That file (jquery.easing-1.3.pack.js) is not malicious at all. It’s a JQuery library, and the developer used the “minimal” version to make it smaller. We do this all the time. If you want to see the full version, do a google search for it.
Thread Starter
Bas
(@bask)
Those are some very helpful links esmi thank you.
Superdave300, after checking google you seem to be right, but I still dont understand why a developer needs to use a obfuscated version.
They use minified versions for size constraints, and these versions are the standard. You’ll see minified JQuery libraries just like this in most feature-rich plugins.
It’s not PHP code, either. It can’t be run on your server, only downloaded by the end users.
Thread Starter
Bas
(@bask)
Ok in that case, could a moderator remove the dev’s name from my post earlier? I dont want to give anyone a bad name.
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
Ha. That’s really funny.
@bas, the topic that we were discussing is regarding eval(base64_decode and NOT jquery.easing-1.3.pack.js.
It was an innocent misunderstanding and we were strictly discussing the former and not the latter.
So just to re-iterate:
eval(base64_decode == BAD and EVIL every time and no exceptions.
jquery.easing-1.3.pack.js is probably fine BUT I’m not developer so I defer to more knowledgeable people. 😉
What @jan Dembowski said.
Also: what should differentiate a minified/packed version of jquery.easing from malicious, obfuscated code is that the Theme should include the non-minified/unpacked version of the file, along with the packed version.
Thread Starter
Bas
(@bask)
Ok that clears things up! Ill make sure not to include any obfuscated code if I ever develop a theme, just to prevent these kinda discussions/worries 😉
tl;dr for everyone: ThemeForest should support it’s own themes.
Still reading? Okay.
WordPress.org forums neither endorse nor support themes that do not adhere to GPL, nor do we generally touch themes behind a paywall (like ThemeForest) under the assumption that if you paid for a theme, you should get support. Also we want theme devs to be able to make a living.
Bas – You need to go to themeforest.com for help with that theme. Period.
superdave3000 – The mods are volunteers, cursed with extra responsibilities. That theme is obfuscating code, and would not pass muster and be permitted to be hosted here.
The tl;dr for that is this: When you use custom JS library please don’t minify and/or pack the source and don’t remove header notes, original author, copyright etc. (See what Chip said above).
Now that we’re all on the same page, I’m closing this.
