Title: ionic's Replies | WordPress.org

---

# ionic

  [  ](https://wordpress.org/support/users/ionic/)

 *   [Profile](https://wordpress.org/support/users/ionic/)
 *   [Topics Started](https://wordpress.org/support/users/ionic/topics/)
 *   [Replies Created](https://wordpress.org/support/users/ionic/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/ionic/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/ionic/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/ionic/engagements/)
 *   [Favorites](https://wordpress.org/support/users/ionic/favorites/)

 Search replies:

## Forum Replies Created

Viewing 10 replies - 1 through 10 (of 10 total)

 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [NEW: Upgrade to 1.5.2](https://wordpress.org/support/topic/new-upgrade-to-152/)
 *  [ionic](https://wordpress.org/support/users/ionic/)
 * (@ionic)
 * [20 years, 10 months ago](https://wordpress.org/support/topic/new-upgrade-to-152/page/5/#post-249301)
 * macmanx: thats why the fix is credited to me in the subversion tree. nice try…
 *   Forum: [Requests and Feedback](https://wordpress.org/support/forum/requests-and-feedback/)
   
   In reply to: [Security issues with xmprpc.php](https://wordpress.org/support/topic/security-issues-with-xmprpcphp/)
 *  [ionic](https://wordpress.org/support/users/ionic/)
 * (@ionic)
 * [20 years, 10 months ago](https://wordpress.org/support/topic/security-issues-with-xmprpcphp/#post-250058)
 * WordPress >= 1.5 uses a different XMLRPC library and is therefore not vulnerable
   to those exploits.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [NEW: Upgrade to 1.5.2](https://wordpress.org/support/topic/new-upgrade-to-152/)
 *  [ionic](https://wordpress.org/support/users/ionic/)
 * (@ionic)
 * [20 years, 10 months ago](https://wordpress.org/support/topic/new-upgrade-to-152/page/5/#post-249292)
 * masquerade… the timestamp in the tarball I have and the timestamp in the current
   tarball are 9 hours different.
 * How should that be possible if it was a very fast replaced…
 * And how should it be fixed before the announcement. I read the blog entry, downloaded
   it and then reported the bug to Matt. So I am capable of time travelling…
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [NEW: Upgrade to 1.5.2](https://wordpress.org/support/topic/new-upgrade-to-152/)
 *  [ionic](https://wordpress.org/support/users/ionic/)
 * (@ionic)
 * [20 years, 10 months ago](https://wordpress.org/support/topic/new-upgrade-to-152/page/5/#post-249287)
 * Dougal you are a liar.
 * The blog entry about WordPress 1.5.2 is from 14th. The fix was commited to the
   subversion tree on the 15th. After that point the tarball was silently replaced
   at an unknown point in time.
 * Actually I learned about the new version from the blog entry. So please don’t
   lie to the WordPress users.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [NEW: Upgrade to 1.5.2](https://wordpress.org/support/topic/new-upgrade-to-152/)
 *  [ionic](https://wordpress.org/support/users/ionic/)
 * (@ionic)
 * [20 years, 10 months ago](https://wordpress.org/support/topic/new-upgrade-to-152/page/5/#post-249282)
 * Ohh, I just realise, that the WordPress developers have silently updated the 
   tarball with the fixed version.
 * Very nice action. So now some of the people that upgraded to 1.5.2 are vulnerable
   and some not…
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [NEW: Upgrade to 1.5.2](https://wordpress.org/support/topic/new-upgrade-to-152/)
 *  [ionic](https://wordpress.org/support/users/ionic/)
 * (@ionic)
 * [20 years, 10 months ago](https://wordpress.org/support/topic/new-upgrade-to-152/page/4/#post-249281)
 * masquerade, errare humanum est.
 * WordPress 1.5.2 does NOT fix the remote code execution exploit.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [NEW: Upgrade to 1.5.2](https://wordpress.org/support/topic/new-upgrade-to-152/)
 *  [ionic](https://wordpress.org/support/users/ionic/)
 * (@ionic)
 * [20 years, 10 months ago](https://wordpress.org/support/topic/new-upgrade-to-152/page/4/#post-249267)
 * Yes I did and it is fixed for 2 days in the Subversion tree.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [NEW: Upgrade to 1.5.2](https://wordpress.org/support/topic/new-upgrade-to-152/)
 *  [ionic](https://wordpress.org/support/users/ionic/)
 * (@ionic)
 * [20 years, 10 months ago](https://wordpress.org/support/topic/new-upgrade-to-152/page/4/#post-249264)
 * Just as little warning to all those now installing 1.5.2
 * WordPress 1.5.2 does not fix the remote code execution vulnerability. It just
   renders the published exploit useless.
 * After inserting 10 magic characters into the exploit it will still work against
   1.5.2
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [1.5.1.3 – remote code execution 0-DDAAYY exploit](https://wordpress.org/support/topic/1513-remote-code-execution-0-ddaayy-exploit/)
 *  [ionic](https://wordpress.org/support/users/ionic/)
 * (@ionic)
 * [20 years, 10 months ago](https://wordpress.org/support/topic/1513-remote-code-execution-0-ddaayy-exploit/#post-246733)
 * Ask photomatt.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [1.5.1.3 – remote code execution 0-DDAAYY exploit](https://wordpress.org/support/topic/1513-remote-code-execution-0-ddaayy-exploit/)
 *  [ionic](https://wordpress.org/support/users/ionic/)
 * (@ionic)
 * [20 years, 10 months ago](https://wordpress.org/support/topic/1513-remote-code-execution-0-ddaayy-exploit/#post-246730)
 * It is good that you have used quotes around “experts”.
 * Because according to experts this is an issue with poorly programmed PHP applications.
   A problem caused by lazy programmers that do not initialize their variables.
 * When you write C code you also have security problems if you do not initialize
   your variables. This is for sure not a PHP issue.
 * And as a sidenote: Chris Shiflett is not a security expert. I invite you to look
   into his very own software projects, that you can download from his website. 
   In his wwwforum you will find nearly every possible security hole that one can
   construct within a PHP application.
 * Btw: turning of register_globals in your .htaccess will not work at all on non
   apache webservers.
 * Btw2: the WordPress team knows about other security holes in WordPress 1.5.1.3
   for some time now, but they consider them not important enough to fix them.

Viewing 10 replies - 1 through 10 (of 10 total)