[wp-hackers] 1.5.2
Mark Jaquith
mark.wordpress at txfx.net
Wed Aug 10 01:17:39 GMT 2005
Trevor Turk wrote:
>About killing magic_quotes - I think that is a great
>idea...
>
WordPress actually "forces" magic_quotes, which simplifies things.
magic_quotes isn't bad... it was just a poor decision to make it an
option... because you cannot count on it, but must always consider it,
when writing portable PHP code. Forcing it to be on (by duplicating its
functionality when it isn't) just simplifies things.
The issue at hand is register_globals. The exploit that was recently
released requires register_globals to be on. The code that was recently
committed to WordPress will disable register_globals, which should
protect us against these types of attacks in the future.
--
Mark Jaquith
http://txfx.net/
MCincubus @ #wordpress
More information about the wp-hackers
mailing list