[wp-hackers] SVN Revision in footer?
Dougal Campbell
dougal at gunters.org
Mon Sep 15 14:41:05 GMT 2008
Dan Coulter wrote:
> Here's a tooltip version: http://junk.ssdn.us/svn-revision-tooltip.php.txt
>
> On Sun, Sep 14, 2008 at 1:59 PM, Alex Hempton-Smith <
> hempsworth at googlemail.com> wrote:
>
One suggestion: run the extracted revision number through the
attribute_escape() function. Never trust external data, even when you
*think* it can be trusted. If an unauthorized attacker found a way to
create an .svn/entries file, he could cause javascript to be injected
into the admin footer, otherwise.
An unlikely possibility to be sure, but you can never be too safe :)
--
Dougal Campbell <dougal at gunters.org>
http://dougal.gunters.org/
I'm going to WordCamp Birmingham! Are you?
More information about the wp-hackers
mailing list