code match that was found.
$error_msg .= $grep;
// Add the finalized error message.
$this->error[] = '<span class="tc-lead tc-recommended">' . __('RECOMMENDED', 'theme-check') . '</span>: ' . $error_msg;
}
}
}
return $ret;
}
function check($php_files, $css_files, $other_files)
{
$grep = '';
$ret = true;
$checks = array(array('rich_edit_exists' => '', '3.9'), array('default_topic_count_text' => '', '3.9'), array('format_to_post' => '', '3.9'), array('get_current_site_name' => 'get_current_site()', '3.9'), array('wpmu_current_site' => '', '3.9'), array('get_all_category_ids' => 'get_terms()', '4.0'), array('like_escape' => 'wpdb::esc_like()', '4.0'), array('url_is_accessable_via_ssl' => '', '4.0'));
foreach ($php_files as $php_key => $phpfile) {
foreach ($checks as $alt => $check) {
checkcount();
$version = $check;
$key = key($check);
$alt = $check[$key];
if (preg_match('/[\\s?]' . $key . '\\(/', $phpfile, $matches)) {
$filename = tc_filename($php_key);
$error = ltrim(rtrim($matches[0], '('));
$version = $check[0];
$grep = tc_grep($error, $php_key);
// Point out the deprecated function.
$error_msg = sprintf(__('%1$s found in the file %2$s. Deprecated since version %3$s.', 'theme-check'), '<strong>' . $error . '()</strong>', '<strong>' . $filename . '</strong>', '<strong>' . $version . '</strong>');
// Add alternative function when available.
if ($alt) {
$error_msg .= ' ' . sprintf(__('Use %s instead.', 'theme-check'), '<strong>' . $alt . '</strong>');
}
// Add the precise code match that was found.
$error_msg .= $grep;
// Add the finalized error message.
$this->error[] = '<span class="tc-lead tc-recommended">' . __('RECOMMENDED', 'theme-check') . '</span>: ' . $error_msg;
}
}
}
return $ret;
}
function check($php_files, $css_files, $other_files)
{
$ret = true;
global $data;
foreach ($php_files as $php_key => $phpfile) {
checkcount();
$grep = '';
// regex borrowed from TAC
$url_re = '([[:alnum:]\\-\\.])+(\\.)([[:alnum:]]){2,4}([[:blank:][:alnum:]\\/\\+\\=\\%\\&\\_\\\\.\\~\\?\\-]*)';
$title_re = '[[:blank:][:alnum:][:punct:]]*';
// 0 or more: any num, letter(upper/lower) or any punc symbol
$space_re = '(\\s*)';
if (preg_match_all("/(<a)(\\s+)(href" . $space_re . "=" . $space_re . "\"" . $space_re . "((http|https|ftp):\\/\\/)?)" . $url_re . "(\"" . $space_re . $title_re . $space_re . ">)" . $title_re . "(<\\/a>)/is", $phpfile, $out, PREG_SET_ORDER)) {
$filename = tc_filename($php_key);
foreach ($out as $key) {
if (preg_match('/\\<a\\s?href\\s?=\\s?["|\'](.*?)[\'|"](.*?)\\>(.*?)\\<\\/a\\>/is', $key[0], $stripped)) {
if (!empty($data['AuthorURI']) && !empty($data['URI']) && $stripped[1] && !strpos($stripped[1], $data['URI']) && !strpos($stripped[1], $data['AuthorURI']) && !strpos($stripped[1], 'wordpress.')) {
$grep .= tc_grep($stripped[1], $php_key);
}
}
if ($grep) {
$this->error[] = sprintf('<span class="tc-lead tc-info">' . __('INFO', 'theme-check') . '</span>: ' . __('Possible hard-coded links were found in the file <strong>%1$s</strong>.%2$s', 'theme-check'), $filename, $grep);
}
}
}
}
return $ret;
}
function check($php_files, $css_files, $other_files)
{
$ret = true;
$checks = array('/(?<![_|a-z0-9|\\.])eval\\s?\\(/i' => __('eval() is not allowed.', 'themecheck'), '/[^a-z0-9](?<!_)(popen|proc_open|[^_]exec|shell_exec|system|passthru)\\(/' => __('PHP sytem calls should be disabled by server admins anyway!', 'themecheck'), '/\\s?ini_set\\(/' => __('Themes should not change server PHP settings', 'themecheck'), '/uudecode/ims' => __('uudecode() is not allowed', 'themecheck'), '/str_rot13/ims' => __('str_rot13() is not allowed', 'themecheck'), '/cx=[0-9]{21}:[a-z0-9]{10}/' => __('Google search code detected', 'themecheck'), '/pub-[0-9]{16}/i' => __('Googe advertising code detected', 'themecheck'));
$grep = '';
foreach ($php_files as $php_key => $phpfile) {
foreach ($checks as $key => $check) {
checkcount();
if (preg_match($key, $phpfile, $matches)) {
$filename = tc_filename($php_key);
$error = ltrim(trim($matches[0], '('));
$grep = tc_grep($error, $php_key);
$this->error[] = sprintf(__('<span class="tc-lead tc-warning">WARNING</span>: Found <strong>%1$s</strong> in the file <strong>%2$s</strong>. %3$s. %4$s', 'themecheck'), $error, $filename, $check, $grep);
$ret = false;
}
}
}
$checks = array('/cx=[0-9]{21}:[a-z0-9]{10}/' => __('Google search code detected', 'themecheck'), '/pub-[0-9]{16}/' => __('Google advertising code detected', 'themecheck'));
foreach ($other_files as $php_key => $phpfile) {
foreach ($checks as $key => $check) {
checkcount();
if (preg_match($key, $phpfile, $matches)) {
$filename = tc_filename($php_key);
$error = ltrim(rtrim($matches[0], '('));
$grep = tc_grep($error, $php_key);
$this->error[] = sprintf(__('<span class="tc-lead tc-warning">WARNING</span>: Found <strong>%1$s</strong> in the file <strong>%2$s</strong>. %3$s.%4$s', 'themecheck'), $error, $filename, $check, $grep);
$ret = false;
}
}
}
return $ret;
}
function check($php_files, $css_files, $other_files)
{
$grep = '';
$ret = true;
$checks = array(array('get_postdata' => 'get_post()', '1.5.1'), array('start_wp' => 'the Loop', '1.5'), array('the_category_id' => 'get_the_category()', '0.71'), array('the_category_head' => 'get_the_category_by_ID()', '0.71'), array('previous_post' => 'previous_post_link()', '2.0'), array('next_post' => 'next_post_link()', '2.0'), array('user_can_create_post' => 'current_user_can()', '2.0'), array('user_can_create_draft' => 'current_user_can()', '2.0'), array('user_can_edit_post' => 'current_user_can()', '2.0'), array('user_can_delete_post' => 'current_user_can()', '2.0'), array('user_can_set_post_date' => 'current_user_can()', '2.0'), array('user_can_edit_post_comments' => 'current_user_can()', '2.0'), array('user_can_delete_post_comments' => 'current_user_can()', '2.0'), array('user_can_edit_user' => 'current_user_can()', '2.0'), array('get_linksbyname' => 'get_bookmarks()', '2.1'), array('wp_get_linksbyname' => 'wp_list_bookmarks()', '2.1'), array('get_linkobjectsbyname' => 'get_bookmarks()', '2.1'), array('get_linkobjects' => 