[wp-hackers] vuln

Mark Jaquith mark.wordpress at txfx.net
Sun Aug 14 01:12:26 GMT 2005

Scott Merrill wrote:

> The code leverages wp_filter[query_vars].  Is there something specific 
> that we can suggest _right now_ for people to do in their blog's code 
> to help protect them?
> Certainly `php_flag register_globals off` in .htaccess is one step; 
> but I would really like to offer as complete a solution as possible: 
> security in depth.
> I want to construct a sticky forum post _officially_ responding to the 
> issue, describing the problem, and providing as complete a solution as 
> possible for users _right now_.

What about having users use wp-settings.php from /branches/1.5/ ?

Mark Jaquith
MCincubus @ #wordpress

More information about the wp-hackers mailing list