$30 off During Our Annual Pro Sale. View Details »

Escape From New York

Tom J Nowell
November 01, 2015

Escape From New York

A talk on escaping and security in WordPress and PHP

Tom J Nowell

November 01, 2015
Tweet

More Decks by Tom J Nowell

Other Decks in Technology

Transcript

  1. Escape From New York
    Tom J Nowell

    View Slide

  2. Validation
    Sanitisation
    Escaping

    View Slide

  3. Validation:
    Is this what it claims to be?

    View Slide

  4. Sanitisation:
    Lets clean up this input

    View Slide

  5. Escaping:
    Making output safe

    View Slide

  6. WordPress.com VIP
    VIP Wrangler - @tarendai

    View Slide

  7. '; DROP TABLE votes'

    View Slide

  8. Search Results For:

    View Slide

  9. Search Results For: [‘s’]; ?>

    View Slide

  10. Test

    View Slide

  11. Test

    View Slide

  12. alert(“hey”);

    View Slide

  13. Search Results For:

    View Slide

  14. Search Results For:

    View Slide

  15. How to Escape

    View Slide

  16. Sanitize early
    Escape Late
    Escape Often

    View Slide

  17. No Data is Safe

    View Slide

  18. <br/>

    View Slide

  19. Escape Everything..?

    View Slide

  20. echo $var;
    echo esc_html( $var );

    View Slide

  21. class=””
    class=””

    View Slide

  22. href=””
    href=””

    View Slide

  23. wp_kses & wp_kses_post

    View Slide

  24. echo apply_filters( ‘the_content’
    wp_kses_post( $content ) );

    View Slide

  25. tomjn.com/escaping

    View Slide

  26. WordPress.com VIP
    VIP Wrangler - @tarendai

    View Slide

  27. automattic.com/work-with-us/vip-wrangler/

    View Slide

  28. Questions?
    Tom J Nowell - WordPress.com VIP
    @tarendai - tomjn.com

    View Slide