David Kierznowski at BlogSecurity suggests that WordPress is “insecure by design.” What he means is that in general WordPress does not sanitize MySQL queries. He recommends that WordPress provide “a proper set of SQL safe functions (i.e. $wpdb->escape_int and $wpdb->escape_str” and “use mysql_real_escape_string(), and have clearly defined coding standards and security policies” like Drupal does. [...]
Recent Comments
- 对评论分页的 SEO - 网络特搜 on Paged Comments and the SEO Problem: A Solution
- Complete WordPress SEO Guide on Paged Comments and the SEO Problem: A Solution
- tridianto on Paged Comments and the SEO Problem: A Solution
- 20个最佳WordPress SEO插件 | 聊城网络公司_聊城网站建设_聊城SEO—聊城美和信息技术有限公司|每日一贴 on Paged Comments and the SEO Problem: A Solution
- Lynx on Paged Comments and the SEO Problem: A Solution
-
RSS Subscription Feeds