Theme Authenticity Checker (TAC) - Version 1.4

Version Description

Download this release

Release Info

Developer builtBackwards
Plugin Icon wp plugin Theme Authenticity Checker (TAC)
Version 1.4
Comparing to
See all releases

Code changes from version 1.3 to 1.4

Files changed (3) hide show
  1. readme.txt +50 -21
  2. screenshot-1.jpg +0 -0
  3. tac.php +295 -269
readme.txt CHANGED
@@ -3,20 +3,22 @@ Contributors: builtBackwards
3
  Donate link: http://builtbackwards.com/donate
4
  Tags: themes, security, javascript, admin
5
  Requires at least: 2.2
6
- Tested up to: 2.6.2
7
- Stable tag: 1.3
8
 
9
  *Scan all of your theme files for potentially malicious or unwanted code.*
10
 
11
  == Description ==
12
  Scan all of your theme files for potentially malicious or unwanted code.
13
 
14
- **NEW STUFF IN TAC 1.3** [CHANGELOG](http://builtbackwards.com/projects/tac/ "CHANGELOG")
15
 
16
- * Compatible with WordPress 2.2 - 2.6.1
17
- * **NEW!** Checks for embedded Static Links
18
- * **NEW!** Direct links for editing suspicious files in the WordPress Theme Editor
19
 
 
 
 
 
20
 
21
  **History**
22
 
@@ -25,15 +27,6 @@ TAC got its start when we repeatedly found obfuscated malicious code in free Wor
25
  After Googling and exploring on our own we came upon the [article by Derek](http://5thirtyone.com/archives/870 "article by Derek") from 5thiryOne regarding this very subject. The deal is that many 3rd party websites are providing free Wordpress themes with encoded script slipped in - some even going as far as to claim that decoding the gibberish constitutes breaking copyright law. The encoded script may contain a variety of undesirable payloads, such as promoting third party sites or even hijack attempts.
26
 
27
 
28
- **What TAC Does**
29
-
30
- TAC stands for Theme Authenticity Checker. Currently, TAC searches the source files of every installed theme for signs of malicious code. If
31
- such code is found, TAC displays the path to the theme file, the line
32
- number, and a small snippet of the suspect code. As of **v1.3** *TAC* also searches for and displays static links.
33
-
34
- Then what do you do? Just because the code is there doesn't mean it's not supposed to be or even qualifies as a threat, but most theme authors don't include code outside of the Wordpress scope and have no reason to obfuscate the code they make freely available to the web. We recommend contacting the theme author with the code that the script finds, as well as where you downloaded the theme.
35
- But the real value of this Plugin is that you can quickly determine what and where code needs to be cleaned up.
36
-
37
  == Installation ==
38
 
39
  After downloading and extracting the latest version of TAC:
@@ -44,20 +37,56 @@ After downloading and extracting the latest version of TAC:
44
  4. The results of the scan will be displayed for each theme with the filename and line number of any threats.
45
  5. You can click on the path to the theme file to edit in the WordPress Theme Editor
46
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
47
  == Frequently Asked Questions ==
48
 
49
  = What if I find something? =
50
 
51
- Contact the theme's original author to double check if that section of code is supposed to be in the theme in the first place - chances are it shouldn't as there isn't a logical reason
52
- have base64 encoding in a theme.
53
-
54
- Static Links aren't necessarily bad, *TAC* just lists them so you can see where your theme is linking to.
55
 
56
  If something is malicious or simply unwanted, *TAC* tells you what file to edit, you can even just click on the file path to be taken straight to the WordPress Theme Editor.
57
 
 
 
 
 
58
  = What about future vulnerabilities? =
59
 
60
- As we find them we will add them to *TAC*. If you find one, PLEASE let us know: [Contact builtBackwards](http://builtbackwards.com/contact/ "Contact builtBackwards")
 
61
 
62
  == Screenshots ==
63
 
@@ -67,4 +96,4 @@ As we find them we will add them to *TAC*. If you find one, PLEASE let us know:
67
 
68
  Do your part by developing clean GPL compatible themes!
69
 
70
- The builtBackwards Team
3
  Donate link: http://builtbackwards.com/donate
4
  Tags: themes, security, javascript, admin
5
  Requires at least: 2.2
6
+ Tested up to: 2.8.6
7
+ Stable tag: 1.4
8
 
9
  *Scan all of your theme files for potentially malicious or unwanted code.*
10
 
