1
CeBepuH
stealing theme.html how-to
  • 2004/4/30 8:20

  • CeBepuH

  • Not too shy to talk

  • Posts: 128

  • Since: 2002/6/10


I don't if somebody has already thought of this but... taking a peek into the theme.html is quite easy.

Load any XOOPS2 site, view the source and look in the head part for something like:

<link rel="stylesheet" type="text/css" media="all" href="http://url_of_xoops_site/themes/the_theme_of_the_site/style.css" />


Then just type in the browser http://url_of_xoops_site/themes/the_theme_of_the_site/theme.html and voila!

Anyway, any able designer can recreate a theme of a site even without looking at theme.html

BUT

What if in the theme.html you have:

<{php}>
some top secret php code... if it is serverside it should stay serversidedon't you think?
<{/php}>


So don't put php in the theme.html

Or I suppose you could protect the_theme_of_the_site with a simple .htaccess file...


2
brash
Re: stealing theme.html how-to
  • 2004/4/30 8:30

  • brash

  • Friend of XOOPS

  • Posts: 2206

  • Since: 2003/4/10


Sure you CAN do that, but doing so without first contacting the owner of the website is very unethical. I'm not 100% familiar with the GPL license, but I'm pretty sure this is also illegal and the owner of the theme would be within their full rights to take legal action against you. I would not suggest stealing anyones work, and just because you can doesn't mean you should.

3
CeBepuH
Re: stealing theme.html how-to
  • 2004/4/30 8:41

  • CeBepuH

  • Not too shy to talk

  • Posts: 128

  • Since: 2002/6/10


I know it is illegal.

Hacking is illegal too. But still there are people who would do it.

[red]I'm simply pointing[/red] at a... hmmm.. how should I put it? It could become a security hole depending on what php codes one puts in the theme.html

Besides, I suppose there are people who woudn't like anybody seeing theme.html

4
CBlue
Re: stealing theme.html how-to

How could anyone edit another person's theme.html on their own server without having access to that server?

5
Mithrandir
Re: stealing theme.html how-to

Not edit, Cblue - steal.

I wasn't aware that the <{php}> code would also show in the theme.html (but just checked and you are right)

I personally dislike the <{php}> code in templates unless it is the absolutely last resort.

Separate code from presentation - if it isn't directly related to presentation, it has no place in theme.html - but thanks for the headsup.

6
Herko
Re: stealing theme.html how-to
  • 2004/4/30 9:22

  • Herko

  • XOOPS is my life!

  • Posts: 4238

  • Since: 2002/2/4 1


The General Public Licence states that if you release the module/theme (which is considered part of the whole application), you have to release it as GPL. However, with themes there is a serious issue concerning image copyrights. You can copy a theme, nothing illegal there (even by doing it the way you described), but the creator can take legal action against unauthorised use of copyrighted images. All the designer has to do is prove the images are his/her creation.

The security hole you describe is minimal IMO, as no-one ever puts sensitive data in php scripts in a theme.html file. At least, I have never heard of such a thing.

Herko

7
CBlue
Re: stealing theme.html how-to

Okay...I thought he was saying that someone could put malicious code into someone's theme.html file.

8
karuna
Re: stealing theme.html how-to
  • 2004/4/30 11:43

  • karuna

  • Not too shy to talk

  • Posts: 171

  • Since: 2002/5/29


hmm
i have changed the images files and css to another folder

<{$xoops_url}>/images/themes/images/

9
Stewdio
Re: stealing theme.html how-to
  • 2004/4/30 13:48

  • Stewdio

  • Community Support Member

  • Posts: 1560

  • Since: 2003/5/7 1


I've known about this for months and never thought anything of it.

Of course if you punch in the actual path/to/the/theme.html it's going to display it contents, thats just common sense. It only renders as text, after all the browser is outputting what it thinks it should.

Theres no code to steal, most of it is part of the basic XOOPS code anyhow; unless a person has a heavily modified theme.html, but in most case such a person is experienced enough not to do domething like that.

The basic XOOPS code thats already displayed is so minimal, it is not an issue to me personally because anyone can download the XOOPS package and look it up themselves anyway.

I just assumed after all these many months that it was widely known. Not even an issue as far I'm concerned, but others may make it more then what it seems.

It's not stealing code when it's freely available anyway. Any coder worth his salt is not going to put custom PHP functionality in the theme.html

Just my .02 cents.


Login

Who's Online

385 user(s) are online (271 user(s) are browsing Support Forums)


Members: 0


Guests: 385


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits