Title: skippy's Replies | WordPress.org

---

# skippy

  [  ](https://wordpress.org/support/users/skippy/)

 *   [Profile](https://wordpress.org/support/users/skippy/)
 *   [Topics Started](https://wordpress.org/support/users/skippy/topics/)
 *   [Replies Created](https://wordpress.org/support/users/skippy/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/skippy/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/skippy/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/skippy/engagements/)
 *   [Favorites](https://wordpress.org/support/users/skippy/favorites/)

 Search replies:

## Forum Replies Created

Viewing 15 replies - 1 through 15 (of 1,447 total)

1 [2](https://wordpress.org/support/users/skippy/replies/page/2/?output_format=md)
[3](https://wordpress.org/support/users/skippy/replies/page/3/?output_format=md)…
[95](https://wordpress.org/support/users/skippy/replies/page/95/?output_format=md)
[96](https://wordpress.org/support/users/skippy/replies/page/96/?output_format=md)
[97](https://wordpress.org/support/users/skippy/replies/page/97/?output_format=md)
[→](https://wordpress.org/support/users/skippy/replies/page/2/?output_format=md)

 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [WordPress Database Backup: Directory Traversal Vulnerability](https://wordpress.org/support/topic/wordpress-database-backup-directory-traversal-vulnerability/)
 *  Thread Starter [skippy](https://wordpress.org/support/users/skippy/)
 * (@skippy)
 * [19 years, 9 months ago](https://wordpress.org/support/topic/wordpress-database-backup-directory-traversal-vulnerability/page/2/#post-435783)
 * miklb: I don’t see why not. The modifications Ryan made only check to ensure 
   that directory traversal isn’t happening (using “../” in the file name to move
   up the directory tree). The cron job backups shouldn’t be doing anything like
   that.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [WordPress Database Backup: Directory Traversal Vulnerability](https://wordpress.org/support/topic/wordpress-database-backup-directory-traversal-vulnerability/)
 *  Thread Starter [skippy](https://wordpress.org/support/users/skippy/)
 * (@skippy)
 * [19 years, 9 months ago](https://wordpress.org/support/topic/wordpress-database-backup-directory-traversal-vulnerability/page/2/#post-435780)
 * “defcon” is [Defense Condition](http://en.wikipedia.org/wiki/Defcon).
 * Ryan Boren cooked up [a fix](http://trac.wordpress.org/changeset/4095) for the
   directory traversal vulnerability. [Download it here](http://trac.wordpress.org/browser/trunk/wp-content/plugins/wp-db-backup.php?rev=4095&format=raw).
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [WordPress Database Backup: Directory Traversal Vulnerability](https://wordpress.org/support/topic/wordpress-database-backup-directory-traversal-vulnerability/)
 *  Thread Starter [skippy](https://wordpress.org/support/users/skippy/)
 * (@skippy)
 * [19 years, 9 months ago](https://wordpress.org/support/topic/wordpress-database-backup-directory-traversal-vulnerability/#post-435749)
 * vkaryl: for the record, the original version of my plugin only required write
   access to the /backup/ directory inside /wp-content/ and then only for the web
   server, not for everyone.
 * When Matt bundled WP-DB Backup with the core WordPress download, he modified 
   it to use a semi-secret suffix on the directory name, so that folks couldn’t 
   guess the on-disk location of the backup files. This was a reasonable thing to
   do.
 * The plugin tries to automatically make this directory, and dies if it cannot 
   succeed. As such, the /wp-content/ directory needs to be writable. Again, it 
   really only needs write access to the webserver, but the docs team seems to have
   found it easier to just tell people to make it world-writable.
 * I questioned Matt about this, and his reply was “/wp-content/ was always meant
   to be writable.” I disagree strongly with this position, myself, but it’s out
   of my hands at this point. *sigh*
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [WordPress Database Backup: Directory Traversal Vulnerability](https://wordpress.org/support/topic/wordpress-database-backup-directory-traversal-vulnerability/)
 *  Thread Starter [skippy](https://wordpress.org/support/users/skippy/)
 * (@skippy)
 * [19 years, 9 months ago](https://wordpress.org/support/topic/wordpress-database-backup-directory-traversal-vulnerability/#post-435744)
 * I renamed the file from wp-db-backup.php to something else. That way, when I 