11
  == Description ==
12
  Scan all of your theme files for potentially malicious or unwanted code.
13
 
14
+ **LONG AWAITED NEW VERSION: 1.4** [CHANGELOG](http://builtbackwards.com/projects/tac/ "CHANGELOG")
15
 
16
+ **What TAC Does**
 
 
17
 
18
+ TAC stands for Theme Authenticity Checker. Currently, TAC searches the source files of every installed theme for signs of malicious code. If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code. As of **v1.3** *TAC* also searches for and displays static links.
19
+
20
+ Then what do you do? Just because the code is there doesn't mean it's not supposed to be or even qualifies as a threat, but most theme authors don't include code outside of the Wordpress scope and have no reason to obfuscate the code they make freely available to the web. We recommend contacting the theme author with the code that the script finds, as well as where you downloaded the theme.
21
+ The real value of this plugin is that you can quickly determine where code cleanup is needed in order to safely enjoy your theme.
22
 
23
  **History**
24
 
27
  After Googling and exploring on our own we came upon the [article by Derek](http://5thirtyone.com/archives/870 "article by Derek") from 5thiryOne regarding this very subject. The deal is that many 3rd party websites are providing free Wordpress themes with encoded script slipped in - some even going as far as to claim that decoding the gibberish constitutes breaking copyright law. The encoded script may contain a variety of undesirable payloads, such as promoting third party sites or even hijack attempts.
28
 
29
 
 
 
 
 
 
 
 
 
 
30
  == Installation ==
31
 
32
  After downloading and extracting the latest version of TAC:
37
  4. The results of the scan will be displayed for each theme with the filename and line number of any threats.
38
  5. You can click on the path to the theme file to edit in the WordPress Theme Editor
39
 
40
+ == Changelog ==
41
+
42
+ **Version 1.4**
43
+
44
+ * Compatible with WordPress 2.8!
45
+ * Tested in Firefox 3.0.11 and Internet Explorer 8
46
+ * JavaScript hiding/showing of theme details
47
+
48
+ **Version 1.3 (Fixes + New Feature)**
49
+
50
+ * Changed title to “Theme Authenticity Checker”, same acronym, makes more sense
51
+ * Compatible with WordPress 2.2 - 2.6.1
52
+ * NEW! Checks for embedded Static Links
53
+ * NEW! Direct links for editing suspicious files in the WordPress Theme Editor
54
+ * Improved the CSS
55
+ * Uses its own function to get theme file paths
56
+
57
+ **Version 1.2 (Fixes)**
58
+
59
+ * Band-aid fixes to theme file paths that were altered by the update to get_themes() in Wordpress 2.6
60
+ * This release is only compatible with Wordpress 2.6
61
+
62
+ **Version 1.1 (Fixes)**
63
+
64
+ * Style sheet doesn’t explode any more when certain threats are detected
65
+ * Modified code snippet output to prevent interfering with page structure
66
+ * Improved styling for slightly more appealing output
67
+
68
+ **Version 1.0 (First Release)**
69
+
70
+ * This is the initial release of TAC.
71
+
72
+
73
+
74
  == Frequently Asked Questions ==
75
 
76
  = What if I find something? =
77
 
78
+ Contact the theme's original author to double check if that section of code is supposed to be in the theme in the first place - chances are it shouldn't as there isn't a logical reason have obfuscated code in a theme.
 
 
 
79
 
80
  If something is malicious or simply unwanted, *TAC* tells you what file to edit, you can even just click on the file path to be taken straight to the WordPress Theme Editor.
81
 
82
+ = Why does TAC list static links? =
83
+
84
+ First of all, static links aren't necessarily bad, *TAC* just lists them so you can quickly see where your theme is linking to.
85
+
86
  = What about future vulnerabilities? =
87
 
88
+ As we find them we will add them to *TAC*. If you find one, PLEASE let us know:
89
+ [Contact builtBackwards](http://builtbackwards.com/contact/ "Contact builtBackwards") or post in the [WordPress.org Forum](http://wordpress.org/tags/tac "WordPress.org Forum")
90
 
