Zum Inhalt springen
g

Posts:

WordPress 5.2.4 Security Update

WordPress Logo an die VW-Fabrik gephotoshopped

This security release fixes 6 security issues.
WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2.
- Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer.
- Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts.
- Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags.
- Props to David Newman for highlighting a method to poison the cache of JSON GET requests via the Vary: Origin header.
- Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs are validated.
- Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin.
Thank you to all of the reporters for privately disclosing the vulnerabilities, which gave us time to fix them before WordPress sites could be attacked.

Srcmaps fressen kein Brot

Meinte doch gerade der geschätzte Herr @xwolf auf Twitter: Aber gerne doch. :-)

Caption this…

Lightbulb with stereo plug 6.3mm inside

Escaping The Social Media Trap - Kiki Thaerigen

Social Media wants your constant attention. Social Media wants your time. Social Media is stealing your time, time you could better be using for your creative work and/or well-being. But Social Media also today is the way to advertise and display said work, and possibly get feedback, recognition even. And once you have kind of...

(Digital) Climate Strike - September 20th, 2019

Global Climate Strike 20-27 Sept

My site here will join the digital climate strike on this friday. For this I made a small WordPress plugin that will display a placeholder page with infos on the ClimateStrike actions for all requests but for a list of urls that can be configured (for privacy policy and legal info pages) and the admin...

2050: The Fight For Earth - Bill McKibben | time.com

How the earth would look in 2050 if we solved climate change - What if the US came around and acted swiftly on climate change?

Simplicity (II) - Bastian Allgeier

Bastian reflects on a topic that's very close to (my) home -- the supposedly unavoidable Tooliganismn that is involved with working on the "modern" web.

Skating Polly - Stop Digging

Die 90er sind wieder da und ich feiere das! (und who needs guitars anyway?)

React - Charlie Owen

Please read this post on why there's not only a problem with this popular JS framework, but how it actually hurts 'the web' (that was, as Charlie put it). It echoes my stance and resentiment against all client-side only JS 'app'ification, and that is even without the meta aspects about society and representation that Charly...