'get_bookmarks()', '2.1'), array('get_linksbyname_withrating' => 'get_bookmarks()', '2.1'), array('get_links_withrating' => 'get_bookmarks()', '2.1'), array('get_autotoggle' => '', '2.1'), array('list_cats' => 'wp_list_categories', '2.1'), array('wp_list_cats' => 'wp_list_categories', '2.1'), array('dropdown_cats' => 'wp_dropdown_categories()', '2.1'), array('list_authors' => 'wp_list_authors()', '2.1'), array('wp_get_post_cats' => 'wp_get_post_categories()', '2.1'), array('wp_set_post_cats' => 'wp_set_post_categories()', '2.1'), array('get_archives' => 'wp_get_archives', '2.1'), array('get_author_link' => 'get_author_posts_url()', '2.1'), array('link_pages' => 'wp_link_pages()', '2.1'), array('get_settings' => 'get_option()', '2.1'), array('permalink_link' => 'the_permalink()', '1.2'), array('permalink_single_rss' => 'permalink_rss()', '2.3'), array('wp_get_links' => 'wp_list_bookmarks()', '2.1'), array('get_links' => 'get_bookmarks()', '2.1'), array('get_links_list' => 'wp_list_bookmarks()', '2.1'), array('links_popup_script' => '', '2.1'), array('get_linkrating' => 'sanitize_bookmark_field()', '2.1'), array('get_linkcatname' => 'get_category()', '2.1'), array('comments_rss_link' => 'post_comments_feed_link()', '2.5'), array('get_category_rss_link' => 'get_category_feed_link()' . '2.5'), array('get_author_rss_link' => 'get_author_feed_link()', '2.5'), array('comments_rss' => 'get_post_comments_feed_link()', '2.2'), array('create_user' => 'wp_create_user()', '2.0'), array('gzip_compression' => '', '2.5'), array('get_commentdata' => 'get_comment()', '2.7'), array('get_catname' => 'get_cat_name()', '2.8'), array('get_category_children' => 'get_term_children', '2.8'), array('get_the_author_description' => 'get_the_author_meta(\'description\')', '2.8'), array('the_author_description' => 'the_author_meta(\'description\')', '2.8'), array('get_the_author_login' => 'the_author_meta(\'login\')', '2.8'), array('get_the_author_firstname' => 'get_the_author_meta(\'first_name\')', '2.8'), array('the_author_firstname' => 'the_author_meta(\'first_name\')', '2.8'), array('get_the_author_lastname' => 'get_the_author_meta(\'last_name\')', '2.8'), array('the_author_lastname' => 'the_author_meta(\'last_name\')', '2.8'), array('get_the_author_nickname' => 'get_the_author_meta(\'nickname\')', '2.8'), array('the_author_nickname' => 'the_author_meta(\'nickname\')', '2.8'), array('get_the_author_email' => 'get_the_author_meta(\'email\')', '2.8'), array('the_author_email' => 'the_author_meta(\'email\')', '2.8'), array('get_the_author_icq' => 'get_the_author_meta(\'icq\')', '2.8'), array('the_author_icq' => 'the_author_meta(\'icq\')', '2.8'), array('get_the_author_yim' => 'get_the_author_meta(\'yim\')', '2.8'), array('the_author_yim' => 'the_author_meta(\'yim\')', '2.8'), array('get_the_author_msn' => 'get_the_author_meta(\'msn\')', '2.8'), array('the_author_msn' => 'the_author_meta(\'msn\')', '2.8'), array('get_the_author_aim' => 'get_the_author_meta(\'aim\')', '2.8'), array('the_author_aim' => 'the_author_meta(\'aim\')', '2.8'), array('get_author_name' => 'get_the_author_meta(\'display_name\')', '2.8'), array('get_the_author_url' => 'get_the_author_meta(\'url\')', '2.8'), array('the_author_url' => 'the_author_meta(\'url\')', '2.8'), array('get_the_author_ID' => 'get_the_author_meta(\'ID\')', '2.8'), array('the_author_ID' => 'the_author_meta(\'ID\')', '2.8'), array('the_content_rss' => 'the_content_feed()', '2.9'), array('make_url_footnote' => '', '2.9'), array('_c' => '_x()', '2.9'), array('translate_with_context' => '_x()', '3.0'), array('nc' => 'nx()', '3.0'), array('__ngettext' => '_n_noop()', '2.8'), array('__ngettext_noop' => '_n_noop()', '2.8'), array('get_alloptions' => 'wp_load_alloptions()', '3.0'), array('get_the_attachment_link' => 'wp_get_attachment_link()', '2.5'), array('get_attachment_icon_src' => 'wp_get_attachment_image_src()', '2.5'), array('get_attachment_icon' => 'wp_get_attachment_image()', '2.5'), array('get_attachment_innerhtml' => 'wp_get_attachment_image()', '2.5'), array('get_link' => 'get_bookmark()', '2.1'), array('sanitize_url' => 'esc_url()', '2.8'), array('clean_url' => 'esc_url()', '3.0'), array('js_escape' => 'esc_js()', '2.8'), array('wp_specialchars' => 'esc_html()', '2.8'), array('attribute_escape' => 'esc_attr()', '2.8'), array('register_sidebar_widget' => 'wp_register_sidebar_widget()', '2.8'), array('unregister_sidebar_widget' => 'wp_unregister_sidebar_widget()', '2.8'), array('register_widget_control' => 'wp_register_widget_control()', '2.8'), array('unregister_widget_control' => 'wp_unregister_widget_control()', '2.8'), array('delete_usermeta' => 'delete_user_meta()', '3.0'), array('get_usermeta' => 'get_user_meta()', '3.0'), array('update_usermeta' => 'update_user_meta()', '3.0'), array('automatic_feed_links' => 'add_theme_support( \'automatic-feed-links\' )', '3.0'), array('get_profile' => 'get_the_author_meta()', '3.0'), array('get_usernumposts' => 'count_user_posts()', '3.0'), array('funky_javascript_callback' => '', '3.0'), array('funky_javascript_fix' => '', '3.0'), array('is_taxonomy' => 'taxonomy_exists()', '3.0'), array('is_term' => 'term_exists()', '3.0'), array('is_plugin_page' => '$plugin_page and/or get_plugin_page_hookname() hooks', '3.1'), array('update_category_cache' => 'No alternatives', '3.1'), array('get_users_of_blog' => 'get_users()', '3.1'), array('wp_timezone_supported' => '', '3.2'), array('the_editor' => 'wp_editor', '3.3'), array('get_user_metavalues' => '', '3.3'), array('sanitize_user_object' => '', '3.3'), array('get_boundary_post_rel_link' => '', '3.3'), array('start_post_rel_link' => 'none available ', '3.3'), array('get_index_rel_link' => '', '3.3'), array('index_rel_link' => '', '3.3'), array('get_parent_post_rel_link' => '', '3.3'), array('parent_post_rel_link' => '', '3.3'), array('wp_admin_bar_dashboard_view_site_menu' => '', '3.3'), array('is_blog_user' => 'is_member_of_blog()', '3.3'), array('debug_fopen' => 'error_log()', '3.3'), array('debug_fwrite' => 'error_log()', '3.3'), array('debug_fclose' => 