[wp-hackers] Security: Using slugs as ID

Mike Bijon mike at etchsoftware.com
Fri Dec 9 09:42:59 UTC 2011

Is your bug specific to pages, and not posts? There is an existing bug on
Trac for that, http://core.trac.wordpress.org/ticket/10249. The code there
may have better examples of what could be fixed.

As for your decoding it should be safe. I don't know where you're reusing
the value though: remember to still sanitize, and to re-encode if used in a


More information about the wp-hackers mailing list