Greenguy's Board - View Single Post

cd34 · 2009-05-07, 01:05 AM

The problem is that when you decode it like that, you see the rendered code. So, if there was a widget called in the footer, you would have the rendered widget and you couldn't use the wordpress admin to control it.

Secondly, if you do view the rendered text and think, ok, I'm good with what is being displayed, you would miss any possible exploits that require certain parameters or header values and you wouldn't be able to see the actual code being executed.

I wouldn't use that as a safety net, though, if it didn't include your existing footer widgets, then I would think you should be ok.

What I'm starting to see somewhat frequently is that they are wrapping integral page functions into their encoding to prevent you from blindly removing the encoded block.

2009-05-07, 01:05 AM	#11
cd34 a.k.a. Sparky Join Date: Sep 2004 Location: West Palm Beach, FL, USA Posts: 2,396	The problem is that when you decode it like that, you see the rendered code. So, if there was a widget called in the footer, you would have the rendered widget and you couldn't use the wordpress admin to control it. Secondly, if you do view the rendered text and think, ok, I'm good with what is being displayed, you would miss any possible exploits that require certain parameters or header values and you wouldn't be able to see the actual code being executed. I wouldn't use that as a safety net, though, if it didn't include your existing footer widgets, then I would think you should be ok. What I'm starting to see somewhat frequently is that they are wrapping integral page functions into their encoding to prevent you from blindly removing the encoded block. __________________ SnapReplay.com a different way to share photos - iPhone & Android