91
  == Screenshots ==
92
 
96
 
97
  Do your part by developing clean GPL compatible themes!
98
 
99
+ *builtBackwards*
screenshot-1.jpg CHANGED
Binary file
tac.php CHANGED
@@ -1,269 +1,295 @@
1
- <?php
2
- /*
3
- Plugin Name: TAC (Theme Authenticity Checker)
4
- Plugin URI: http://builtbackwards.com/projects/tac/
5
- Description: TAC scans all of your theme files for potentially malicious and unwanted code.
6
- Author: builtBackwards
7
- Version: 1.3
8
- Author URI: http://builtbackwards.com/
9
- */
10
-
11
- /* Copyright 2008 builtBackwards (William Langford and Sam Leavens) - (email : contact@builtbackwards.com)
12
-
13
- This program is free software; you can redistribute it and/or modify
14
- it under the terms of the GNU General Public License as published by
15
- the Free Software Foundation; either version 2 of the License, or
16
- (at your option) any later version.
17
-
18
- This program is distributed in the hope that it will be useful,
19
- but WITHOUT ANY WARRANTY; without even the implied warranty of
20
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21
- GNU General Public License for more details.
22
-
23
- You should have received a copy of the GNU General Public License
24
- along with this program; if not, write to the Free Software
25
- Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
26
- */
27
-
28
- // Check the theme
29
- function tac_check_theme($template_files, $theme_title) {
30
- foreach ($template_files as $tfile)
31
- {
32
- /*
33
- * Check for base64 Encoding
34
- * Here we check every line of the file for base64 functions.
35
- *
36
- */
37
-
38
- $lines = file($tfile, FILE_IGNORE_NEW_LINES); // Read the theme file into an array
39
-
40
- $line_index = 0;
41
- $is_first = true;
42
- foreach($lines as $this_line)
43
- {
44
- if (stristr ($this_line, "base64")) // Check for any base64 functions
45
- {
46
- if ($is_first) {
47
- $the_result .= tac_make_edit_link($tfile, $theme_title);
48
- $is_first = false;
49
- }
50
- $the_result .= "<div class=\"tac-bad\"><strong>Line " . ($line_index+1) . ":</strong> \"" . trim(htmlspecialchars(substr(stristr($this_line, "base64"), 0, 45))) . "...\"</div>";
51
- }
52
- $line_index++;
53
- }
54
-
55
- /*
56
- * Check for Static Links
57
- * Here we utilize a regex to find HTML static links in the file.
58
- *
59
- */
60
-
61
- $file_string = file_get_contents($tfile);
62
-
63
- $url_re='([[:alnum:]\-\.])+(\\.)([[:alnum:]]){2,4}([[:blank:][:alnum:]\/\+\=\%\&\_\\\.\~\?\-]*)';
64
- $title_re='[[:blank:][:alnum:][:punct:]]*'; // 0 or more: any num, letter(upper/lower) or any punc symbol
65
- $space_re='(\\s*)';
66
-
67
- if (preg_match_all ("/(<a)(\\s+)(href".$space_re."=".$space_re."\"".$space_re."((http|https|ftp):\\/\\/)?)".$url_re."(\"".$space_re.$title_re.$space_re.">)".$title_re."(<\\/a>)/is", $file_string, $out, PREG_SET_ORDER))
68
- {
69
- $static_urls .= tac_make_edit_link($tfile, $theme_title);
70
-
71
- foreach( $out as $key ) {
72
- $static_urls .= "<div class=\"tac-ehh\">";
73
- $static_urls .= htmlspecialchars($key[0]);
74
- $static_urls .= "</div>";
75
- }
76
- }
77
- } // End for each file in template loop
78
-
79
- // Assemble the HTML results for the completed scan of the current theme
80
- if (!isset($the_result) && !isset($static_urls)) {
81
- return "<div class=\"tac-good-notice\">Theme Ok!</div>";
82
- } else {
83
- if(isset($the_result)) {
84
- $final_string = "<div class=\"tac-bad-notice\">Encrypted Code Found!</div>".$the_result."";
85
- } else {
86
- $final_string = "<div class=\"tac-good-notice\">Theme Ok!</div>";
87
- }
88
- if(isset($static_urls)) {
89
