The eclectic musings of a bitter software engineer.

WordPress sucks

Tuesday December 11, 2007 @ 05:11 PM (PST)

More than two years ago, I wrote a scathing, obscenity-filled tirade about WordPress's misuse of addslashes() to escape user-supplied strings used in SQL queries.

Lots of people posted comments. Some said I was being pedantic, some said I was downright wrong, and one person linked to a diff showing a fix that was supposedly going to be in the next release.

Apparently they never got around to releasing that fix.

Post a comment

Comments

You turned me off from Wordpress...

I must say, your Tirade did cause me (in part) to give up using WordPress, mainly for the same reasons you did.

If only a very talented coder would release their blogging engine, then perhaps people would have an alternative. ;P

Wednesday December 12, 2007 @ 05:52 PM (PST) Posted by Innismir

Re: You turned me off from Wordpress...

cough, cough

Wednesday December 12, 2007 @ 06:26 PM (PST) Posted by Ryan Grove

Real Escape String?

addslashes() is so dangerous. Rumor had it not too long ago, one fateful (ostracized) core developer was working on a Taint mode for PHP. Link pn PHP patch for taint mode while the previous link is not stable enough, at least people are working towards getting "you did something really bad" support.

Wednesday December 12, 2007 @ 06:50 PM (PST) Posted by Jakob Heuser
Post a comment

Basic XHTML (including links) is allowed, just don't try anything fishy. Your comment will be auto-formatted unless you use your own <p> tags for formatting. You're also welcome to use Textile.

Don't type anything here unless you're an evil robot:


And especially don't type anything here:

Copyright © 2002-2008 Ryan Grove. All rights reserved.
Powered by Thoth.