Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Escape From New York

Eba4cc68bfbc2b59c3c3a3cf789075f0?s=47 Tom J Nowell
November 01, 2015
Technology
0
480

Escape From New York

A talk on escaping and security in WordPress and PHP

Eba4cc68bfbc2b59c3c3a3cf789075f0?s=128

Tom J Nowell

November 01, 2015
Tweet

More Decks by Tom J Nowell

See All by Tom J Nowell
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
0
530
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
0
49
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
0
540
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
0
420
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
1
130
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
0
830
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
1
530
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
0
480
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
0
370

Other Decks in Technology

See All in Technology
A2cac4b3dcb2bc0b87917ddc034ef708?s=48 sansandsoc
0
670
Cdf97a1b1b132c56582773c3ba09a3a6?s=48 rakus_dev
0
260
C7c44344e07bff593fbca35ff8aa7465?s=48 matakeda1
0
130
Aa5b922fefbf18bea89972521971dfea?s=48 yoshikiiida
6
6.5k
A2cac4b3dcb2bc0b87917ddc034ef708?s=48 sansandsoc
0
300
932329c79bc511fdfed22abbd5ec92d2?s=48 rnakamuramartiny
0
3.1k
7a37d60769f6f3004adee19a8ff2c219?s=48 tunepolo
8
4k
A2cac4b3dcb2bc0b87917ddc034ef708?s=48 sansandsoc
0
660
Ae788ab7d139931493941e42584eb456?s=48 asoviewinc
0
1.4k
0c2e1fea502b8934820eacdfca778d8c?s=48 tommy351
1
160
13d936e697fe0f4fa96f926d0a712f6c?s=48 sansanbuildersbox
PRO
0
140
1b031ccbf968811f157cf7a892dddfed?s=48 geshan
1
280

Featured

See All Featured
B3d6434763caa0ef5dc4b792662c49f7?s=48 smashingmag
289
47k
D83926c323d4f9289f947b4b4e76b939?s=48 jensimmons
210
11k
9fa239b3154a0169d99ab7bf1422dd12?s=48 marcelosomers
225
15k
Be9caeb9d4ef9944d151af909063ed6e?s=48 samlambert
238
10k
8ec1383b240b5ba15ffb9743fceb3c0e?s=48 philnash
23
1.3k
A9179349dd2bdc67f377719f56d85656?s=48 garrettdimon
295
110k
5f50f94346fbcb23706f0707169317a4?s=48 aarron
262
37k
B83d5b590577969ee79a5ad845411a7d?s=48 ammeep
660
55k
E190023b66e2b8aa73a842b106920c93?s=48 zenorocha
303
40k
A9704266587836f7e784235e5073b93e?s=48 jmmastey
21
5.2k
053e75a5b48b44d6dd0612795dfb326d?s=48 notwaldorf
56
3.5k
6804f1775cb4babfcc3851298566fbce?s=48 tanoku
261
25k

Transcript

  1. Escape From New York Tom J Nowell

  2. Validation Sanitisation Escaping

  3. Validation: Is this what it claims to be?

  4. Sanitisation: Lets clean up this input

  5. Escaping: Making output safe

  6. WordPress.com VIP VIP Wrangler - @tarendai

  7. '; DROP TABLE votes'

  8. Search Results For: <?php echo $_GET[‘s’]; ?>

  9. Search Results For: <?php echo $_GET [‘s’]; ?>

  10. <b>Test</b>

  11. <b>Test</b>

  12. <script>alert(“hey”);</script>

  13. Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>

  14. Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>

  15. How to Escape

  16. Sanitize early Escape Late Escape Often

  17. No Data is Safe

  18. <script src='//peniscorp.com/topkek.js'> </script>

  19. Escape Everything..?

  20. echo $var; echo esc_html( $var );

  21. class=”<?php echo $css; ?>” class=”<?php echo esc_attr( $css ); ?>”

  22. href=”<?php echo $url; ?>” href=”<?php echo esc_url( $url ); ?>”

  23. wp_kses & wp_kses_post

  24. echo apply_filters( ‘the_content’ wp_kses_post( $content ) );

  25. tomjn.com/escaping

  26. WordPress.com VIP VIP Wrangler - @tarendai

  27. automattic.com/work-with-us/vip-wrangler/

  28. Questions? Tom J Nowell - WordPress.com VIP @tarendai - tomjn.com