[theme-reviewers] Filtering the_content - Security Issues?
Chip Bennett
chip at chipbennett.net
Thu Oct 7 19:01:39 UTC 2010
In reviewing a Theme, I ran across the following function:
//add a fix for embed videos overlaing quickbar
function fastfood_content_replace(){
$content = get_the_content();
$content = apply_filters('the_content', $content);
$content = str_replace(']]>', ']]>', $content);
$content = str_replace('<param name="allowscriptaccess" value="always">',
'<param name="allowscriptaccess" value="always"><param name="wmode"
value="transparent">', $content);
$content = str_replace('<embed ', '<embed wmode="transparent" ', $content);
echo $content;
}
Just to be safe, I thought I would ask: does such filtering allow any
potential security vulnerabilities? I admit that I don't know what exactly
this function is accomplishing, which is why I'm asking.
Chip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20101007/5d2b3a5c/attachment.htm>
More information about the theme-reviewers
mailing list