this post was submitted on 24 Feb 2025
406 points (98.6% liked)
Technology
65007 readers
5648 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This was my thought as well, sanitize your inputs! Are they not quoting/casting to string before input?
Unless you’re coding from scratch it’s hard to not do this with any modern framework.
Legacy systems still handle more traffic than modern ones, I’d wager
And it's probably not seen as urgent enough an issue to need replacing the whole system for.
any govt system.
Word press code, and plugins, do not sanitize out of the box. You have to call an additional function, each time, that is not provided automatically. Many home made plugins miss that; many popular plugins used to be home made ones
Wordpress is a sin against mankind.
Let's take a blog and slap a whole e-commerce system on it through a plugin and let it auto translate with another one, what could go wrong. wait why is everything so slow, oh i need additional plugins for caching and one more for functionality XYZ why is everything broken now?!?
Edit: Sorry, my app had a hiccup and posted my comment several times
Maybe your app is based on WordPress :'D
Yet here we are, it and the plugins handle too much of my daily traffic. It’s easy to dismiss the piss poor coding, but is done at our peril.
Everyone of us has personal data stored in those God awful plugins, in their thousands of basic security holes
A couple years ago I wanted to write a simple website with SQL injection vulnerability, so I could demonstrate sqlmap to someone
It was surprisingly difficult (and every fiber in my body screamed)
Imagine how hard it is to be this bad. Yet still people manage to do it.
I think that word modern is doing a lot of heavy lifting there.
A lot of systems simply aren't modern. There's always that mentality of "well, it's been working for the last 12 years, let's not mess with it now", despite all the valid objections like "but it's running on Windows2000” or "it's a data breach waiting to happen"...
What is a data beach?
Thanks, I missed that
Is it though? I haven’t used a framework since probably 2007 that doesn’t do this. There are the smaller, more DIY frameworks out there but I’ve never used them professionally.