- $final_string .= "<div class=\"tac-ehh-notice\">Check these static link(s)...</div>".$static_urls;
90
- }
91
- return $final_string;
92
- }
93
- }
94
-
95
-
96
- function tac_make_edit_link($tfile, $theme_title) {
97
- // Assemble the HTML links for editing files with the built-in WP theme editor
98
-
99
- if ($GLOBALS['wp_version'] >= "2.6") {
100
- return "<div class=\"file-path\"><a href=\"theme-editor.php?file=/" . substr(stristr($tfile, "themes"), 0) . "&amp;theme=" . urlencode($theme_title) ."\">" . substr(stristr($tfile, "wp-content"), 0) ."</a></div>";
101
- } else {
102
- return "<div class=\"file-path\"><a href=\"theme-editor.php?file=" . substr(stristr($tfile, "wp-content"), 0) . "&amp;theme=" . urlencode($theme_title) ."\">" . substr(stristr($tfile, "wp-content"), 0) ."</a></div>";
103
- }
104
-
105
- }
106
-
107
- function tac_get_template_files($template) {
108
- // Scan through the template directory and add all php files to an array
109
-
110
- $theme_root = get_theme_root();
111
-
112
- $template_files = array();
113
- $template_dir = @ dir("$theme_root/$template");
114
- if ( $template_dir ) {
115
- while(($file = $template_dir->read()) !== false) {
116
- if ( !preg_match('|^\.+$|', $file) && preg_match('|\.php$|', $file) )
117
- $template_files[] = "$theme_root/$template/$file";
118
- }
119
- }
120
-
121
- return $template_files;
122
- }
123
-
124
- function tac_page() {
125
- if ( function_exists('add_submenu_page') )
126
- add_submenu_page('themes.php',__('TAC'), __('TAC'), '10', 'tac.php', 'tac');
127
- }
128
-
129
- function tac_init() {
130
- add_action('admin_menu', 'tac_page');
131
- }
132
-
133
- add_action('init', 'tac_init');
134
-
135
- function tac() {
136
- ?>
137
- <div class="wrap">
138
- <h2>
139
- <?php _e('TAC (Theme Authenticity Checker)'); ?>
140
- </h2>
141
- <div class="pinfo">
142
- TAC checks themes for malicious and potentially unwanted code.<br />For more info please go to the plugin page: <a href="http://builtbackwards.com/projects/tac/">http://builtbackwards.com/projects/tac/</a>
143
- </div>
144
- <?php
145
- $themes = get_themes();
146
- $theme_names = array_keys($themes);
147
- natcasesort($theme_names);
148
- foreach ($theme_names as $theme_name) {
149
- $template_files = tac_get_template_files($themes[$theme_name]['Template']);
150
- $title = $themes[$theme_name]['Title'];
151
- $version = $themes[$theme_name]['Version'];
152
- $author = $themes[$theme_name]['Author'];
153
- $screenshot = $themes[$theme_name]['Screenshot'];
154
- $stylesheet_dir = $themes[$theme_name]['Stylesheet Dir'];
155
- ?>
156
- <div id="tacthemes">
157
- <?php if ( $screenshot ) : ?>
158
- <img src="<?php echo get_option('siteurl') . '/wp-content' . str_replace('wp-content', '', $stylesheet_dir) . '/' . $screenshot; ?>" alt="" />
159
- <?php else : ?>
160
- <div class="tacnoimg">No Screenshot Found</div>
161
- <?php endif;
162
- ?>
163
- <div class="tacresults">
164
- <h3>
165
- <?php echo "$title $version by $author"; ?>
166
- </h3>
167
- <?php echo tac_check_theme($template_files, $title); ?>
168
- </div>
169
- </div>
170
- <?php
171
- }
172
- echo '</div>';
173
- }
174
-
175
- // CSS to format results of themes check
176
- function tac_css() {
177
- echo '
178
- <style type="text/css">
179
- <!--
180
- .tac-bad, .tac-ehh {
181
- border: 1px inset #000;
182
- width: 90%;
183
- margin-left: 10px;
184
- font-family: "Courier New", Courier, monospace;
185
- padding: 5px;
186
- margin-bottom: 10px;
187
- }
188
-
189
- .tac-bad {
190
- background: #FFC0CB;
191
- }
192
-
193
- .tac-ehh {
194
- background: #FFFEEB;
195
- }
196
-
197
