CodeSOD: The Core Class

, Software Pundits
This post was originally published on this site

The Daily WTF

We’ve had a bit of a run of PHP in the inbox lately, which is fine, but certainly isn’t doing anything to help PHP’s reputation as a WTF factory. This one comes from Lucio C, who was hired to fix a hacked WordPress installation.

Much of the fixing was figuring out what data was safe to recover, what files may have been tampered with, and generally assessing the damage.

While doing that assessment, Lucio found this perfectly legitimate file in a perfectly legitimate WordPress plugin. This file was not altered by the hackers, but…

/** * The core class, where logic is defined. */ class Core { public $footer_content; // […] public function footer_content() { if ( ” !== $this->footer_content && !is_admin() ) { $html = ‘<div id=”igm-hidden-footer-content”>’ . $this->footer_content . ‘</div>’; // we should sanitize for security, but users //want to include all kinds of content, including forms. /*

To read the full article click on the 'post' link at the top.

Date

You May Also Like

A Tapestry of Threads

Error'd: Are You Old Enough to Know Better?

Perfect Uptime

Classic WTF: Working Around, Over and Through the Process

CodeSOD: Constantly Magic

CodeSOD: In House Refactoring

More Posts From: Software Pundits

Error'd: No Time Like the Present

CodeSOD: Don't Date Me

CodeSOD: Expressing a Leak

Representative Line: Broken Up With

COGNOS: Fast, Private & On-Demand Answers for Business Operations

CodeSOD: Where is the Validation At?