'error_log()', '3.3'), array('get_themes' => 'wp_get_themes()', '3.4'), array('get_theme' => 'wp_get_theme()', '3.4'), array('get_current_theme' => 'wp_get_theme()', '3.4'), array('clean_pre' => '', '3.4'), array('add_custom_image_header' => 'add_theme_support( \'custom-header\', $args )', '3.4'), array('remove_custom_image_header' => 'remove_theme_support( \'custom-header\' )', '3.4'), array('add_custom_background' => 'add_theme_support( \'custom-background\', $args )', '3.4'), array('remove_custom_background' => 'remove_theme_support( \'custom-background\' )', '3.4'), array('get_theme_data' => 'wp_get_theme()', '3.4'), array('update_page_cache' => 'update_post_cache()', '3.4'), array('clean_page_cache' => 'clean_post_cache()', '3.4'), array('wp_explain_nonce' => 'wp_nonce_ays', '3.4.1'), array('sticky_class' => 'post_class()', '3.5'), array('_get_post_ancestors' => '', '3.5'), array('wp_load_image' => 'wp_get_image_editor()', '3.5'), array('image_resize' => 'wp_get_image_editor()', '3.5'), array('wp_get_single_post' => 'get_post()', '3.5'), array('user_pass_ok' => 'wp_authenticate()', '3.5'), array('_save_post_hook' => '', '3.5'), array('gd_edit_image_support' => 'wp_image_editor_supports', '3.5'), array('get_user_id_from_string' => 'get_user_by()', '3.6'), array('wp_convert_bytes_to_hr' => 'size_format()', '3.6'), array('_search_terms_tidy' => '', '3.7'), array('get_blogaddress_by_domain' => '', '3.7'), array('tinymce_include' => 'wp_tiny_mce()', '2.1'), array('documentation_link' => '', '2.5'), array('wp_shrink_dimensions' => 'wp_constrain_dimensions()', '3.0'), array('dropdown_categories' => 'wp_category_checklist()', '2.6'), array('dropdown_link_categories' => 'wp_link_category_checklist()', '2.6'), array('wp_dropdown_cats' => 'wp_dropdown_categories()', '3.0'), array('add_option_update_handler' => 'register_setting()', '3.0'), array('remove_option_update_handler' => 'unregister_setting()', '3.0'), array('codepress_get_lang' => '', '3.0'), array('codepress_footer_js' => '', '3.0'), array('use_codepress' => '', '3.0'), array('get_author_user_ids' => '', '3.1'), array('get_editable_authors' => '', '3.1'), array('get_editable_user_ids' => '', '3.1'), array('get_nonauthor_user_ids' => '', '3.1'), array('WP_User_Search' => 'WP_User_Query', '3.1'), array('get_others_unpublished_posts' => '', '3.1'), array('get_others_drafts' => '', '3.1'), array('get_others_pending' => '', '3.1'), array('wp_dashboard_quick_press()' => '', '3.2'), array('wp_tiny_mce' => 'wp_editor', '3.2'), array('wp_preload_dialogs' => 'wp_editor()', '3.2'), array('wp_print_editor_js' => 'wp_editor()', '3.2'), array('wp_quicktags' => 'wp_editor()', '3.2'), array('favorite_actions' => 'WP_Admin_Bar', '3.2'), array('screen_layout' => '$current_screen->render_screen_layout()', '3.3'), array('screen_options' => '$current_screen->render_per_page_options()', '3.3'), array('screen_meta' => ' $current_screen->render_screen_meta()', '3.3'), array('media_upload_image' => 'wp_media_upload_handler()', '3.3'), array('media_upload_audio' => 'wp_media_upload_handler()', '3.3'), array('media_upload_video' => 'wp_media_upload_handler()', '3.3'), array('media_upload_file' => 'wp_media_upload_handler()', '3.3'), array('type_url_form_image' => 'wp_media_insert_url_form( \'image\' )', '3.3'), array('type_url_form_audio' => 'wp_media_insert_url_form( \'audio\' )', '3.3'), array('type_url_form_video' => 'wp_media_insert_url_form( \'video\' )', '3.3'), array('type_url_form_file' => 'wp_media_insert_url_form( \'file\' )', '3.3'), array('add_contextual_help' => 'get_current_screen()->add_help_tab()', '3.3'), array('get_allowed_themes' => 'wp_get_themes( array( \'allowed\' => true ) )', '3.4'), array('get_broken_themes' => 'wp_get_themes( array( \'errors\' => true )', '3.4'), array('current_theme_info' => 'wp_get_theme()', '3.4'), array('_insert_into_post_button' => '', '3.5'), array('_media_button' => '', '3.5'), array('get_post_to_edit' => 'get_post()', '3.5'), array('get_default_page_to_edit' => 'get_default_post_to_edit()', '3.5'), array('wp_create_thumbnail' => 'image_resize()', '3.5'), array('wp_nav_menu_locations_meta_box' => '', '3.6'), array('the_attachment_links' => '', '3.7'), array('wp_update_core' => 'new Core_Upgrader()', '3.7'), array('wp_update_plugin' => 'new Plugin_Upgrader()', '3.7'), array('wp_update_theme' => 'new Theme_Upgrader()', '3.7'), array('get_screen_icon' => '', '3.8'), array('screen_icon' => '', '3.8'), array('wp_dashboard_incoming_links' => '', '3.8'), array('wp_dashboard_incoming_links_control' => '', '3.8'), array('wp_dashboard_incoming_links_output' => '', '3.8'), array('wp_dashboard_plugins' => '', '3.8'), array('wp_dashboard_primary_control' => '', '3.8'), array('wp_dashboard_recent_comments_control' => '', '3.8'), array('wp_dashboard_secondary' => '', '3.8'), array('wp_dashboard_secondary_control' => '', '3.8'), array('wp_dashboard_secondary_output' => '', '3.8'));
foreach ($php_files as $php_key => $phpfile) {
foreach ($checks as $alt => $check) {
checkcount();
$key = key($check);
$alt = $check[$key];
if (preg_match('/[\\s?]' . $key . '\\(/', $phpfile, $matches)) {
$filename = tc_filename($php_key);
$error = ltrim(rtrim($matches[0], '('));
$version = $check[0];
$grep = tc_grep($error, $php_key);
// Point out the deprecated function.
$error_msg = sprintf(__('%1$s found in the file %2$s. Deprecated since version %3$s.', 'theme-check'), '<strong>' . $error . '()</strong>', '<strong>' . $filename . '</strong>', '<strong>' . $version . '</strong>');
// Add alternative function when available.
if ($alt) {
$error_msg .= ' ' . sprintf(__('Use %s instead.', 'theme-check'), '<strong>' . $alt . '</strong>');
}
// Add the precise code match that was found.
$error_msg .= $grep;
// Add the finalized error message.
$this->error[] = '<span class="tc-lead tc-required">' . __('REQUIRED', 'theme-check') . '</span>: ' . $error_msg;
$ret = false;
}
}
}
return $ret;
}
function check($php_files, $css_files, $other_files)
{
$ret = true;
//check for levels deprecated in 2.0 in creating menus.
