Monthly Archives: December 2010

Kses, GPL, Copyright, Licensing and Disclaimer

The current wordpress security release made me look into kses.php today. But my review ended before going over the first 10 lines already. Guess what I ran over? Jup, another wordpress GPL license violation. How did I find it? It … Continue reading

Posted in Hacking The Core, Pressed, Reports, Wordpress Licensing | Tagged , , , , , , , , , , | 3 Comments

Too Yellow to Name a Ticket – WordPress Security Bites Itself Again in 3.0.4 (Updated 2x)

WordPress 3.0.4 is out. What?! [UPDATE: The advisory is now online: Persistent XSS vulnerability – wordpress 3.0.3 (kses.php) ] Keep cool. There is an release (all 3.0.2 to 3.0.4 changes), but actually Matt Mullenweg is asking for a security review … Continue reading

Posted in Pressed | Tagged , , , , , , , , | 5 Comments

Encode a PHP String

Today I updated PHPMyadmin on one of my boxes. Nothing special so far, but I saw that it’s now possible to export data in form of a PHP array. Well I thought that’s somehow nice. But the plugin was broken. … Continue reading

Posted in Pressed | Tagged , , , | Leave a comment

Métamorphose: A File and Folder Renamer

If you’re looking for either a first aid or just a file and folder rename tool, don’t look any further. The name you need to look for is Métamorphose.

Posted in Hakre's Tips, Pressed, Tools | Tagged , , , , , , , , , , , , | 1 Comment

WordPress Database Charset and Collation Configuration

Pootzko over at this years new Q&A site for WordPress Administrators and Integrators was wondering why creating database tables via wpdb->query() / SQL didn’t reflect his worpdress collation settings. As it was not obvious for him, I thought about writing … Continue reading

Posted in Hacking The Core, Hakre's Tips, Pressed, Reports | Tagged , , , , , , , | 5 Comments

WordPress, Copyright, Hello Dolly Lyrics, the GNU GPL and I

In the recent discussions about the Hello Dolly lyrics that are shipping with WordPress and in the plugin repository, there has been a lot of fuzz. I think it’s about time that I name why write about the issue: I’d … Continue reading

Posted in Hacking The Core, Pressed, Wordpress Licensing | Tagged , , , , | 1 Comment

Websocket Protocol Vulnerability

Linked: Disabling the WebSocket protocol (by Anne van Kesteren; 08 Dec 2010). This HTML 5 looks to be a scary mess security wise. I hope the browser vendors do their jobs.

Posted in Linked, Surviving the Internet, Uncategorized | Tagged , | Leave a comment

WordPress Licensing Issues – Plugins are GPL, Right?

If you thought that the wordpress package you can download from is re-distributable under GPL, then you’re thinking wrong. Why do I say so? Thanks to a ticket opened by novasource, it came to my attention, that the Hello … Continue reading

Posted in Hacking The Core, Linked, Pressed, Surviving the Internet, Wordpress Licensing | Tagged , , , , , , , , , , , , | 5 Comments

Slow Crawling Fixes

WordPress 3.0.2 went out some days ago. Announced as security release (full 3.0.2 Changelog) for the stable wordpress version. While taking a look into the changelog, I got a little flashback. The most prominent security issue was in fact an … Continue reading

Posted in Pressed, Surviving the Internet | Tagged , , , , | 3 Comments

FSFE updates Blogs to WordPress 3.0

The FSFE blogging platform has been upgraded to WordPress 3.0.1. It was formerly driven by WordPress MU. The blogs are a place where supporters of the Free Software Foundation Europe (the Fellowship) can blog about their work and thoughts. It’s … Continue reading

Posted in Linked, Pressed, Uncategorized | Tagged , , , , , | Leave a comment