[wp-hackers] vuln
Mark Jaquith
mark.wordpress at txfx.net
Sun Aug 14 01:12:26 GMT 2005
Scott Merrill wrote:
> The code leverages wp_filter[query_vars]. Is there something specific
> that we can suggest _right now_ for people to do in their blog's code
> to help protect them?
>
> Certainly `php_flag register_globals off` in .htaccess is one step;
> but I would really like to offer as complete a solution as possible:
> security in depth.
>
> I want to construct a sticky forum post _officially_ responding to the
> issue, describing the problem, and providing as complete a solution as
> possible for users _right now_.
What about having users use wp-settings.php from /branches/1.5/ ?
http://trac.wordpress.org/file/branches/1.5/wp-settings.php?rev=2779&format=raw
--
Mark Jaquith
http://txfx.net/
MCincubus @ #wordpress
More information about the wp-hackers
mailing list