$checks = array('/([^_](add_(admin|submenu|menu|dashboard|posts|media|links|pages|comments|theme|plugins|users|management|options)_page)\\s?\\([^,]*,[^,]*,\\s[\'|"]?(level_[0-9]|[0-9])[^;|\\r|\\r\\n]*)/' => __('User levels were deprecated in <strong>2.0</strong>. Please see <a href="https://codex.wordpress.org/Roles_and_Capabilities">Roles_and_Capabilities</a>', 'theme-check'), '/[^a-z0-9](current_user_can\\s?\\(\\s?[\'\\"]level_[0-9][\'\\"]\\s?\\))[^\\r|\\r\\n]*/' => __('User levels were deprecated in <strong>2.0</strong>. Please see <a href="https://codex.wordpress.org/Roles_and_Capabilities">Roles_and_Capabilities</a>', 'theme-check'));
foreach ($php_files as $php_key => $phpfile) {
foreach ($checks as $key => $check) {
checkcount();
if (preg_match($key, $phpfile, $matches)) {
$filename = tc_filename($php_key);
$grep = isset($matches[2]) ? tc_grep($matches[2], $php_key) : tc_grep($matches[1], $php_key);
$this->error[] = sprintf('<span class="tc-lead tc-warning">' . __('WARNING', 'theme-check') . '</span>: <strong>%1$s</strong>. %2$s%3$s', $filename, $check, $grep);
$ret = false;
}
}
}
//check for add_admin_page
$checks = array('/([^_]add_(admin|submenu|menu|dashboard|posts|media|links|pages|comments|plugins|users|management|options)_page)/' => __('Themes should use <strong>add_theme_page()</strong> for adding admin pages.', 'theme-check'));
foreach ($php_files as $php_key => $phpfile) {
foreach ($checks as $key => $check) {
checkcount();
if (preg_match($key, $phpfile, $matches)) {
$filename = tc_filename($php_key);
$error = ltrim(rtrim($matches[0], '('));
$grep = tc_grep($error, $php_key);
$this->error[] = sprintf('<span class="tc-lead tc-required">' . __('REQUIRED', 'theme-check') . '</span>: <strong>%1$s</strong>. %2$s%3$s', $filename, $check, $grep);
$ret = false;
}
}
}
return $ret;
}
function check($php_files, $css_files, $other_files)
{
global $data, $themename;
$ret = true;
$error = '';
checkcount();
if ($data['Name'] === 'Twenty Ten' || $data['Name'] === 'Twenty Eleven') {
return $ret;
}
$checks = array('/[\\s|\\(|;]_[e|_]\\s?\\(\\s?[\'|"][^\'|"]*[\'|"]\\s?\\)/' => __('You have not included a text domain!', 'theme-check'));
foreach ($php_files as $php_key => $phpfile) {
$error = '';
foreach ($checks as $key => $check) {
checkcount();
if (preg_match_all($key, $phpfile, $matches) || preg_match_all('/[\\s|\\(]_x\\s?\\(\\s?[\'|"][^\'|"]*[\'|"]\\s?,\\s?[\'|"][^\'|"]*[\'|"]\\s?\\)/', $phpfile, $matches)) {
$filename = tc_filename($php_key);
foreach ($matches[0] as $match) {
$grep = tc_grep(ltrim($match), $php_key);
preg_match('/[^\\s]*\\s[0-9]+/', $grep, $line);
$error .= !strpos($error, $line[0]) ? $grep : '';
}
$this->error[] = sprintf("<span class='tc-lead tc-recommended'>" . __('RECOMMENDED', 'theme-check') . '</span>: ' . __('Text domain problems in <strong>%1$s</strong>. %2$s %3$s ', 'theme-check'), $filename, $check, $error);
}
}
}
$checks = array('/[\\s|\\(]_[e|_]\\s?\\([^,|;]*\\s?,\\s?[\'|"]([^\'|"]*)[\'|"]\\s?\\)/' => sprintf(__('Text domain should match theme slug: <strong>%1$s</strong>', 'theme-check'), $themename), '/[\\s|\\(]_x\\s?\\([^,]*\\s?,\\s[^\'|"]*[\'|"][^\'|"]*[\'|"],\\s?[\'|"]([^\'|"]*)[\'|"]\\s?\\)/' => sprintf(__('Text domain should match theme slug: <strong>%1$s</strong>', 'theme-check'), $themename));
foreach ($php_files as $php_key => $phpfile) {
foreach ($checks as $key => $check) {
checkcount();
if (preg_match_all($key, $phpfile, $matches)) {
foreach ($matches[0] as $count => $domaincheck) {
if (preg_match('/[\\s|\\(]_[e|_]\\s?\\(\\s?[\'|"][^\'|"]*[\'|"]\\s?\\)/', $domaincheck)) {
unset($matches[1][$count]);
}
//filter out false positives
}
$filename = tc_filename($php_key);
$count = 0;
while (isset($matches[1][$count])) {
if ($matches[1][$count] !== $themename) {
$error = tc_grep($matches[0][$count], $php_key);
if ($matches[1][$count] === 'twentyten' || $matches[1][$count] === 'twentyeleven') {
$this->error[] = sprintf('<span class=\'tc-lead tc-recommended\'>' . __('RECOMMENDED', 'theme-check') . '</span>: ' . __('Text domain problems in <strong>%1$s</strong>. The %2$s text domain is being used!%3$s', 'theme-check'), $filename, $matches[1][$count], $error);
} else {
if (defined('TC_TEST') && strpos(strtolower($themename), $matches[1][$count]) === false) {
$error = tc_grep($matches[0][$count], $php_key);
$this->error[] = sprintf('<span class=\'tc-lead tc-recommended\'>' . __('RECOMMENDED', 'theme-check') . '</span>: ' . __('Text domain problems in <strong>%1$s</strong>. %2$s You are using: <strong>%3$s</strong>%4$s', 'theme-check'), $filename, $check, $matches[1][$count], $error);
}
}
}
$count++;
}
//end while
}
}
}
return $ret;
}
function check($php_files, $css_files, $other_files)
{
$ret = true;
$error = '';
checkcount();
// make sure the tokenizer is available
if (!function_exists('token_get_all')) {
return true;
}
foreach ($php_files as $php_key => $phpfile) {
$error = '';
$stmts = array();
foreach (array('_e(', '__(', '_e (', '__ (') as $finder) {
$search = $phpfile;
while (($pos = strpos($search, $finder)) !== false) {
$search = substr($search, $pos);
$open = 1;
$i = strpos($search, '(') + 1;
while ($open > 0) {
switch ($search[$i]) {
case '(':
$open++;
break;
case ')':
$open--;
break;
}
$i++;
}
$stmts[] = substr($search, 0, $i);
$search = substr($search, $i);
}
}
foreach ($stmts as $match) {
$tokens = @token_get_all('<?php ' . $match . ';');
if (!empty($tokens)) {
foreach ($tokens as $token) {
if (is_array($token) && in_array($token[0], array(T_VARIABLE))) {
$filename = tc_filename($php_key);
$grep = tc_grep(ltrim($match), $php_key);
preg_match('/[^\\s]*\\s[0-9]+/', $grep, $line);
$error = '';
if (isset($line[0])) {
$error = !strpos($error, $line[0]) ? $grep : '';
}
$this->error[] = sprintf('<span class="tc-lead tc-recommended">' . __('RECOMMENDED', 'theme-check') . '</span>: ' . __('Possible variable %1$s found in translation function in %2$s. Translation function calls must NOT contain PHP variables. %3$s', 'theme-check'), '<strong>' . $token[1] . '</strong>', '<strong>' . $filename . '</strong>', $error);
break;
// stop looking at the tokens on this line once a variable is found
}
}
}
}
}
return $ret;
}
public function doCheck($php_files, $php_files_filtered, $css_files, $other_files)
{
$this->errorLevel = ERRORLEVEL_SUCCESS;
foreach ($php_files as $php_key => $phpfile) {
if (preg_match('/[\\s|]' . $this->code[0] . '/', $phpfile, $matches)) {
$filename = tc_filename($php_key);
$error = ltrim(rtrim($matches[0], '('));
$grep = tc_grep($error, $php_key);
$this->messages[] = __all('Constant <strong>%1$s</strong> was found in the file <strong>%2$s</strong>. Use <strong>%3$s</strong> instead. %4$s', $error, $filename, $this->code[1], $grep);
$this->errorLevel = $this->threatLevel;
}
}
}
public function doCheck($php_files, $php_files_filtered, $css_files, $other_files)
{
$this->errorLevel = ERRORLEVEL_SUCCESS;
foreach ($php_files as $php_key => $phpfile) {
if (preg_match($this->code, $phpfile, $matches)) {
$filename = tc_filename($php_key);
$error = ltrim(rtrim($matches[0], '('));
$grep = tc_grep($error, $php_key);
$this->messages[] = __all('File <strong>%1$s</strong> : %2$s', $filename, $grep);
$this->errorLevel = $this->threatLevel;
}
}
}
public function doCheck($php_files, $php_files_filtered, $css_files, $other_files)
{
$this->errorLevel = ERRORLEVEL_SUCCESS;
$key = $this->code[0];
$key_instead = $this->code[1];
$key_version = $this->code[2];
foreach ($php_files as $php_key => $phpfile) {
if (preg_match('/[\\s|]' . $key . '/', $phpfile, $matches)) {
$filename = tc_filename($php_key);
$error = ltrim(rtrim($matches[0], '('));
$grep = tc_grep($error, $php_key);
$this->messages[] = __all('<strong>%1$s</strong> found in file <strong>%2$s</strong>. Deprecated since version <strong>%3$s</strong>. Use <strong>%4$s</strong> instead.%5$s', $error, $filename, $key_version, $key_instead, $grep);
$this->errorLevel = ERRORLEVEL_CRITICAL;
}
}
}
function check($php_files, $css_files, $other_files)
{
$ret = true;
$checks = array('STYLESHEETPATH' => 'get_stylesheet_directory()', 'TEMPLATEPATH' => 'get_template_directory()', 'PLUGINDIR' => 'WP_PLUGIN_DIR', 'MUPLUGINDIR' => 'WPMU_PLUGIN_DIR');
foreach ($php_files as $php_key => $phpfile) {
foreach ($checks as $key => $check) {
checkcount();
if (preg_match('/[\\s|]' . $key . '/', $phpfile, $matches)) {
$filename = tc_filename($php_key);
$error = ltrim(rtrim($matches[0], '('));
$grep = tc_grep($error, $php_key);
$this->error[] = sprintf('<span class="tc-lead tc-recommended">' . __('RECOMMENDED', 'theme-check') . '</span>: ' . __('%1$s was found in the file %2$s. Use %3$s instead.%4$s', 'theme-check'), '<strong>' . $error . '</strong>', '<strong>' . $filename . '</strong>', '<strong>' . $check . '</strong>', $grep);
}
}
}
return $ret;
}
function check($php_files, $css_files, $other_files)
{
$ret = true;
$checks = array('get_bloginfo\\(\\s?("|\')home("|\')\\s?\\)' => 'home_url()', 'bloginfo\\(\\s?("|\')home("|\')\\s?\\)' => 'echo home_url()');
foreach ($php_files as $php_key => $phpfile) {
foreach ($checks as $key => $check) {
checkcount();
if (preg_match('/[\\s|]' . $key . '/', $phpfile, $matches)) {
$filename = tc_filename($php_key);
$error = ltrim(rtrim($matches[0], '('));
$grep = tc_grep($error, $php_key);
$this->error[] = sprintf(__('<span class="tc-lead tc-required">REQUIRED</span>: <strong>%1$s</strong> was found in the file <strong>%2$s</strong>. Use <strong>%3$s</strong> instead.%4$s', 'themecheck'), $error, $filename, $check, $grep);
$ret = false;
}
}
}
return $ret;
}
function check($php_files, $css_files, $other_files)
{
$ret = true;
$checks = array('/[\\s|]get_bloginfo\\(\\s?("|\')url("|\')\\s?\\)/' => 'home_url()', '/[\\s|]get_bloginfo\\(\\s?("|\')wpurl("|\')\\s?\\)/' => 'site_url()', '/[\\s|]get_bloginfo\\(\\s?("|\')stylesheet_directory("|\')\\s?\\)/' => 'get_stylesheet_directory_uri()', '/[\\s|]get_bloginfo\\(\\s?("|\')template_directory("|\')\\s?\\)/' => 'get_template_directory_uri()', '/[\\s|]get_bloginfo\\(\\s?("|\')template_url("|\')\\s?\\)/' => 'get_template_directory_uri()', '/[\\s|]get_bloginfo\\(\\s?("|\')text_direction("|\')\\s?\\)/' => 'is_rtl()', '/[\\s|]get_bloginfo\\(\\s?("|\')feed_url("|\')\\s?\\)/' => 'get_feed_link( \'feed\' ) (where feed is rss, rss2, atom)', '/[\\s|]bloginfo\\(\\s?("|\')url("|\')\\s?\\)/' => 'echo home_url()', '/[\\s|]bloginfo\\(\\s?("|\')wpurl("|\')\\s?\\)/' => 'echo site_url()', '/[\\s|]bloginfo\\(\\s?("|\')stylesheet_directory("|\')\\s?\\)/' => 'get_stylesheet_directory_uri()', '/[\\s|]bloginfo\\(\\s?("|\')template_directory("|\')\\s?\\)/' => 'get_template_directory_uri()', '/[\\s|]bloginfo\\(\\s?("|\')template_url("|\')\\s?\\)/' => 'get_template_directory_uri()', '/[\\s|]bloginfo\\(\\s?("|\')text_direction("|\')\\s?\\)/' => 'is_rtl()', '/[\\s|]bloginfo\\(\\s?("|\')feed_url("|\')\\s?\\)/' => 'get_feed_link( \'feed\' ) (where feed is rss, rss2, atom)');
foreach ($php_files as $php_key => $phpfile) {
foreach ($checks as $key => $check) {
checkcount();
if (preg_match($key, $phpfile, $matches)) {
$filename = tc_filename($php_key);
$matches[0] = str_replace(array('"', "'"), '', $matches[0]);
$error = trim(esc_html(rtrim($matches[0], '(')));
$grep = tc_grep(rtrim($matches[0], '('), $php_key);
$this->error[] = "<span class='tc-lead tc-recommended'>RECOMMENDED</span>: <strong>{$error}</strong> was found in the file <strong>{$filename}</strong>. Use <strong>{$check}</strong> instead.{$grep}";
}
}
}
return $ret;
}
public function doCheck($php_files, $php_files_filtered, $css_files, $other_files)
{
$this->errorLevel = ERRORLEVEL_SUCCESS;
$key = $this->code[0];
$key_instead = $this->code[1];
$deprecatedSinceVersion = $this->code[2];
foreach ($php_files_filtered as $php_key => $phpfile) {
if (strpos($phpfile, $key) !== false) {
if (preg_match('/[\\s]+' . $key . '[\\s-]*\\(/', $phpfile, $matches)) {
$filename = tc_filename($php_key);
$error = ltrim(rtrim($matches[0], '('));
$grep = tc_grep($error, $php_key);
$this->messages[] = __all('<strong>%1$s</strong> found in file <strong>%2$s</strong>. Deprecated since version <strong>%3$s</strong>. Use <strong>%4$s</strong> instead.%5$s', $error, $filename, $deprecatedSinceVersion, htmlspecialchars($key_instead), $grep);
