Escape From New York

Eba4cc68bfbc2b59c3c3a3cf789075f0?s=47 Tom J Nowell
November 01, 2015
Technology
0
420

Escape From New York

A talk on escaping and security in WordPress and PHP

Eba4cc68bfbc2b59c3c3a3cf789075f0?s=128

Tom J Nowell

November 01, 2015
Tweet

More Decks by Tom J Nowell

See All by Tom J Nowell
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
0
400
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
0
40
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
0
420
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
0
340
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
1
71
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
0
520
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
1
480
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
0
430
Eba4cc68bfbc2b59c3c3a3cf789075f0?s=48 tarendai
0
340

Other Decks in Technology

See All in Technology
Ccb58352bdd1be66ebb2daf12ba1b993?s=48 mirie_sd
0
340
953fe5f1a04d8944ead78db3991cfa6a?s=48 anoriqq
0
230
4bbea750321e2a5f5611cca47b5a8788?s=48 sasaguchi
3
1.1k
380bcd2ab751f5838abd8219df53e5fe?s=48 tomoki10
0
1.1k
2102a6b8760bd6f57f672805723dd83a?s=48 line_developers_tw
0
730
928b1395afedebb5ee48d44ab917c5f1?s=48 ryusa
1
330
8434e5fcdb11033234455d4b2bfb6bb3?s=48 voyage_tech
0
290
8aba6de431668fc8d09977c0e33c63c1?s=48 jaguar_imo
0
160
74cec195bfb6cb5165256d88cb7fcf0f?s=48 miu_crescent
2
260
332f89cc697355902a817506b6995f2b?s=48 ytaka23
2
990
2ec42cd8400b1e8e5ba125936c1d27e9?s=48 smiyaza
0
200
5c772b62f1974e9da3a88fbb4ef02696?s=48 hariby
1
120

Featured

See All Featured
79acae287842acf29084005533a7fb3b?s=48 hursman
104
9.1k
1b8ad785acdd1ce1c99914b1c2a4e10e?s=48 sugarenia
230
790k
5f50f94346fbcb23706f0707169317a4?s=48 aarron
255
36k
170b760e0147792d0140e59ec78e9893?s=48 eitanlees
108
9.6k
64827b31aef81498662e8af4bd6d5157?s=48 jonrohan
1019
370k
D09fad3e36ae6841f54820be0e907f7a?s=48 rocio
155
11k
053e75a5b48b44d6dd0612795dfb326d?s=48 notwaldorf
2
960
6804f1775cb4babfcc3851298566fbce?s=48 tanoku
85
8.4k
C620790ae5bf5b50c245b2e0ef95f338?s=48 deanohume
294
27k
Dafc4723e9a1c067796c0fec6f509774?s=48 lemiorhan
622
40k
Fde6c3a50ca518a909ef35c22c0ee0e4?s=48 destraynor
145
19k
11c84dff30266b907714802088852677?s=48 jasonvnalue
80
7.9k

Transcript

  1. Escape From New York Tom J Nowell

  2. Validation Sanitisation Escaping

  3. Validation: Is this what it claims to be?

  4. Sanitisation: Lets clean up this input

  5. Escaping: Making output safe

  6. WordPress.com VIP VIP Wrangler - @tarendai

  7. '; DROP TABLE votes'

  8. Search Results For: <?php echo $_GET[‘s’]; ?>

  9. Search Results For: <?php echo $_GET [‘s’]; ?>

  10. <b>Test</b>

  11. <b>Test</b>

  12. <script>alert(“hey”);</script>

  13. Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>

  14. Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>

  15. How to Escape

  16. Sanitize early Escape Late Escape Often

  17. No Data is Safe

  18. <script src='//peniscorp.com/topkek.js'> </script>

  19. Escape Everything..?

  20. echo $var; echo esc_html( $var );

  21. class=”<?php echo $css; ?>” class=”<?php echo esc_attr( $css ); ?>”

  22. href=”<?php echo $url; ?>” href=”<?php echo esc_url( $url ); ?>”

  23. wp_kses & wp_kses_post

  24. echo apply_filters( ‘the_content’ wp_kses_post( $content ) );

  25. tomjn.com/escaping

  26. WordPress.com VIP VIP Wrangler - @tarendai

  27. automattic.com/work-with-us/vip-wrangler/

  28. Questions? Tom J Nowell - WordPress.com VIP @tarendai - tomjn.com