i checking code of wordpress theme , came across strings containing base64, not expert heard malicious. can glance on these lines of code , tell if malicious or not?
<div class="tiepanel-item"> <h3><?php _e( 'export', 'tie' ) ?></h3> <div class="option-item"> <textarea style="width:100%" rows="7"><?php echo $currentsettings = base64_encode( serialize( $current_options )); ?></textarea> </div> </div> <div class="tiepanel-item"> <h3><?php _e( 'import', 'tie' ) ?></h3> <div class="option-item"> <textarea id="tie_import" name="tie_import" style="width:100%" rows="7"></textarea> </div> </div> and
add_action('wp_ajax_test_theme_data_save', 'tie_save_ajax'); function tie_save_ajax() { check_ajax_referer('test-theme-data', 'security'); $data = $_post; $refresh = 1; if( !empty( $data['tie_import'] ) ) { $refresh = 2; $data = unserialize(base64_decode( $data['tie_import'] )); array_walk_recursive( $data , 'tie_clean_imported_options'); } tie_save_settings ($data , $refresh ); }
it's import/export settings functionality of theme. base 64 used encode serialized string of theme options - it's common practice prevent original data getting corrupted (base 64 converts text in ascii safe in database collation).
Comments
Post a Comment