WordPress.org

Ready to get started?Download WordPress

Forums

Security risk with plugins for PHP (2 posts)

  1. patdundee
    Member
    Posted 2 years ago #

    Hi Guys

    A great risk to all if you use a script plug in and flip between HTML and Visual view.

    If you use a php plug in and get your page to work, then when editing that page ensure you enter it in HTML and check your Tags and coding are still correct. If you do not the result is catastrphic, WP rewres half the tags so they are no longer valid tags and your PHP code is displayed on your WP page in public view for all to see.

    The same can be said if you use a form on your page. The minute you enter anything other than HTML view the form is stripped out and no longer works.

    Come on guys apart from the security risk you cause to PHP users that need php code on their page this is also dammed annoying and it si about time WP sorted out the problem

    Imagine having a site with over 300 items on there over various pages each wth their own form (A site i look after does) and without knowing you edit all these items in html view only to find you have to go back and reneter the form for each item and then realise that the PHP has been stripped out and your code is visible for all to see.

    Why do you do this to us???

    P

  2. I'll likely be sorry for asking this, but what are you referring to...? Are you talking about the Visual Editor, a plugin, or something else?

    If you are editing HTML via the HTML view and it's getting stripped out by the visual editor, that's what it does. That's not a security risk at all, at worse it's an annoyance. If that's it then consider switching off the visual editor in your account.

    http://your-blog-url/wp-admin/profile.php

    Or do you mean something else?

Topic Closed

This topic has been closed to new replies.

About this Topic