[wp-hackers] SVN Revision in footer?

Dougal Campbell dougal at gunters.org
Mon Sep 15 14:41:05 GMT 2008

Dan Coulter wrote:
> Here's a tooltip version: http://junk.ssdn.us/svn-revision-tooltip.php.txt
> On Sun, Sep 14, 2008 at 1:59 PM, Alex Hempton-Smith <
> hempsworth at googlemail.com> wrote:

One suggestion: run the extracted revision number through the 
attribute_escape() function. Never trust external data, even when you 
*think* it can be trusted. If an unauthorized attacker found a way to 
create an .svn/entries file, he could cause javascript to be injected 
into the admin footer, otherwise.

An unlikely possibility to be sure, but you can never be too safe :)

Dougal Campbell <dougal at gunters.org>
I'm going to WordCamp Birmingham! Are you?

More information about the wp-hackers mailing list