[wp-testers] wordpress and php security
Mark Jaquith
mark.wordpress at txfx.net
Sat Dec 23 11:03:37 GMT 2006
On Dec 23, 2006, at 1:45 AM, Brian Layman wrote:
> With all of the different configrations available, I can sure
> understand
> why they'd want to be in full control of the processing of the data.
For a just-starting closed-source project on PHP 5.2 servers that you
control... the filter extension *might* be a good choice. For an
open source project like ours or Serendipity or Flyspray, you would
have to either abandon your PHP < 5.2 userbase, or maintain two
filter systems. Heck, even if you do abandon your PHP < 5.2 userbase
you'll have to maintain two filter systems to work around bugs and
shortcomings [1] in the filter extension.
I'm much more interested to see the PHP-based input/output filters
library that the Hardened-PHP Project is going to develop [2].
==
[1] http://devzone.zend.com/node/view/id/1113#comments-1210
[2] http://blog.php-security.org/archives/65-PHP-Input-Filtering-
Library.html
--
Mark Jaquith
http://markjaquith.com/
Covered Web Services
http://covered.be/
More information about the wp-testers
mailing list