• I’m starting to think that themes.wordpress.net is not trustworthy. I downloaded a theme from there, (darkpad-10) and found a very suspicious “mint.php” file in the images directory. I can’t think of any legitimate reason to put an executable file in the images directory, except to hide it, so I decided to report it. But the report form is badly broken – it keeps telling me that my email address isn’t legitimate. I tried both my normal address and my gmail address, and got the same result. Plus you have to pick a category, even though none of the categories fit this particular report.

    I got burned a few weeks ago by downloading a theme that put spam in the footer of my blog, and I’m suspicious of any theme site, but since this one looks semi-official I was hoping it would be competently run. Evidently I am to be disappointed.

Viewing 9 replies - 1 through 9 (of 9 total)
  • I don’t believe you will find anything nefarious with the Theme Viewer.
    In fact if you do a little looking, you will find discussions that resulted in the removal of questionable themes from that site last summer/fall. That is, themes that did not fit well with the GPL spirit of WordPress. Themes containing encrypted contents and sponsored links are frowned upon in general and that resulted in the removal of those themes from themes.wordpress.net. (The Theme Viewer). A Google of “mint.php” yields some interesting possibilities.

    Here is a link to the author of DarkPad’s current site:

    https://www.gfxedit.com/category/themes/wordpress/page/2/

    There appears to be an active contact page, as well as comments. I think I would be tempted to drop him a line and ask him what function it serves in his theme.

    Best wishes!

    Thread Starter ptomblin

    (@ptomblin)

    I got the latest version from his web site (thanks Clayton) and it still has the mint.php file in images/.

    what’s in this mint.php file exactly? a Mojito recipe?

    I would contact him and ask what the purpose of mint.php is… and once a response is received, then address trust issue.

    Hungry, Ivovic?

    @ Ptomblin, I wonder if it has to do with the web site analytic tool, Mint, https://www.haveamint.com? I looked at the mint.php file and it has references to some VB script, outclicks, joesapt.net and this server path:
    /mint/pepper/andrewsutherland/outclicks/data.php

    FWIW, there’s also a lib.js file in that /images directory.

    Prolly some kind of click tracker is my guess. This code leads me to that conclusion:

    function outclicks_init () {
    	 links = document.getElementsByTagName('a');
    	 this_domain = "joesapt.net";
    	 for (i=0; i < links.length; i++) {
    		link = links[i].href.replace("www.","");
    		// if it is off domain or a js link, don't record.
    	if(link.match(eval('/^(http(s)?:\\/\\/)?'+this_domain+'/')) || links[i].href.indexOf('javascript:') != -1)
    			continue;
    		links[i].onclick = trackOutclicks;

    What would happen if you killed it?

    >Hungry, Ivovic?
    Thirsty more like it! Mojitos are delicious.

    Anyway, I’d say you’re spot-on there, Joni. It always pays to put the file in a text editor and see what’s going on.

    Thread Starter ptomblin

    (@ptomblin)

    I contacted the author and he said to just delete it, and he’s deleting it from the copy on his own web site as well. It evidently has something to do with that haveamint site.

    The other issue, as I mentioned at the top of this thread, is that themes.wordpress has a “Report” form that won’t work. I think that’s far more serious.

    That site’s been passed around from person to person like a hooker at a frat party. And while it had gathered some momentum late last year, it seems to have stalled out for good now. A site like that is a huge responsibility if your goal is to screen for quality themes and not just let everyone upload themes willy-nilly. A lot of people offered to help, but who knows how many of them were serious. It’s like your friends offering to help on moving day and then when that day comes, it’s just you and your borrowed truck and .. well you know how that goes. Grabbing a good theme is a crapshoot these days unless you are very familiar with the theme designer’s work. We have nearly a half a dozen themes we’ve created over the years but I’ve pulled all but two because I want to refine them and make sure they work well with WP 2.5.x and that they are all widgetized. ??

    …passed around from person to person like a hooker at a frat party. And while it had gathered some momentum late last year, it seems to have stalled out for good now. A site like that is a huge responsibility if your goal is to screen for quality themes and not just let everyone upload themes willy-nilly…

    ‘Gotta say I like your style…

    Talk about hitting a nail on the head!

    ??

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Just how much do you trust themes.wordpress.net?’ is closed to new replies.