A great risk to all if you use a script plug in and flip between HTML and Visual view.
If you use a php plug in and get your page to work, then when editing that page ensure you enter it in HTML and check your Tags and coding are still correct. If you do not the result is catastrphic, WP rewres half the tags so they are no longer valid tags and your PHP code is displayed on your WP page in public view for all to see.
The same can be said if you use a form on your page. The minute you enter anything other than HTML view the form is stripped out and no longer works.
Come on guys apart from the security risk you cause to PHP users that need php code on their page this is also dammed annoying and it si about time WP sorted out the problem
Imagine having a site with over 300 items on there over various pages each wth their own form (A site i look after does) and without knowing you edit all these items in html view only to find you have to go back and reneter the form for each item and then realise that the PHP has been stripped out and your code is visible for all to see.
Why do you do this to us???
- The topic ‘Security risk with plugins for PHP’ is closed to new replies.