- .tac-good-notice {
198
- width: 90px;
199
- background: #3fc33f;
200
- font-size: 120%;
201
- margin: 20px 10px 0px 0px;
202
- padding: 10px;
203
- border: 1px solid #000;
204
- }
205
-
206
- .tac-bad-notice {
207
- width: 185px;
208
- background: #FFC0CB;
209
- font-size: 120%;
210
- margin: 20px 10px 0px 0px;
211
- padding: 10px;
212
- border: 1px solid #000;
213
- }
214
-
215
- .tac-ehh-notice {
216
- width: 215px;
217
- background: #FFFEEB;
218
- font-size: 120%;
219
- margin: 20px 10px 0px 0px;
220
- padding: 10px;
221
- border: 1px solid #ccc;
222
- }
223
-
224
- .file-path {
225
- color: #666666;
226
- text-align: right;
227
- width: 92%;
228
- font-size: 12px;
229
- padding-top: 5px;
230
- }
231
-
232
- .file-path a {
233
- text-decoration: none;
234
- }
235
-
236
- .pinfo {
237
- background: #DCDCDC;
238
- margin: 5px;
239
- padding: 5px;
240
- margin-bottom: 40px;
241
- }
242
-
243
- #tacthemes {
244
- padding-bottom: 20px;
245
- border-bottom: 1px solid #ccc;
246
- margin: 10px;
247
- }
248
-
249
- #tacthemes img, .tacnoimg {
250
- float: left;
251
- width: 100px;
252
- height: 75px;
253
- border: 1px solid #000;
254
- margin: 10px 0px 10px 10px;
255
- text-align: center;
256
- font-size: 16px;
257
- color: #DCDCDC;
258
- }
259
-
260
- .tacresults {
261
- margin-left: 130px;
262
- }
263
- -->
264
- </style>
265
- ';
266
- }
267
-
268
- add_action('admin_head', 'tac_css');
269
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /*
3
+ Plugin Name: TAC (Theme Authenticity Checker)
4
+ Plugin URI: http://builtbackwards.com/projects/tac/
5
+ Description: TAC scans all of your theme files for potentially malicious or unwanted code.
6
+ Author: builtBackwards
7
+ Version: 1.4
8
+ Author URI: http://builtbackwards.com/
9
+ */
10
+
11
+ /* Copyright 2009 builtBackwards (William Langford and Sam Leavens) - (email : contact@builtbackwards.com)
12
+
13
+ This program is free software; you can redistribute it and/or modify
14
+ it under the terms of the GNU General Public License as published by
15
+ the Free Software Foundation; either version 2 of the License, or
16
+ (at your option) any later version.
17
+
18
+ This program is distributed in the hope that it will be useful,
19
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
20
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21
+ GNU General Public License for more details.
22
+
23
+ You should have received a copy of the GNU General Public License
24
+ along with this program; if not, write to the Free Software
25
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
26
+ */
27
+
28
+ function tac_check_theme($template_files, $theme_title) {
29
+ $static_count = 0;
30
+ foreach ($template_files as $tfile)
31
+ {
32
+ /*
33
+ * Check for base64 Encoding
34
+ * Here we check every line of the file for base64 functions.
35
+ *
36
+ */
37
+
38
+ $lines = file($tfile, FILE_IGNORE_NEW_LINES); // Read the theme file into an array
39
+
40
+ $line_index = 0;
41
+ $is_first = true;
42
+ foreach($lines as $this_line)
43
+ {
44
+ if (stristr ($this_line, "base64")) // Check for any base64 functions
45
+ {
46
+ if ($is_first) {
47
+ $bad_lines .= tac_make_edit_link($tfile, $theme_title);
48
+ $is_first = false;
49
+ }
50
+ $bad_lines .= "<div class=\"tac-bad\"><strong>Line " . ($line_index+1) . ":</strong> \"" . trim(htmlspecialchars(substr(stristr($this_line, "base64"), 0, 45))) . "...\"</div>";
51
+ }
52
+ $line_index++;
53
+ }
54
+
55
+ /*
56
+ * Check for Static Links
57
+ * Here we utilize a regex to find HTML static links in the file.
58
+ *
59
+ */
60
+
61
+ $file_string = file_get_contents($tfile);
