[wp-hackers] FW: Wordpress All versions XSS

DD32 wordpress at dd32.id.au
Wed May 2 23:04:25 GMT 2007

On Thu, 03 May 2007 06:58:17 +1000, Dino Termini <dino at duechiacchiere.it>  
> Actually I don't understand why theme developer use the PHP_SELF. Maybe  
> for compatibility reasons? (due to .htaccess?)

The main reason against using / for it is that WP can be installed in a  
maybe it should be changed to <?php echo get_option('home'); ?> then?

Just looking at my theme i'm using, its set to <?php bloginfo('home'); ?>
(as the search is in the header, not WP's sidebar)

Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

More information about the wp-hackers mailing list