[wp-hackers] Admin notices

Charles K. Clarkson cclarkson at htcomp.net
Mon Apr 11 14:20:57 UTC 2011


On 4/11/2011 1:35 AM, Andrew Nacin wrote:

 > I would strongly recommend you avoid create_function() at all costs.
 > It poses a pretty serious security risk when used improperly.

Are you implying then, that, used properly, it poses no security risk?

I think the create_function() scare is really a tainted data problem.
Don't use create_function() in circumstances where the input is not from
a trusted source.

Of course, one could argue that a programmer is not a trusted source. :)



Charles Clarkson
--
Mobile Home Investor
Free Market Advocate
Programmer

I'm not really a smart person. I just play one on the Internet.

Stephenville, TX
http://twitter.com/CharlesClarkson
+1 (254) 968-8328


More information about the wp-hackers mailing list