62
+
63
+ $url_re='([[:alnum:]\-\.])+(\\.)([[:alnum:]]){2,4}([[:blank:][:alnum:]\/\+\=\%\&\_\\\.\~\?\-]*)';
64
+ $title_re='[[:blank:][:alnum:][:punct:]]*'; // 0 or more: any num, letter(upper/lower) or any punc symbol
65
+ $space_re='(\\s*)';
66
+
67
+ if (preg_match_all ("/(<a)(\\s+)(href".$space_re."=".$space_re."\"".$space_re."((http|https|ftp):\\/\\/)?)".$url_re."(\"".$space_re.$title_re.$space_re.">)".$title_re."(<\\/a>)/is", $file_string, $out, PREG_SET_ORDER))
68
+ {
69
+ $static_urls .= tac_make_edit_link($tfile, $theme_title);
70
+
71
+ foreach( $out as $key ) {
72
+ $static_urls .= "<div class=\"tac-ehh\">";
73
+ $static_urls .= htmlspecialchars($key[0]);
74
+ $static_urls .= "</div>";
75
+ $static_count++;
76
+ }
77
+ }
78
+ } // End for each file in template loop
79
+
80
+ // Assemble the HTML results for the completed scan of the current theme
81
+ if (!isset($bad_lines)) {
82
+ $summary = '<span class="tac-good-notice">Theme Ok!</span>';
83
+ } else {
84
+ $summary = '<span class="tac-bad-notice">Encrypted Code Found!</span>';
85
+ }
86
+ if(isset($static_urls)) {
87
+ $summary .= '<span class="tac-ehh-notice"><strong>'.$static_count.'</strong> Static Link(s) Found...</span>';
88
+ }
89
+
90
+ return array('summary' => $summary, 'bad_lines' => $bad_lines, 'static_urls' => $static_urls, 'static_count' => $static_count);
91
+
92
+ }
93
+
94
+
95
+ function tac_make_edit_link($tfile, $theme_title) {
96
+ // Assemble the HTML links for editing files with the built-in WP theme editor
97
+
98
+ if ($GLOBALS['wp_version'] >= "2.6") {
99
+ return "<div class=\"file-path\"><a href=\"theme-editor.php?file=/" . substr(stristr($tfile, "themes"), 0) . "&amp;theme=" . urlencode($theme_title) ."\">" . substr(stristr($tfile, "wp-content"), 0) . " [Edit]</a></div>";
100
+ } else {
101
+ return "<div class=\"file-path\"><a href=\"theme-editor.php?file=" . substr(stristr($tfile, "wp-content"), 0) . "&amp;theme=" . urlencode($theme_title) ."\">" . substr(stristr($tfile, "wp-content"), 0) ." [Edit]</a></div>";
102
+ }
103
+
104
+ }
105
+
106
+ function tac_get_template_files($template) {
107
+ // Scan through the template directory and add all php files to an array
108
+
109
+ $theme_root = get_theme_root();
110
+
111
+ $template_files = array();
112
+ $template_dir = @ dir("$theme_root/$template");
113
+ if ( $template_dir ) {
114
+ while(($file = $template_dir->read()) !== false) {
115
+ if ( !preg_match('|^\.+$|', $file) && preg_match('|\.php$|', $file) )
116
+ $template_files[] = "$theme_root/$template/$file";
117
+ }
118
+ }
119
+
120
+ return $template_files;
121
+ }
122
+
123
+ function tac_init() {
124
+ if ( function_exists('add_submenu_page') )
125
+ $page = add_submenu_page('themes.php',__('TAC'), __('TAC'), '10', 'tac.php', 'tac');
126
+ }
127
+
128
+ add_action('admin_menu', 'tac_init');
129
+
130
+ function tac() {
131
+
132
+ ?>
133
+ <script type="text/javascript">
134
+ function toggleDiv(divid){
135
+ if(document.getElementById(divid).style.display == 'none'){
136
+ document.getElementById(divid).style.display = 'block';
137
+ }else{
138
+ document.getElementById(divid).style.display = 'none';
139
+ }
140
+ }
141
+ </script>
142
+ <h2>
143
+ <?php _e('TAC (Theme Authenticity Checker)'); ?>
144
+ </h2>
145
+ <div class="pinfo">
146
+ TAC checks themes for malicious or potentially unwanted code.<br/>
147
+ For more info please go to the plugin page: <a href="http://builtbackwards.com/projects/tac/">http://builtbackwards.com/projects/tac/</a><br/><br/>
148
+ To submit bugs, suggestions, or comments please post in the <a href="http://wordpress.org/tags/tac">WordPress.org Forum</a>.
