Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Escape From New York

Tom J Nowell
November 01, 2015
Technology
0
650

Escape From New York

A talk on escaping and security in WordPress and PHP

Tom J Nowell

November 01, 2015
Tweet

More Decks by Tom J Nowell

See All by Tom J Nowell
Using Blocks Outside The Editor
tarendai
0
820
Composer_and_WordPress__1_.pdf
tarendai
0
68
REST APIs for Absolute Beginners
tarendai
0
870
VVV 2
tarendai
0
660
WordCamp Europe 2016 - Handling Anxiety
tarendai
1
400
WP The Right Way
tarendai
0
990
Code Deodorant 2014
tarendai
1
660
Adv WP CLI
tarendai
0
640
WP CLI
tarendai
0
580

Other Decks in Technology

See All in Technology
障害対応指揮の意思決定と情報共有における価値観 / Waroom Meetup #2
arthur1
5
470
SSMRunbook作成の勘所_20241120
koichiotomo
2
140
BLADE: An Attempt to Automate Penetration Testing Using Autonomous AI Agents
bbrbbq
0
310
生成AIが変えるデータ分析の全体像
ishikawa_satoru
0
110
AWS Lambda のトラブルシュートをしていて思うこと
kazzpapa3
2
170
Amazon Personalizeの レコメンドシステム構築、実際何するの? 〜大体10分で具体的なイメージをつかむ〜
kniino
1
100
【Pycon mini 東海 2024】Google Colaboratoryで試すVLM
kazuhitotakahashi
2
500
テストコード品質を高めるためにMutation Testingライブラリ・Strykerを実戦導入してみた話
ysknsid25
7
2.6k
OCI Security サービス 概要
oracle4engineer
PRO
0
6.5k
Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024
akexorcist
0
130
初心者向けAWS Securityの勉強会mini Security-JAWSを9ヶ月ぐらい実施してきての近況
cmusudakeisuke
0
120
【Startup CTO of the Year 2024 / Audience Award】アセンド取締役CTO 丹羽健
niwatakeru
0
1k

Featured

See All Featured
Documentation Writing (for coders)
carmenintech
65
4.4k
Six Lessons from altMBA
skipperchong
27
3.5k
Intergalactic Javascript Robots from Outer Space
tanoku
269
27k
A Tale of Four Properties
chriscoyier
156
23k
Thoughts on Productivity
jonyablonski
67
4.3k
Product Roadmaps are Hard
iamctodd
PRO
49
11k
Mobile First: as difficult as doing things right
swwweet
222
8.9k
Build The Right Thing And Hit Your Dates
maggiecrowley
33
2.4k
10 Git Anti Patterns You Should be Aware of
lemiorhan
654
59k
VelocityConf: Rendering Performance Case Studies
addyosmani
325
24k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
109
49k
Designing for Performance
lara
604
68k

Transcript

  1. Escape From New York Tom J Nowell

  2. Validation Sanitisation Escaping

  3. Validation: Is this what it claims to be?

  4. Sanitisation: Lets clean up this input

  5. Escaping: Making output safe

  6. WordPress.com VIP VIP Wrangler - @tarendai

  7. '; DROP TABLE votes'

  8. Search Results For: <?php echo $_GET[‘s’]; ?>

  9. Search Results For: <?php echo $_GET [‘s’]; ?>

  10. <b>Test</b>

  11. <b>Test</b>

  12. <script>alert(“hey”);</script>

  13. Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>

  14. Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>

  15. How to Escape

  16. Sanitize early Escape Late Escape Often

  17. No Data is Safe

  18. <script src='//peniscorp.com/topkek.js'> </script>

  19. Escape Everything..?

  20. echo $var; echo esc_html( $var );

  21. class=”<?php echo $css; ?>” class=”<?php echo esc_attr( $css ); ?>”

  22. href=”<?php echo $url; ?>” href=”<?php echo esc_url( $url ); ?>”

  23. wp_kses & wp_kses_post

  24. echo apply_filters( ‘the_content’ wp_kses_post( $content ) );

  25. tomjn.com/escaping

  26. WordPress.com VIP VIP Wrangler - @tarendai

  27. automattic.com/work-with-us/vip-wrangler/

  28. Questions? Tom J Nowell - WordPress.com VIP @tarendai - tomjn.com