Web Development, PHP, Cloud Computing and more

Tag: security

Should I escape translated strings in a WordPress plugin or theme?

Post author By James Collins
Post date 5th May 2012
2 Comments on Should I escape translated strings in a WordPress plugin or theme?

When writing a WordPress plugin recently, I wasn’t sure whether a translatable text/string is considered safe, or if it needs to escaped before being output.

Here’s a simple example:

The Problem

At first glance, that code looks like it should be safe, however what would happen if the string was translated to contained an angled bracket (< or >)?

That would result in invalid HTML code. Or even worse, what if the translation file contained a malicious <script> tag?

The Solution

Tags code, esc_attr, esc_attr__, esc_html__, esc_html_e, Plugin, Sanitation, security, WordPress

WordPress

WordPress 3.0.3 (Security Fix) Released

Post author By James Collins
Post date 9th December 2010
No Comments on WordPress 3.0.3 (Security Fix) Released

WordPress 3.0.3 has just been released.

It is a security release which fixes issues in WordPress’ XML-RPC remote publishing protocol. If you are using XML-RPC and your blog has untrusted Author or Contributor users, then you should upgrade as soon as possible.

Tags security, WordPress, XML-RPC