[wp-hackers] FW: Wordpress All versions XSS
Robin Adrianse
robin.adr at gmail.com
Thu May 3 00:03:23 GMT 2007
Yes, this should probably be changed. Please create a Trac ticket if you
could, and assign it to me (rob1n). I'll put it through.
On 5/2/07, DD32 <wordpress at dd32.id.au> wrote:
>
> On Thu, 03 May 2007 06:58:17 +1000, Dino Termini <dino at duechiacchiere.it>
> wrote:
> > Actually I don't understand why theme developer use the PHP_SELF. Maybe
> > for compatibility reasons? (due to .htaccess?)
>
> The main reason against using / for it is that WP can be installed in a
> subfolder.
> maybe it should be changed to <?php echo get_option('home'); ?> then?
>
> Just looking at my theme i'm using, its set to <?php bloginfo('home'); ?>
> (as the search is in the header, not WP's sidebar)
>
> --
> Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list