$this->errorLevel = $this->threatLevel;
}
}
}
}
function check($php_files, $css_files, $other_files)
{
$ret = true;
$checks = array('/<(iframe)[^>]*>/' => __('iframes are sometimes used to load unwanted adverts and code on your site', 'theme-check'));
foreach ($php_files as $php_key => $phpfile) {
foreach ($checks as $key => $check) {
checkcount();
if (preg_match($key, $phpfile, $matches)) {
$filename = tc_filename($php_key);
$error = ltrim($matches[1], '(');
$error = rtrim($error, '(');
$grep = tc_grep($error, $php_key);
$this->error[] = sprintf('<span class="tc-lead tc-info">' . __('INFO', 'theme-check') . '</span>: ' . __('<strong>%1$s</strong> was found in the file <strong>%2$s</strong> %3$s.%4$s', 'theme-check'), $error, $filename, $check, $grep);
}
}
}
return $ret;
}
function check($php_files, $css_files, $other_files)
{
$ret = true;
$checks = array('STYLESHEETPATH' => 'get_stylesheet_directory()', 'TEMPLATEPATH' => 'get_template_directory()', 'PLUGINDIR' => 'WP_PLUGIN_DIR', 'MUPLUGINDIR' => 'WPMU_PLUGIN_DIR', 'HEADER_IMAGE' => 'add_theme_support( \'custom-header\' )', 'NO_HEADER_TEXT' => 'add_theme_support( \'custom-header\' )', 'HEADER_TEXTCOLOR' => 'add_theme_support( \'custom-header\' )', 'HEADER_IMAGE_WIDTH' => 'add_theme_support( \'custom-header\' )', 'HEADER_IMAGE_HEIGHT' => 'add_theme_support( \'custom-header\' )', 'BACKGROUND_COLOR' => 'add_theme_support( \'custom-background\' )', 'BACKGROUND_IMAGE' => 'add_theme_support( \'custom-background\' )');
foreach ($php_files as $php_key => $phpfile) {
foreach ($checks as $key => $check) {
checkcount();
if (preg_match('/[\\s|\'|\\"]' . $key . '(?:\'|"|;|\\s)/', $phpfile, $matches)) {
$filename = tc_filename($php_key);
$error = ltrim(rtrim($matches[0], '('), '\'"');
$grep = tc_grep($error, $php_key);
$this->error[] = sprintf('<span class="tc-lead tc-required">' . __('REQUIRED', 'theme-check') . '</span>: ' . __('%1$s was found in the file %2$s. Use %3$s instead.%4$s', 'theme-check'), '<strong>' . $error . '</strong>', '<strong>' . $filename . '</strong>', '<strong>' . $check . '</strong>', $grep);
$ret = false;
}
}
}
return $ret;
}
function check($php_files, $css_files, $other_files)
{
$ret = true;
$checks = array('/[\\s|]get_bloginfo\\(\\s?("|\')url("|\')\\s?\\)/' => 'home_url()', '/[\\s|]get_bloginfo\\(\\s?("|\')wpurl("|\')\\s?\\)/' => 'site_url()', '/[\\s|]get_bloginfo\\(\\s?("|\')stylesheet_directory("|\')\\s?\\)/' => 'get_stylesheet_directory_uri()', '/[\\s|]get_bloginfo\\(\\s?("|\')template_directory("|\')\\s?\\)/' => 'get_template_directory_uri()', '/[\\s|]get_bloginfo\\(\\s?("|\')template_url("|\')\\s?\\)/' => 'get_template_directory_uri()', '/[\\s|]get_bloginfo\\(\\s?("|\')text_direction("|\')\\s?\\)/' => 'is_rtl()', '/[\\s|]get_bloginfo\\(\\s?("|\')feed_url("|\')\\s?\\)/' => 'get_feed_link( \'feed\' ) (feed = rss, rss2, atom)', '/[\\s|]bloginfo\\(\\s?("|\')url("|\')\\s?\\)/' => 'echo home_url()', '/[\\s|]bloginfo\\(\\s?("|\')wpurl("|\')\\s?\\)/' => 'echo site_url()', '/[\\s|]bloginfo\\(\\s?("|\')stylesheet_directory("|\')\\s?\\)/' => 'get_stylesheet_directory_uri()', '/[\\s|]bloginfo\\(\\s?("|\')template_directory("|\')\\s?\\)/' => 'get_template_directory_uri()', '/[\\s|]bloginfo\\(\\s?("|\')template_url("|\')\\s?\\)/' => 'get_template_directory_uri()', '/[\\s|]bloginfo\\(\\s?("|\')text_direction("|\')\\s?\\)/' => 'is_rtl()', '/[\\s|]bloginfo\\(\\s?("|\')feed_url("|\')\\s?\\)/' => 'get_feed_link( \'feed\' ) (feed = rss, rss2, atom)');
foreach ($php_files as $php_key => $phpfile) {
foreach ($checks as $key => $check) {
checkcount();
if (preg_match($key, $phpfile, $matches)) {
$filename = tc_filename($php_key);
$matches[0] = str_replace(array('"', "'"), '', $matches[0]);
$error = trim(esc_html(rtrim($matches[0], '(')));
$grep = tc_grep(rtrim($matches[0], '('), $php_key);
$this->error[] = sprintf('<span class="tc-lead tc-recommended">' . __('RECOMMENDED', 'theme-check') . '</span>: ' . __('%1$s was found in the file %2$s. Use %3$s instead.%4$s', 'theme-check'), '<strong>' . $error . '</strong>', '<strong>' . $filename . '</strong>', '<strong>' . $check . '</strong>', $grep);
}
}
}
return $ret;
}
function check($php_files, $css_files, $other_files)
{
$ret = true;
$checks = array('/<(iframe)[^>]*>/' => __('iframes are sometimes used to load unwanted adverts and code on your site', 'themecheck'));
foreach ($php_files as $php_key => $phpfile) {
foreach ($checks as $key => $check) {
checkcount();
if (preg_match($key, $phpfile, $matches)) {
$filename = tc_filename($php_key);
$error = ltrim($matches[1], '(');
$error = rtrim($error, '(');
$grep = tc_grep($error, $php_key);
$this->error[] = "<span class='tc-lead tc-info'>INFO</span>: <strong>{$error}</strong> was found in the file <strong>{$filename}</strong> {$check}.{$grep}";
}
}
}
return $ret;
}
function check($php_files, $css_files, $other_files)
{
$ret = true;
$checks = array('/\\s?get_option\\(\\s?("|\')home("|\')\\s?\\)/' => 'home_url()', '/\\s?get_option\\(\\s?("|\')site_url("|\')\\s?\\)/' => 'site_url()');
foreach ($php_files as $php_key => $phpfile) {
foreach ($checks as $key => $check) {
checkcount();
if (preg_match($key, $phpfile, $matches)) {
$filename = tc_filename($php_key);
$matches[0] = str_replace(array('"', "'"), '', $matches[0]);
$error = esc_html(rtrim($matches[0], '('));
$grep = tc_grep(rtrim($matches[0], '('), $php_key);
$this->error[] = sprintf('<span class="tc-lead tc-required">' . __('REQUIRED', 'theme-check') . '</span>: ' . __('%1$s was found in the file %2$s. Use %3$s instead.%4$s', 'theme-check'), '<strong>' . $error . '</strong>', '<strong>' . $filename . '</strong>', '<strong>' . $check . '</strong>', $grep);
$ret = false;
}
}
}
return $ret;
}
function check($php_files, $css_files, $other_files)
{
$ret = true;
$php_files = array_merge($php_files, $other_files);
