-
Defective by Design - HTML5 is so awesome you can screw it now. Congratulations. Tell W3C: We don't want the Hollyweb! - Get educated and spread the word! -
Issue 2.1 is out! (; as print version so far, not yet on the website.) Take a look at conferences and events to get as well all back issues of Libre Graphics magazine with a discount or just order online. -
Wordpress Licensing – hakre on wordpress- GPL: This Deserves a Special Mention, II
- b2/cafelog is GPL
- WordPress Changes GPL License Text Again
- Akismet Introduces GPL Version to WordPress (Updated 3x)
- Kses, GPL, Copyright, Licensing and Disclaimer
- WordPress, Copyright, Hello Dolly Lyrics, the GNU GPL and I
- WordPress Licensing Issues – Plugins are GPL, Right?
- WordPress Licensing Issues – On Showing License
- Relicensing of IXR – The Incutio XML-RPC Library (Day 15)
- WordPress Licensing Issues – NOOP (Day 8)
-
- Wordpress Questions (and Answers)
- An error has occurred; the feed is probably down. Try again later.
Tag Archives: PHP Security
XPath Null Byte Injection in PHP
Back in July this year, in Mitigating XPath Injection Attacks in PHP I was writing about how to properly quote a string in PHP’s Xpath 1.0. The code presented there was based on the assumption that the resulting expression is … Continue reading
Posted in Hakre's Tips, PHP Development, Pressed, Surviving the Internet
Tagged ASCIIZ, Injection, Null-Byte, PHP, PHP Security, XML, XPath, XPath Injection
Leave a comment
Mitigating XPath Injection Attacks in PHP
PHP has two libxml based extensions that allow to execute XPath 1.0 expressions: DOM (by the DOMXPath class) and SimpleXML (with its xpath() method). Both extensions are prone to XPath Injection Attacks, a common attack form. Albeit all this, and … Continue reading
Posted in Hakre's Tips, PHP Development, Pressed, Surviving the Internet
Tagged DOM, DOMXPath, Injection, PHP, PHP Security, SimpleXML, XPath, XPath Injection
1 Comment
Congrats Solar Designer!
And the winner is: Solar Designer in the Month of PHP Security 2010 with his article “How to manage a PHP application’s users and passwords” (Full Listing). Solar Designer’s phpass password hashing algorithm is used in wordpress. It has been … Continue reading
Posted in Hacking The Core, Pressed, Reports
Tagged #2394, Month of PHP Security, MOPS, MOPS-2010, PHP Security, phpass, Solar Designer
Leave a comment
Cheap Hack/Worm Protection for your WordPress Blog
This on its own might be only security done half, but I thought the idea is not that bad to spread the word. It can be normally setup in seconds on the various linux based hostings out there: disable eval. … Continue reading
Posted in Hacking The Core, Hakre's Tips, Tools, WordPress Support
Tagged #9602, Eval, Exploit, hack, PHP Security, Security, Sektion Eins, Stefan Esser, Suhosin, Wordpress, Wordpress Security, WP-2.8.5, WP-2.9
3 Comments
WordPress Single-Sign-On Preview
I’m currently working on a more detailed article related to wordpress and single-sign-on. It is a nice topic and because of that I started to create some concept art now that should picture the whole thing. That is a sample … Continue reading
Posted in Pressed
Tagged Apache, Extranet, HTTP, Intranet, MySQL, PHP Security, phpass, Single-Sign-On, Wordpress, Wordpress Security
10 Comments
Prevent Code Injection in PHP include files
While discussing Coding Standards it was not long ago I argued against adding ?> at the end of php files. But miqrogroove pointed to me an interesting aspect why it actually can make sense to have it and an additional … Continue reading
Posted in Code Smells, Hakre's Tips, PHP Code Smells, Pressed
Tagged Code Injection, Include, PHP, PHP Security, Return, Security
Leave a comment
Free PHP Security Poster
Ther germany located security company SektionEins, which is specialized on Webapplication and PHP security, has a freebie to offer: You can download or order a PHP Security poster. They even send it in format A0 for free to you within … Continue reading
Posted in Hakre's Tips, Pressed
Tagged PHP, PHP Security, Poster, Security, SektionEins, Stefan Esser, Suhosin
Leave a comment
PHP Open Basedir degrades Security (Bonus)
Some hosters are using the open_basedir restrictions because they think this makes hosting somewhat more secure. Well normally it is not because a hoster in need to enable it often shows that the system is not properly configured in respect … Continue reading
Posted in Pressed
Tagged #12148, open_basedir, PHP Security, phpass, Quality Control, Random, Security, Solar Designer
1 Comment
The short memory of WordPress.org security
For the wordpress project it’s said: If you find a bug, report it. That’s the same if it is security related. For those who feel – for whatever reason – uncomfortable to publicize it in trac directly, can shoot an … Continue reading
Posted in Hacking The Core, Patched, Pressed
Tagged #11236, #11401, caesarsgrunt, PHP Security, Ryan Boren, Security, Thomas Mackenzie, Wordpress, WP, WP-2.9.2
10 Comments
mysql_real_escape_string and SET NAMES
In #11819 I was so hardly looking for a clear documentation for mysql_real_escape_string() combined with the usage of SET NAMES. I finally found it where I should have looked first: within the MySQL manual. PHP is using the MySQL client library … Continue reading
Posted in Hacking The Core
Tagged Database, MySQL, PHP, PHP Security, Security, Wordpress, WP
Leave a comment
hakre on wordpress 