   replace the file with the fixed version I won’t need to re-activate it. Of course
   this means that cron jobs won’t run, but that shouldn’t be a big deal for the
   time being.
 * I honestly don’t know whether WordPress allows execution of the plugin when accessed
   directly, even if the plugin has been disabled.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [Creating a submission form: accessing user details](https://wordpress.org/support/topic/creating-a-submission-form-accessing-user-details/)
 *  [skippy](https://wordpress.org/support/users/skippy/)
 * (@skippy)
 * [20 years, 2 months ago](https://wordpress.org/support/topic/creating-a-submission-form-accessing-user-details/#post-340873)
 * `get_currentuserinfo()` sets a number of global variables. You can see them all
   in the function at line 34 in /wp-includes/pluggable-functions.php
 * For your convenience, here they are:
    `$user_login = $_COOKIE[USER_COOKIE]; $
   userdata = get_userdatabylogin($user_login); $user_level = $userdata->user_level;
   $user_ID = $userdata->ID; $user_email = $userdata->user_email; $user_url = $userdata-
   >user_url; $user_pass_md5 = md5($userdata->user_pass); $user_identity = $userdata-
   >display_name;
 * To use any of these, you must make them global, like this:
    `global $user_identity;
   get_currentuserinfo(); if ('' != $user_identity) { echo "Hi there, $user_identity!";}
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [How to prepare for a slashdotting using 2.0?](https://wordpress.org/support/topic/how-to-prepare-for-a-slashdotting-using-20/)
 *  [skippy](https://wordpress.org/support/users/skippy/)
 * (@skippy)
 * [20 years, 2 months ago](https://wordpress.org/support/topic/how-to-prepare-for-a-slashdotting-using-20/#post-340713)
 * [This draft document](http://codex.wordpress.org/User:Ringmaster/WordPress_in_High_Traffic)
   should help explain some of the concerns. The slashdot effect very often crushes
   your network before it crushes your server. Or your Apache is too busy spawning
   children that your WordPress configuration never really becomes an issue, because
   you’ve exhausted your free memory…
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [sending post to blog via email](https://wordpress.org/support/topic/sending-post-to-blog-via-email/)
 *  [skippy](https://wordpress.org/support/users/skippy/)
 * (@skippy)
 * [20 years, 2 months ago](https://wordpress.org/support/topic/sending-post-to-blog-via-email/#post-340165)
 * jhkessel: ensure that you’re sending plaintext emails to your secret account,
   and not HTML.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Does having a lot of categories slow WP down, or increase server load?](https://wordpress.org/support/topic/does-having-a-lot-of-categories-slow-wp-down-or-increase-server-load/)
 *  [skippy](https://wordpress.org/support/users/skippy/)
 * (@skippy)
 * [20 years, 2 months ago](https://wordpress.org/support/topic/does-having-a-lot-of-categories-slow-wp-down-or-increase-server-load/#post-339366)
 * Tags might be a better solution. Check out the UltimateTagWarrior plugin.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [sending post to blog via email](https://wordpress.org/support/topic/sending-post-to-blog-via-email/)
 *  [skippy](https://wordpress.org/support/users/skippy/)
 * (@skippy)
 * [20 years, 2 months ago](https://wordpress.org/support/topic/sending-post-to-blog-via-email/#post-340159)
 * As described in the [Blog_By_Email](http://codex.wordpress.org/Blog_By_Email)
   instructions, by default you need to manually load the `wp-mail.php` file in 
   order to cause WordPress to query your secret account.
 * Several alternative solutions exist, using cron or WP-Cron. They’re documented
   on the [Blog_By_Email](http://codex.wordpress.org/Blog_By_Email) page.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [Newsletter plugin](https://wordpress.org/support/topic/newsletter-plugin-2/)
 *  [skippy](https://wordpress.org/support/users/skippy/)
 * (@skippy)
 * [20 years, 2 months ago](https://wordpress.org/support/topic/newsletter-plugin-2/#post-332285)
 * My subscribe2 plugin has been updated to provide daily digests (assuming you’re
   using WordPress 2.01 and my WP-Cron plugin), so that might be an option for some.
 * My cat2email plugin was written to connect WordPress to a dedicated mailing list
   application, like GNU Mailman: new posts to the blog are sent as email messages
   to the mailing list.
 *   Forum: [Everything else WordPress](https://wordpress.org/support/forum/miscellaneous/)
   
