Escape From New York

Eba4cc68bfbc2b59c3c3a3cf789075f0?s=47 Tom J Nowell
November 01, 2015
Technology
0
400

Escape From New York

A talk on escaping and security in WordPress and PHP

Eba4cc68bfbc2b59c3c3a3cf789075f0?s=128

Tom J Nowell

November 01, 2015
Tweet

More Decks by Tom J Nowell

See All by Tom J Nowell
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
0
370
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
0
39
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
0
400
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
0
320
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
1
58
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
0
500
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
1
470
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
0
420
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
0
320

Other Decks in Technology

See All in Technology
40301c0affdf359eaca771713e22b71a?s=48 harshbothra
0
950
C5e26822fb2aa64410b50eac63ef7d84?s=48 fill9120
1
230
Dd2fa99b9a9a3aa316986727ce8e134c?s=48 goccy
13
6.5k
8a84268593355816432ceaf78777d585?s=48 dena_tech
0
2.2k
Cd891a89dfec6ca7bd278b5f5bd87c90?s=48 tzkoba
1
410
9e7a653ed313b3da4b263a772bfc5026?s=48 clustervr
0
430
A645e7c3a6635ead8fa323c583769591?s=48 hololab
0
280
Ba617809127d7a39e59aeb3124974165?s=48 hi1280
5
1.1k
F3f3eec8682a76ed430054e8fd994f15?s=48 tmnakagawa
0
750
A857277d74d4719f7f7751dca5ed553e?s=48 cmusudakeisuke
0
1.3k
9888b1cb1b2a5d93095bbd98daf2efa5?s=48 emi0726
0
220
B3d836132393f607053b041f70dafbfc?s=48 horiuchie
1
110

Featured

See All Featured
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
190
8.6k
7653c7c449918ff6542880a8c284f5e7?s=48 jponch
101
4.8k
24fc194843a71f10949be18d5a692682?s=48 gr2m
82
11k
Ae14cc4491ac334f9cd23f9f93b4305e?s=48 orderedlist
325
34k
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
391
60k
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
189
17k
B83d5b590577969ee79a5ad845411a7d?s=48 ammeep
652
54k
6804f1775cb4babfcc3851298566fbce?s=48 tanoku
256
24k
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
1348
190k
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
407
57k
282d599b414022eba5096510f675b6e2?s=48 chrislema
169
14k
D8fc2580cfaca035f666d9e4ee79a7f7?s=48 mongodb
23
3.7k

Transcript

  1. Escape From New York Tom J Nowell

  2. Validation Sanitisation Escaping

  3. Validation: Is this what it claims to be?

  4. Sanitisation: Lets clean up this input

  5. Escaping: Making output safe

  6. WordPress.com VIP VIP Wrangler - @tarendai

  7. '; DROP TABLE votes'

  8. Search Results For: <?php echo $_GET[‘s’]; ?>

  9. Search Results For: <?php echo $_GET [‘s’]; ?>

  10. <b>Test</b>

  11. <b>Test</b>

  12. <script>alert(“hey”);</script>

  13. Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>

  14. Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>

  15. How to Escape

  16. Sanitize early Escape Late Escape Often

  17. No Data is Safe

  18. <script src='//peniscorp.com/topkek.js'> </script>

  19. Escape Everything..?

  20. echo $var; echo esc_html( $var );

  21. class=”<?php echo $css; ?>” class=”<?php echo esc_attr( $css ); ?>”

  22. href=”<?php echo $url; ?>” href=”<?php echo esc_url( $url ); ?>”

  23. wp_kses & wp_kses_post

  24. echo apply_filters( ‘the_content’ wp_kses_post( $content ) );

  25. tomjn.com/escaping

  26. WordPress.com VIP VIP Wrangler - @tarendai

  27. automattic.com/work-with-us/vip-wrangler/

  28. Questions? Tom J Nowell - WordPress.com VIP @tarendai - tomjn.com