149
+ </div>
150
+ <div id="wrap">
151
+ <?php
152
+ $themes = get_themes();
153
+ $theme_names = array_keys($themes);
154
+ natcasesort($theme_names);
155
+ foreach ($theme_names as $theme_name) {
156
+ $template_files = tac_get_template_files($themes[$theme_name]['Template']);
157
+ $title = $themes[$theme_name]['Title'];
158
+ $version = $themes[$theme_name]['Version'];
159
+ $author = $themes[$theme_name]['Author'];
160
+ $screenshot = $themes[$theme_name]['Screenshot'];
161
+ $stylesheet_dir = $themes[$theme_name]['Stylesheet Dir'];
162
+
163
+ $results = tac_check_theme($template_files, $title);
164
+ ?>
165
+ <div id="tacthemes">
166
+ <?php if ( $screenshot ) : ?>
167
+ <img src="<?php echo get_option('siteurl') . '/wp-content' . str_replace('wp-content', '', $stylesheet_dir) . '/' . $screenshot; ?>" alt="" />
168
+ <?php else : ?>
169
+ <div class="tacnoimg">No Screenshot Found</div>
170
+ <?php endif; ?>
171
+
172
+ <?php echo '<div class="t-info">'."<strong>$title</strong> $version by $author"; ?>
173
+
174
+ <?php if ($results['bad_lines'] != '' || $results['static_urls'] != '') : ?>
175
+ <input type="button" value="Details" class="button-primary" id="details" name="details" onmousedown="toggleDiv('<?php echo $title; ?>');" href="javascript:;"/>
176
+ <?php endif; ?>
177
+ </div>
178
+
179
+ <?php echo $results['summary']; ?>
180
+
181
+ <div class="tacresults" id="<?php echo $title; ?>" style="display:none;">
182
+ <?php echo $results['bad_lines'].$results['static_urls']; ?>
183
+ </div>
184
+
185
+ </div>
186
+
187
+ <?php
188
+ }
189
+ echo '</div>';
190
+ }
191
+
192
+ // CSS to format results of themes check
193
+ function tac_css() {
194
+ echo '
195
+ <style type="text/css">
196
+ <!--
197
+
198
+ #wrap {
199
+ background-color:#FFF;
200
+ margin-right:5px;
201
+ }
202
+
203
+ .tac-bad,.tac-ehh {
204
+ border:1px inset #000;
205
+ font-family:"Courier New", Courier, monospace;
206
+ margin-bottom:10px;
207
+ margin-left:10px;
208
+ padding:5px;
209
+ width:90%;
210
+ }
211
+
212
+ .tac-bad {
213
+ background:#FFC0CB;
214
+ }
215
+
216
+ .tac-ehh {
217
+ background:#FFFEEB;
218
+ }
219
+
220
+ span.tac-good-notice, span.tac-bad-notice, span.tac-ehh-notice {
221
+ float:left;
222
+ font-size:120%;
223
+ margin: 25px 10px 0 0;
224
+ padding:10px;
225
+ }
226
+
227
+ span.tac-good-notice {
228
+ background:#3fc33f;
229
+ border:1px solid #000;
230
+ width:90px;
231
+ vertical-align: middle;
232
+ }
233
+
234
+ span.tac-bad-notice {
235
+ background:#FFC0CB;
236
+ border:1px solid #000;
237
+ width:195px;
238
+ }
239
+
240
+ span.tac-ehh-notice {
241
+ background:#FFFEEB;
242
+ border:1px solid #ccc;
243
+ width:210px;
244
+ }
245
+
246
+ .file-path {
247
+ color:#666;
248
+ font-size:12px;
249
+ padding-bottom:1px;
250
+ padding-top:5px;
251
+ text-align:right;
252
+ width:92%;
253
+ }
254
+
255
+ .file-path a {
256
+ text-decoration:none;
257
+ }
258
+
259
+ .pinfo {
260
+ background:#DCDCDC;
261
+ margin:5px 5px 40px;
262
+ padding:5px;
263
+ }
264
+
265
+ #tacthemes {
266
+ border-top:1px solid #ccc;
267
+ margin:10px;
268
+ min-height:100px;
269
+ padding-bottom:20px;
270
+ padding-top:20px;
271
+ }
272
+
273
+ #tacthemes img,.tacnoimg {
274
+ border:1px solid #000;
275
+ color:#DCDCDC;
276
+ float:left;
277
+ font-size:16px;
278
+ height:75px;
279
+ margin:10px;
280
+ text-align:center;
281
+ width:100px;
282
+ }
283
+
284
+ .tacresults {
285
+ clear:left;
286
+ margin-left:130px;
287
+
288
+ }
289
+ -->
290
+ </style>
291
+ ';
292
+ }
293
+
294
+ add_action('admin_head', 'tac_css');
295
+ ?>