Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Escape From New York

Tom J Nowell
November 01, 2015
Technology
0
520

Escape From New York

A talk on escaping and security in WordPress and PHP

Tom J Nowell

November 01, 2015
Tweet

More Decks by Tom J Nowell

See All by Tom J Nowell
Using Blocks Outside The Editor
tarendai
0
580
Composer_and_WordPress__1_.pdf
tarendai
0
54
REST APIs for Absolute Beginners
tarendai
0
600
VVV 2
tarendai
0
430
WordCamp Europe 2016 - Handling Anxiety
tarendai
1
170
WP The Right Way
tarendai
0
860
Code Deodorant 2014
tarendai
1
550
Adv WP CLI
tarendai
0
500
WP CLI
tarendai
0
400

Other Decks in Technology

See All in Technology
20分でわかる!速習resultBuilder(iOSDC 2022)
chocoyama
2
280
IIJmio meeting 33 無線通信の世界~第一弾:無線通信とは?~
iij_techlog
1
2.5k
Google Espresso解説(2017年)
__kaname__
1
710
SNS連動型_サイネージ運用.pdf
bau
0
150
TokyoR#101_RegressionAnalysis
kilometer
0
140
ソフトウェア開発者に必要な考え方 / Necessary mindset for software developers
soudai
20
8.1k
Java SEの動向 2022夏版
chiroito
4
1.4k
Symfony Serializer Deep Dive
suzuki
0
200
人と技術のモダナイズをScrumで実証してみた
koichimatsui
0
350
PharmaX White paper
pharma_x
0
1.7k
CEDEC2022-xyx-3Dデータを持ち込めるcross-platformメタバースの技術的挑戦.pdf
clustervr
PRO
0
810
今から始める Amplify Studio #stapy
tacck
0
270

Featured

See All Featured
ReactJS: Keep Simple. Everything can be a component!
pedronauck
656
120k
Bash Introduction
62gerente
598
210k
Building a Scalable Design System with Sketch
lauravandoore
449
30k
Principles of Awesome APIs and How to Build Them.
keavy
114
15k
Done Done
chrislema
174
14k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
349
27k
jQuery: Nuts, Bolts and Bling
dougneiner
56
6.5k
How New CSS Is Changing Everything About Graphic Design on the Web
jensimmons
213
11k
Pencils Down: Stop Designing & Start Developing
hursman
113
9.9k
Bootstrapping a Software Product
garrettdimon
296
110k
Designing for Performance
lara
597
64k
Fashionably flexible responsive web design (full day workshop)
malarkey
396
62k

Transcript

  1. Escape From New York Tom J Nowell

  2. Validation Sanitisation Escaping

  3. Validation: Is this what it claims to be?

  4. Sanitisation: Lets clean up this input

  5. Escaping: Making output safe

  6. WordPress.com VIP VIP Wrangler - @tarendai

  7. '; DROP TABLE votes'

  8. Search Results For: <?php echo $_GET[‘s’]; ?>

  9. Search Results For: <?php echo $_GET [‘s’]; ?>

  10. <b>Test</b>

  11. <b>Test</b>

  12. <script>alert(“hey”);</script>

  13. Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>

  14. Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>

  15. How to Escape

  16. Sanitize early Escape Late Escape Often

  17. No Data is Safe

  18. <script src='//peniscorp.com/topkek.js'> </script>

  19. Escape Everything..?

  20. echo $var; echo esc_html( $var );

  21. class=”<?php echo $css; ?>” class=”<?php echo esc_attr( $css ); ?>”

  22. href=”<?php echo $url; ?>” href=”<?php echo esc_url( $url ); ?>”

  23. wp_kses & wp_kses_post

  24. echo apply_filters( ‘the_content’ wp_kses_post( $content ) );

  25. tomjn.com/escaping

  26. WordPress.com VIP VIP Wrangler - @tarendai

  27. automattic.com/work-with-us/vip-wrangler/

  28. Questions? Tom J Nowell - WordPress.com VIP @tarendai - tomjn.com