theme overwrites other theme's function.php

  • Resolved veresdaniel

    (@veresdaniel)


    12 years, 10 months ago

    Hi,

    I have some (8-10) standalone wp sites, and started to integrate them to one wp multisite network after reading about this built in function.

    Everything seemed to be ok for a while, but when i completed to migrate the 4th or 5th site some others crashed.

    After a bit bug tracking i found that the last imported site did the issue (exactly the theme file of it), because some lines of it’s functions.php appended all other themes functions.php.

    It’s a free theme called tag magazine. [ Moderated: link redacted, please do not share that site here. ]

    I tried to search about this issue but found nothing. Can anyone help me or give some advice?

    How to find out extactly what makes this? I would like to use all of my sites in one network but dont know how can one theme’s functions.php append lines to others.

    I’m using 3.3.2 wp, nothing special plugins.

    This lines are appednded to all of my functions.php’s:

    [ 313 lines of code moderated. For more than 10 lines of code please use pastebin.com instead. ]

Viewing 5 replies - 1 through 5 (of 5 total)

  • Those lines are actually copied into the functions.php files of other themes? That seems like very bad behavior to me.

    Also the theme has lines like this in its functions.php:

    eval(str_rot13('shapgvba purpx_urnqre(){vs(!(shapgvba_rkvfgf("purpx_shapgvbaf")&&shapgvba_rkvfgf("purpx_s_sbbgre"))){rpub(\'Guvf gurzr vf eryrnfrq haqre perngvir pbzzbaf yvprapr, nyy yvaxf va gur sbbgre fubhyq erznva vagnpg\');qvr;}}'));

    That example is a Creative commons notice. Why you’d rot13 that I don’t know. Nonetheless, “Attempts at obfuscation” === “I don’t trust that theme”. That in itself is enough for me, but my distrust is justified by this (crudely un-rotted with a little code removed to get it under ten lines ?? ):

    `… $l=\’Designed by <a href=”https://www.utahmatch.com”>Utah personals</a></div>…
    <a href=”https://www.localhospitaljobs.com/hospital-jobs-in-miami-florida”>Miami Hospital Jobs</a>
    <a href=”https://www.meetlocalbikers.com”>Biker Personals</a>
    <a href=”https://www.certifiedpublicaccountants.com/”>Accountants</a&gt;\’…
    echo \’This theme is sponsored, all links in the footer should remain intact\’;die;}}check_footer();’));`

    Use it or not, your choice.

    Thread Starter veresdaniel

    (@veresdaniel)

    Thanks. Yes the lines quoted above are appended to all other themes functions.php. How can this happen?

    I did not know about the removed lines, but i’ll compare the files with the original ones…

    Thread Starter veresdaniel

    (@veresdaniel)

    Do you think that the modified footer can cause issues like this line appending thing?

    The code I found wouldn’t do it, but it isn’t that hard to do. WordPress itself has the ability to write files to the server, and edit them. That is how your image uploads work and how the built in code editor works, for example. Anything piggie-backed onto WordPress can do the same thing, subject to server file permission and other settings.

    I haven’t found any code in that theme that will write files so for the sake of fairness, the claim that this theme is doing it is still unproven. I also can’t find any of the function names from your original post, nor can I find a block of eval’ed or rotn’ed code large enough to hold that much text– not even close. I think you may need to look elsewhere for the problem.

    For this theme, the obfuscation is red flag enough for me though.

    Thread Starter veresdaniel

    (@veresdaniel)

    Issue fixed. The problem was with the following code:

    https://pastebin.com/HbcDc8sd

    I tred to register widgets in multisite environment the way i used to register them in standalone site. I think database operations caused the crash

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘theme overwrites other theme's function.php’ is closed to new replies.