$checks = array('/wshell\\.php/' => __('This may be a script used by hackers to get control of your server!', 'theme-check'), '/ShellBOT/' => __('This may be a script used by hackers to get control of your server', 'theme-check'), '/uname -a/' => __('Tells a hacker what operating system your server is running', 'theme-check'), '/php \\$[a-zA-Z]*=\'as\';/' => __('Symptom of the "Pharma Hack" <a href="http://blog.sucuri.net/2010/07/understanding-and-cleaning-the-pharma-hack-on-wordpress.html">[1]</a>', 'theme-check'), '/defined?\\(\'wp_class_support/' => __('Symptom of the "Pharma Hack" <a href="http://blog.sucuri.net/2010/07/understanding-and-cleaning-the-pharma-hack-on-wordpress.html">[1]</a>', 'theme-check'));
foreach ($php_files as $php_key => $phpfile) {
foreach ($checks as $key => $check) {
checkcount();
if (preg_match($key, $phpfile, $matches)) {
$filename = tc_filename($php_key);
$error = $matches[0];
$grep = tc_grep($error, $php_key);
$this->error[] = sprintf('<span class="tc-lead tc-warning">' . __('WARNING', 'theme-check') . '</span>: <strong>%1$s</strong> %2$s%3$s', $filename, $check, $grep);
$ret = false;
}
}
}
return $ret;
}
function check($php_files, $css_files, $other_files)
{
$ret = true;
$checks = array('/\\s?get_option\\(\\s?("|\')home("|\')\\s?\\)/' => 'home_url()', '/\\s?get_option\\(\\s?("|\')site_url("|\')\\s?\\)/' => 'site_url()');
foreach ($php_files as $php_key => $phpfile) {
foreach ($checks as $key => $check) {
checkcount();
if (preg_match($key, $phpfile, $matches)) {
$filename = tc_filename($php_key);
$matches[0] = str_replace(array('"', "'"), '', $matches[0]);
$error = esc_html(rtrim($matches[0], '('));
$grep = tc_grep(rtrim($matches[0], '('), $php_key);
$this->error[] = "<span class='tc-lead tc-required'>REQUIRED</span>: <strong>{$error}</strong> was found in the file <strong>{$filename}</strong>. Use <strong>{$check}</strong> instead.{$grep}";
$ret = false;
}
}
}
return $ret;
}
function check($php_files, $css_files, $other_files)
{
$ret = true;
$checks = array();
foreach ($php_files as $php_key => $phpfile) {
foreach ($checks as $key => $check) {
checkcount();
if (preg_match($key, $phpfile, $matches)) {
$filename = tc_filename($php_key);
$matches[0] = str_replace(array('"', "'"), '', $matches[0]);
$error = esc_html(rtrim($matches[0], '('));
$grep = tc_grep(rtrim($matches[0], '('), $php_key);
$this->error[] = sprintf(__('<span class="tc-lead tc-required">REQUIRED</span>: <strong>%1$s</strong> was found in the file <strong>%2$s</strong>. Use <strong>%3$s</strong> instead.%4$s', 'themecheck'), $error, $filename, $check, $grep);
$ret = false;
}
}
}
return $ret;
}
public function doCheck($php_files, $php_files_filtered, $css_files, $other_files)
{
$this->errorLevel = ERRORLEVEL_SUCCESS;
$php = implode(' ', $php_files);
$css = implode(' ', $css_files);
foreach ($php_files as $php_key => $phpfile) {
if (preg_match($this->code, $phpfile, $matches)) {
if (!strpos($php, 'get_post_format') && !strpos($php, 'has_post_format')) {
$css_found = !strpos($css, '.format') ? ", and no use of formats in the CSS was detected" : "";
$filename = tc_filename($php_key);
$matches[0] = str_replace(array('"', "'"), '', $matches[0]);
$error = esc_html(rtrim($matches[0], '('));
$grep = tc_grep(rtrim($matches[0], '('), $php_key);
$this->messages[] = __all('<strong>add_theme_support()</strong> was found in the file <strong>%1$s</strong>. However get_post_format and/or has_post_format were not found%2$s.', $filename, $css_found);
$this->errorLevel = $this->threatLevel;
}
}
}
}
function check($php_files, $css_files, $other_files)
{
$ret = true;
$php_files = array_merge($php_files, $other_files);
$checks = array('/wshell\\.php/' => __('This may be a script used by hackers to get control of your server!', 'theme-check'), '/ShellBOT/' => __('This may be a script used by hackers to get control of your server', 'theme-check'), '/uname -a/' => __('Tells a hacker what operating system your server is running', 'theme-check'), '/YW55cmVzdWx0cy5uZXQ=/' => __('base64 encoded text found in Search Engine Redirect hack <a href="http://blogbuildingu.com/wordpress/wordpress-search-engine-redirect-hack">[1]</a>', 'theme-check'), '/\\$_COOKIE\\[\'yahg\'\\]/' => __('YAHG Googlerank.info exploit code <a href="http://creativebriefing.com/wordpress-hacked-googlerankinfo/">[1]</a>', 'theme-check'), '/ekibastos/' => __('Possible Ekibastos attack <a href="http://ocaoimh.ie/did-your-wordpress-site-get-hacked/">[1]</a>', 'theme-check'), '/<script>\\/\\*(GNU GPL|LGPL)\\*\\/ try\\{window.onload.+catch\\(e\\) \\{\\}<\\/script>/' => __('Possible "Gumblar" JavaScript attack <a href="http://threatinfo.trendmicro.com/vinfo/articles/securityarticles.asp?xmlfile=042710-GUMBLAR.xml">[1]</a> <a href="http://justcoded.com/article/gumblar-family-virus-removal-tool/">[2]</a>', 'theme-check'), '/php \\$[a-zA-Z]*=\'as\';/' => __('Symptom of the "Pharma Hack" <a href="http://blog.sucuri.net/2010/07/understanding-and-cleaning-the-pharma-hack-on-wordpress.html">[1]</a>', 'theme-check'), '/defined?\\(\'wp_class_support/' => __('Symptom of the "Pharma Hack" <a href="http://blog.sucuri.net/2010/07/understanding-and-cleaning-the-pharma-hack-on-wordpress.html">[1]</a>', 'theme-check'), '/AGiT3NiT3NiT3fUQKxJvI/' => __('Malicious footer code injection detected!', 'theme-check'));
foreach ($php_files as $php_key => $phpfile) {
foreach ($checks as $key => $check) {
checkcount();
if (preg_match($key, $phpfile, $matches)) {
$filename = tc_filename($php_key);
$error = $matches[0];
$grep = tc_grep($error, $php_key);
$this->error[] = sprintf('<span class="tc-lead tc-warning">' . __('WARNING', 'theme-check') . '</span>: <strong>%1$s</strong> %2$s%3$s', $filename, $check, $grep);
$ret = false;
}
}
}
return $ret;
}
function check($php_files, $css_files, $other_files)
{
$ret = true;
$checks = array('/[^a-z0-9](?<!_)(curl_exec|curl_init|fsockopen|pfsockopen)\\s?\\(/' => __('possible file operations', 'themecheck'));
foreach ($php_files as $php_key => $phpfile) {
foreach ($checks as $key => $check) {
checkcount();
if (preg_match_all($key, $phpfile, $matches)) {
$filename = tc_filename($php_key);
foreach ($matches[1] as $match) {
$error = ltrim($match, '(');
$error = rtrim($error, '(');
$grep = tc_grep($error, $php_key);
$this->error[] = sprintf(__('<span class="tc-lead tc-warning">WARNING</span>: <strong>%1$s</strong> was found in the file <strong>%2$s</strong> %3$s.%4$s', 'themecheck'), $error, $filename, $check, $grep);
