[wp-hackers] FW: Wordpress All versions XSS
DD32
wordpress at dd32.id.au
Wed May 2 23:04:25 GMT 2007
On Thu, 03 May 2007 06:58:17 +1000, Dino Termini <dino at duechiacchiere.it>
wrote:
> Actually I don't understand why theme developer use the PHP_SELF. Maybe
> for compatibility reasons? (due to .htaccess?)
The main reason against using / for it is that WP can be installed in a
subfolder.
maybe it should be changed to <?php echo get_option('home'); ?> then?
Just looking at my theme i'm using, its set to <?php bloginfo('home'); ?>
(as the search is in the header, not WP's sidebar)
--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
More information about the wp-hackers
mailing list