[wp-hackers] FW: Wordpress All versions XSS
Jeremy Visser
jeremy.visser at gmail.com
Thu May 3 00:48:19 GMT 2007
wordpress at nazgul.nu wrote:
> <form method="get" id="searchform" action="<?php echo
> $_SERVER['PHP_SELF']; ?>">
WordPress' default theme is not vulnerable:
> <form method="get" id="searchform" action="<?php bloginfo('url'); ?>/">
Neither is classic:
> <form id="searchform" method="get" action="<?php bloginfo('home'); ?>">
Oh, by the way, which is better to get the URL from? home or url?
--
Jeremy Visser
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
More information about the wp-hackers
mailing list