$ret = false;
}
}
}
}
return $ret;
}
function check($php_files, $css_files, $other_files)
{
$ret = true;
$checks = array('/[^a-z0-9](?<!_)(file_get_contents|curl_exec|curl_init|readfile|fopen|fsockopen|pfsockopen|fclose|fread|fwrite|file_put_contents)\\s?\\(/' => __('possible file operations', 'themecheck'));
foreach ($php_files as $php_key => $phpfile) {
foreach ($checks as $key => $check) {
checkcount();
if (preg_match_all($key, $phpfile, $matches)) {
$filename = tc_filename($php_key);
foreach ($matches[1] as $match) {
$error = ltrim($match, '(');
$error = rtrim($error, '(');
$grep = tc_grep($error, $php_key);
$this->error[] = "<span class='tc-lead tc-warning'>WARNING</span>: <strong>{$error}</strong> was found in the file <strong>{$filename}</strong> {$check}.{$grep}";
$ret = false;
}
}
}
}
return $ret;
}
function check($php_files, $css_files, $other_files)
{
$ret = true;
$checks = array('/[^a-z0-9](?<!_)(file_get_contents|curl_exec|curl_init|readfile|fopen|fsockopen|pfsockopen|fclose|fread|fwrite|file_put_contents)\\s?\\(/' => __('File operations should use the WP_Filesystem methods instead of direct PHP filesystem calls', 'theme-check'));
foreach ($php_files as $php_key => $phpfile) {
foreach ($checks as $key => $check) {
checkcount();
if (preg_match_all($key, $phpfile, $matches)) {
$filename = tc_filename($php_key);
foreach ($matches[1] as $match) {
$error = ltrim($match, '(');
$error = rtrim($error, '(');
$grep = tc_grep($error, $php_key);
$this->error[] = sprintf('<span class="tc-lead tc-warning">' . __('WARNING', 'theme-check') . '</span>: ' . __('<strong>%1$s</strong> was found in the file <strong>%2$s</strong> %3$s.%4$s', 'theme-check'), $error, $filename, $check, $grep);
$ret = false;
}
}
}
}
return $ret;
}
function check($php_files, $css_files, $other_files)
{
$ret = true;
$checks = array('get_bloginfo' => array('home' => 'home_url()', 'url' => 'home_url()', 'wpurl' => 'site_url()', 'stylesheet_directory' => 'get_stylesheet_directory_uri()', 'template_directory' => 'get_template_directory_uri()', 'template_url' => 'get_template_directory_uri()', 'text_direction' => 'is_rtl()', 'feed_url' => "get_feed_link( 'feed' ), where feed is rss, rss2 or atom"), 'bloginfo' => array('home' => 'echo esc_url( home_url() )', 'url' => 'echo esc_url( home_url() )', 'wpurl' => 'echo esc_url( site_url() )', 'stylesheet_directory' => 'echo esc_url( get_stylesheet_directory_uri() )', 'template_directory' => 'echo esc_url( get_template_directory_uri() )', 'template_url' => 'echo esc_url( get_template_directory_uri() )', 'text_direction' => 'is_rtl()', 'feed_url' => "echo esc_url( get_feed_link( 'feed' ) ), where feed is rss, rss2 or atom"), 'get_option' => array('home' => 'home_url()', 'site_url' => 'site_url()'));
foreach ($php_files as $php_key => $php_file) {
// Loop through all functions.
foreach ($checks as $function => $data) {
checkcount();
// Loop through the parameters and look for all function/parameter combinations.
foreach ($data as $parameter => $replacement) {
if (preg_match('/' . $function . '\\(\\s*("|\')' . $parameter . '("|\')\\s*\\)/', $php_file, $matches)) {
$filename = tc_filename($php_key);
$error = ltrim(rtrim($matches[0], '('));
$grep = tc_grep($error, $php_key);
$this->error[] = sprintf('<span class="tc-lead tc-required">' . __('REQUIRED', 'theme-check') . '</span>: ' . __('<strong>%1$s</strong> was found in the file <strong>%2$s</strong>. Use <strong>%3$s</strong> instead.%4$s', 'theme-check'), $error, $filename, $replacement, $grep);
$ret = false;
}
}
}
}
return $ret;
}
function check($php_files, $css_files, $other_files)
{
$grep = '';
$ret = true;
$checks = array(array('get_themes' => 'wp_get_themes()', '3.4'), array('get_theme' => 'wp_get_theme()', '3.4'), array('get_current_theme' => 'wp_get_theme()', '3.4'), array('clean_pre' => 'none available', '3.4'), array('add_custom_image_header' => 'add_theme_support( \'custom-header\', $args )', '3.4'), array('remove_custom_image_header' => 'remove_theme_support( \'custom-header\' )', '3.4'), array('add_custom_background' => 'add_theme_support( \'custom-background\', $args )', '3.4'), array('remove_custom_background' => 'remove_theme_support( \'custom-background\' )', '3.4'), array('get_theme_data' => 'wp_get_theme()', '3.4'), array('update_page_cache' => 'update_post_cache()', '3.4'), array('clean_page_cache' => 'clean_post_cache()', '3.4'), array('wp_explain_nonce' => 'wp_nonce_ays', '3.4.1'), array('sticky_class' => 'post_class()', '3.5'), array('_get_post_ancestors' => 'none', '3.5'), array('wp_load_image' => 'wp_get_image_editor()', '3.5'), array('image_resize' => 'wp_get_image_editor()', '3.5'), array('wp_get_single_post' => 'get_post()', '3.5'), array('user_pass_ok' => 'wp_authenticate()', '3.5'), array('_save_post_hook' => 'none', '3.5'), array('gd_edit_image_support' => 'wp_image_editor_supports', '3.5'), array('get_allowed_themes' => 'wp_get_themes( array( \'allowed\' => true ) )', '3.4'), array('get_broken_themes' => 'wp_get_themes( array( \'errors\' => true )', '3.4'), array('current_theme_info' => 'wp_get_theme()', '3.4'), array('_insert_into_post_button' => 'none', '3.5'), array('_media_button' => 'none', '3.5'), array('get_post_to_edit' => 'get_post()', '3.5'), array('get_default_page_to_edit' => 'get_default_post_to_edit()', '3.5'), array('wp_create_thumbnail' => 'image_resize()', '3.5'));
foreach ($php_files as $php_key => $phpfile) {
foreach ($checks as $alt => $check) {
checkcount();
$version = $check;
$key = key($check);
$alt = $check[$key];
if (preg_match('/[\\s?]' . $key . '\\(/', $phpfile, $matches)) {
$filename = tc_filename($php_key);
$error = ltrim(rtrim($matches[0], '('));
$version = $check[0];
$grep = tc_grep($error, $php_key);
$this->error[] = sprintf(__('<span class="tc-lead tc-recommended">RECOMMENDED</span>: <strong>%1$s</strong> found in the file <strong>%2$s</strong>. Deprecated since version <strong>%3$s</strong>. Use <strong>%4$s</strong> instead.%5$s', 'themecheck'), $error, $filename, $version, $alt, $grep);
}
}
}
return $ret;
}
