Sanitizing, Validating and Escaping in WordPress Themes and Plugins

•

4 gefällt mir•5,606 views

How secure is your WordPress theme or plugin? Are you confident that you have protected yourself, your clients or your users against the most common hacks? Validating, sanitizing and escaping are techniques that are foundational to the security of your website, application or software product. Learn how WordPress makes it easy for you to secure your code and start writing better code today!

Technologie

Sanitizing, Validating and Escaping
in WordPress Themes and Plugins
by Micah Wood
@wpscholar
wpscholar.com/wpyall2014

Other Sanitization Functions
• sanitize_ﬁle_name()
• sanitize_key()
• sanitize_mime_type()
• sanitize_sql_orderby()
• sanitize_title_for_query()
• sanitize_title_with_dashes()
• sanitize_user()

Escape SQL Queries
Permanent link to this comic: http://xkcd.com/327/

Tips
• Search for echo $ and echo get_
• Use VIP Scanner if you are creating a theme

Weitere ähnliche Inhalte

Ähnlich wie Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Attributes, reflection, and dynamic programmingLearnNowOnline

GCSECS-DefensiveDesign.pptxazida3

My journey to use a validation frameworksaqibsarwar

Real-World Smart Applications with Amazon Machine Learning - AWS Machine Lear...AWS Germany

(BDT302) Real-World Smart Applications With Amazon Machine LearningAmazon Web Services

Net course contentmindq

AWS January 2016 Webinar Series - Building Smart Applications with Amazon Mac...Amazon Web Services

Cloud identity management meetup 150108Morteza Ansari

Asp.Net MVC 5 in ArabicHaitham Shaddad

Creating Custom HTML Helpers in ASP.NET MVCLohith Goudagere Nagaraj

ASP.NET MVC 3Buu Nguyen

Dom structurebaabtra.com - No. 1 supplier of quality freshers

Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...CA API Management

How to learn Laravel5 application from AuthenticationMasashi Shinbara

Writing Code To Interact With Enterprise SearchCorey Roth

Improving the Quality of Existing Software - DevIntersection April 2016Steven Smith

Magic of web componentsHYS Enterprise

Wix Machine Learning - Ran RomanoWix Engineering

Authentication for DroidsPayPal

Ähnlich wie Sanitizing, Validating and Escaping in WordPress Themes and Plugins (20)

Attributes, reflection, and dynamic programming

GCSECS-DefensiveDesign.pptx

My journey to use a validation framework

Real-World Smart Applications with Amazon Machine Learning - AWS Machine Lear...

(BDT302) Real-World Smart Applications With Amazon Machine Learning

Net course content

AWS January 2016 Webinar Series - Building Smart Applications with Amazon Mac...

Cloud identity management meetup 150108

Asp.Net MVC 5 in Arabic

Creating Custom HTML Helpers in ASP.NET MVC

ASP.NET MVC 3

Dom structure

Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...

How to learn Laravel5 application from Authentication

Writing Code To Interact With Enterprise Search

Improving the Quality of Existing Software - DevIntersection April 2016

Magic of web components

Wix Machine Learning - Ran Romano

Authentication for Droids

Mehr von Micah Wood

Introduction to JSXMicah Wood

WP-CLI For The WinMicah Wood

Using Chrome Dev ToolsMicah Wood

Shortcodes In-DepthMicah Wood

Becoming a WordPress Coding MasterMicah Wood

Debugging in PHPMicah Wood

WordPress HooksMicah Wood

The Modern JavaScript Developers ToolboxMicah Wood

Using Composer with WordPressMicah Wood

An Introduction to PHP ClassesMicah Wood

Backbone + ReactMicah Wood

Advanced Development WorkflowsMicah Wood

Testing Made EasyMicah Wood

Debugging in PHPMicah Wood

Using Composer with WordPress - 2.0Micah Wood

Using composer with WordPressMicah Wood

Getting Started with VagrantMicah Wood

Mehr von Micah Wood (17)

Introduction to JSX

WP-CLI For The Win

Using Chrome Dev Tools

Shortcodes In-Depth

Becoming a WordPress Coding Master

Debugging in PHP

WordPress Hooks

The Modern JavaScript Developers Toolbox

Using Composer with WordPress

An Introduction to PHP Classes

Backbone + React

Advanced Development Workflows

Testing Made Easy

Debugging in PHP

Using Composer with WordPress - 2.0

Using composer with WordPress

Getting Started with Vagrant

Kürzlich hochgeladen

Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3

Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll

A Journey Into the Emotions of Software DevelopersNicole Novielli

DevEX - reference for building teams, processes, and platformsSergiu Bodiu

The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3

Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3

Manual 508 Accessibility Compliance AuditSkynet Technologies

Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda

Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3

Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery

Connecting the Dots for Information Discovery.pdfNeo4j

Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen

Scale your database traffic with Read & Write split using MySQL RouterMydbops

Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3

Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein

UiPath Community: Communication Mining from Zero to HeroUiPathCommunity

Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq

[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra

Kürzlich hochgeladen (20)

Moving Beyond Passwords: FIDO Paris Seminar.pdf

Emixa Mendix Meetup 11 April 2024 about Mendix Native development

A Journey Into the Emotions of Software Developers

DevEX - reference for building teams, processes, and platforms

The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx

Digital Identity is Under Attack: FIDO Paris Seminar.pptx

Manual 508 Accessibility Compliance Audit

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger

Generative Artificial Intelligence: How generative AI works.pdf

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx

Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...

Connecting the Dots for Information Discovery.pdf

Testing tools and AI - ideas what to try with some tool examples

Scale your database traffic with Read & Write split using MySQL Router

Potential of AI (Generative AI) in Business: Learnings and Insights

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx

Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24

UiPath Community: Communication Mining from Zero to Hero

Genislab builds better products and faster go-to-market with Lean project man...

[Webinar] SpiraTest - Setting New Standards in Quality Assurance

Sanitizing, Validating and Escaping in WordPress Themes and Plugins

1. Sanitizing, Validating and Escaping in WordPress Themes and Plugins by Micah Wood @wpscholar wpscholar.com/wpyall2014

2. Sanitization Cleaning user input

3. Sanitization Example

4. Sanitize Text Fields

5. Sanitize URL Slugs

6. Sanitize URLs

7. Sanitize Emails

8. Sanitize HTML Classes

9. Sanitize HTML

10. Other Sanitization Functions • sanitize_ﬁle_name() • sanitize_key() • sanitize_mime_type() • sanitize_sql_orderby() • sanitize_title_for_query() • sanitize_title_with_dashes() • sanitize_user()

11. Validation Checking user input

12. Validation Example

13. Data Type

14. Validate HTML

15. Validate Meta

16. Validate Capability

17. Validate Option

18. Validate Intention

19. Escaping Securing output

20. Escape HTML Attributes

21. Escape HTML Attributes

22. Escape HTML