On Wednesday, October 24th 2012, this report was sent to the BugTraq-Mailinglist, describing an alleged XSS-vulnerability in WordPress, presumably in all versions of the wide-spread blogging software. What’s the fuss about? As I run this blog using WordPress myself, I am of course very interested in keeping my blog secure, so I took my time to [...]
Yesterday, I finally upgraded my WordPress MU installation from 2.6.something to 2.7 – which went surprisingly smooth, even the plugins seem to work. In addition to the upgrade, I added memcached-support, but was a bit disappointed because all I could find was the link to the svn-repository of the object-cache.php file. No manuals, no installation [...]
With yesterday’s post, I noticed that the codehighlighter-plugin i am using was doubly converting certain special characters, rendering the source-code quite useless. This is an incompatibility of the plugin with WordPress MU. The Plugin uses GeSHi, the “Generic Syntax Highlighter”, and that again is converting incoming text into html-entities for security reasons. For just the [...]
While looking closer at those rules I posted earlier I noticed an important but missing rule, which would prevent e.g. the preview-functionality of the post-/page-editor. The following rule enables this: 1 "^/(.*/)??(.*=.*)$" => "index.php?$2" “^/(.*/)??(.*=.*)$” => “index.php?$2″ The whole ruleset would thus now look like this: 1 2 3 4 5 6 7 8 9 [...]
Today, someone in the channel #wordpress on freenode (see WordPress.org’s IRC-page for more information about the channel) asked whether WordPress would work with lighttpd. As I am running such an installation myself, I took it up to help him, looking for rewrite-rules on the net, since my own were only for WordPress MU. I was [...]
As I wrote the previous posting, and tried to apply the syntax-highlighting provided be the CodeHighlighter-plugin by Wongoo Lee to the code-snippets, I was suprised, because it did not work. All information I found through google and Wongoo Lee’s website seemed as if it should have worked, though it did not. So I asked a few people, but they did not know anything either.