   In reply to: [Ugly Content-Stealing via RSS-Feeds](https://wordpress.org/support/topic/ugly-content-stealing-via-rss-feeds/)
 *  [skippy](https://wordpress.org/support/users/skippy/)
 * (@skippy)
 * [20 years, 3 months ago](https://wordpress.org/support/topic/ugly-content-stealing-via-rss-feeds/#post-339827)
 * You could switch to sending excerpts in your feeds, and then manually craft excerpts
   that make it clear where the content is originating from, and who’s stealing 
   it.
 *   Forum: [Everything else WordPress](https://wordpress.org/support/forum/miscellaneous/)
   
   In reply to: [Ugly Content-Stealing via RSS-Feeds](https://wordpress.org/support/topic/ugly-content-stealing-via-rss-feeds/)
 *  [skippy](https://wordpress.org/support/users/skippy/)
 * (@skippy)
 * [20 years, 3 months ago](https://wordpress.org/support/topic/ugly-content-stealing-via-rss-feeds/#post-339824)
 * Much of the “Search Engine Optimization” game is an exercise in making money 
   off of someone else’s efforts.
 * You can block incoming connections from the remote site, via firewall rules or(
   possibly) .htaccess rules. You can ask your hosting provider for assistance. 
   You can also send a notice to `abuse@ev1servers.net`, the hosting company used
   by that site.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Top authors](https://wordpress.org/support/topic/top-authors/)
 *  [skippy](https://wordpress.org/support/users/skippy/)
 * (@skippy)
 * [20 years, 3 months ago](https://wordpress.org/support/topic/top-authors/#post-339822)
 * `get_the_author_url()` needs to be called from within [The_Loop](http://codex.wordpress.org/The_Loop),
   so it’s likely not what you want.
 * There might be a plugin to accomplish what you want, but I don’t know of one.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Creating Permalinks?](https://wordpress.org/support/topic/creating-permalinks-2/)
 *  [skippy](https://wordpress.org/support/users/skippy/)
 * (@skippy)
 * [20 years, 3 months ago](https://wordpress.org/support/topic/creating-permalinks-2/#post-339289)
 * WordPress doesn’t store the permalinks in the database at all. The permalink 
   structure stored in the database (wp_options table) is used to parse the incoming
   request and prepare a query to fetch posts that match the structure.
 * So if you’re inserting posts directly to the database, you shouldn’t need to 
   worry about permalinks.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Only Summary on front page](https://wordpress.org/support/topic/only-summary-on-front-page/)
 *  [skippy](https://wordpress.org/support/users/skippy/)
 * (@skippy)
 * [20 years, 3 months ago](https://wordpress.org/support/topic/only-summary-on-front-page/#post-339819)
 * The QuickTags documentation should still be valid, and it explains what the `
   <!--more-->` tag is, and why you’d use it.

Viewing 15 replies - 1 through 15 (of 1,447 total)

1 [2](https://wordpress.org/support/users/skippy/replies/page/2/?output_format=md)
[3](https://wordpress.org/support/users/skippy/replies/page/3/?output_format=md)…
[95](https://wordpress.org/support/users/skippy/replies/page/95/?output_format=md)
[96](https://wordpress.org/support/users/skippy/replies/page/96/?output_format=md)
[97](https://wordpress.org/support/users/skippy/replies/page/97/?output_format=md)
[→](https://wordpress.org/support/users/skippy/replies/page/2/?output_format=md)