[wp-hackers] vuln

Mark Jaquith mark.wordpress at txfx.net
Sun Aug 14 01:12:26 GMT 2005


Scott Merrill wrote:

> The code leverages wp_filter[query_vars].  Is there something specific 
> that we can suggest _right now_ for people to do in their blog's code 
> to help protect them?
>
> Certainly `php_flag register_globals off` in .htaccess is one step; 
> but I would really like to offer as complete a solution as possible: 
> security in depth.
>
> I want to construct a sticky forum post _officially_ responding to the 
> issue, describing the problem, and providing as complete a solution as 
> possible for users _right now_.

What about having users use wp-settings.php from /branches/1.5/ ?
http://trac.wordpress.org/file/branches/1.5/wp-settings.php?rev=2779&format=raw

-- 
Mark Jaquith
http://txfx.net/
MCincubus @ #wordpress



More information about the wp-hackers mailing list