Weitere ähnliche Inhalte
Ähnlich wie WordPress Plugin & Theme Security - WordCamp Melbourne - February 2011 (20)
Kürzlich hochgeladen (20)
WordPress Plugin & Theme Security - WordCamp Melbourne - February 2011
- 5. $username = "' OR 1 -- ";
$wpdb->query(
"SELECT * FROM $wpdb->users
WHERE user_login = '$username'
AND user_pass = '$password'"
);
BAD
- 14. <h1>
<?php echo $title; ?>
</h1>
BAD
- 16. <h1>
<?php echo esc_html( $title ); ?>
</h1>
GOOD
- 19. <?php $title = '" onmouseover="jsCode();'; ?>
<a href="#wordcamp" title="<?php echo $title; ?>">
Link Text
</a>
BAD
- 25. <?php $url = 'javascript:jsCode();'; ?>
<a href="<?php echo $url; ?>">
Link Text
</a>
BAD
- 29. <script>
var foo = '<?php echo $unsafe; ?>';
</script>
BAD
- 30. <script>
var foo = '<?php echo esc_js( $unsafe ); ?>';
</script>
GOOD