[wp-hackers] Security Vulnerability found - Forum Post
m at mullenweg.com
Thu Apr 14 19:40:17 GMT 2005
Robert Deaton wrote:
> PHP has this nice feature for variables called unset. unset('varname')
> and you don't have to worry about the rest of the script being able to
> access it. Call unset on the variables right after the database
> connection is established and then it guarantees that you can't access
> them elsewhere (minus inside the wpdb class if they're stored there, and
> if so, it could be made not to store them there and not lose any
I think this is a very good idea, I wish we had had it before 1.0.
"Constants may not be redefined or undefined once they have been set;"
I don't want to break everyone's config files. Perhaps instead of
including wp-config.php we can evaluate it and extract that data out
instead, though that would be slower.
http://photomatt.net | http://wordpress.org
http://pingomatic.com | http://cnet.com
More information about the wp-hackers