[wp-hackers] Admin notices
Charles K. Clarkson
cclarkson at htcomp.net
Mon Apr 11 14:20:57 UTC 2011
On 4/11/2011 1:35 AM, Andrew Nacin wrote:
> I would strongly recommend you avoid create_function() at all costs.
> It poses a pretty serious security risk when used improperly.
Are you implying then, that, used properly, it poses no security risk?
I think the create_function() scare is really a tainted data problem.
Don't use create_function() in circumstances where the input is not from
a trusted source.
Of course, one could argue that a programmer is not a trusted source. :)
Charles Clarkson
--
Mobile Home Investor
Free Market Advocate
Programmer
I'm not really a smart person. I just play one on the Internet.
Stephenville, TX
http://twitter.com/CharlesClarkson
+1 (254) 968-8328
More information about the wp-hackers
mailing list