Unless you’re coding from scratch it’s hard to not do this with any modern framework.
I think that word modern is doing a lot of heavy lifting there.
A lot of systems simply aren’t modern. There’s always that mentality of “well, it’s been working for the last 12 years, let’s not mess with it now”, despite all the valid objections like "but it’s running on Windows2000” or “it’s a data breach waiting to happen”…
Is it though? I haven’t used a framework since probably 2007 that doesn’t do this. There are the smaller, more DIY frameworks out there but I’ve never used them professionally.
Word press code, and plugins, do not sanitize out of the box. You have to call an additional function, each time, that is not provided automatically. Many home made plugins miss that; many popular plugins used to be home made ones
Let’s take a blog and slap a whole e-commerce system on it through a plugin and let it auto translate with another one, what could go wrong. wait why is everything so slow, oh i need additional plugins for caching and one more for functionality XYZ why is everything broken now?!?
Edit: Sorry, my app had a hiccup and posted my comment several times
This was my thought as well, sanitize your inputs! Are they not quoting/casting to string before input?
Unless you’re coding from scratch it’s hard to not do this with any modern framework.
I think that word modern is doing a lot of heavy lifting there.
A lot of systems simply aren’t modern. There’s always that mentality of “well, it’s been working for the last 12 years, let’s not mess with it now”, despite all the valid objections like "but it’s running on Windows2000” or “it’s a data breach waiting to happen”…
Is it though? I haven’t used a framework since probably 2007 that doesn’t do this. There are the smaller, more DIY frameworks out there but I’ve never used them professionally.
What is a data beach?
Thanks, I missed that
Legacy systems still handle more traffic than modern ones, I’d wager
And it’s probably not seen as urgent enough an issue to need replacing the whole system for.
any govt system.
Word press code, and plugins, do not sanitize out of the box. You have to call an additional function, each time, that is not provided automatically. Many home made plugins miss that; many popular plugins used to be home made ones
Wordpress is a sin against mankind.
Let’s take a blog and slap a whole e-commerce system on it through a plugin and let it auto translate with another one, what could go wrong. wait why is everything so slow, oh i need additional plugins for caching and one more for functionality XYZ why is everything broken now?!?
Edit: Sorry, my app had a hiccup and posted my comment several times
Maybe your app is based on WordPress :'D
Yet here we are, it and the plugins handle too much of my daily traffic. It’s easy to dismiss the piss poor coding, but is done at our peril.
Everyone of us has personal data stored in those God awful plugins, in their thousands of basic security holes
deleted by creator
deleted by creator
deleted by creator
deleted by creator
deleted by creator
A couple years ago I wanted to write a simple website with SQL injection vulnerability, so I could demonstrate sqlmap to someone
It was surprisingly difficult (and every fiber in my body screamed)
Imagine how hard it is to be this bad. Yet still people manage to do it.