[wp-hackers] 1.5.2

Mark Jaquith mark.wordpress at txfx.net
Wed Aug 10 01:17:39 GMT 2005

Trevor Turk wrote:

>About killing magic_quotes - I think that is a great
WordPress actually "forces" magic_quotes, which simplifies things.  
magic_quotes isn't bad... it was just a poor decision to make it an 
option... because you cannot count on it, but must always consider it, 
when writing portable PHP code.  Forcing it to be on (by duplicating its 
functionality when it isn't) just simplifies things.

The issue at hand is register_globals.  The exploit that was recently 
released requires register_globals to be on.  The code that was recently 
committed to WordPress will disable register_globals, which should 
protect us against these types of attacks in the future.

Mark Jaquith
MCincubus @ #wordpress

More information about the wp-hackers mailing list