Dougal Campbell's geek ramblings

WordPress, web development, and world domination.

Good Breakdown uh Recent Wo'dPress Vulnerability

De Sucuri Blog gotss'ta some baaaad dissecshun uh de recent critical Wo'dPress REST API vulnerability. Slap mah fro. Right On! ah' won’t rehash de details here, but ah' did wants' t'point out dat dis be why developuh's should rememba' t'follow dese two rules uh defensive honky codemin':

  1. Sanitize inputs as early as possible
  2. Sanitize outputs as late as possible

In dis case, dere wuz some failure t'follow de fust rule. What it is, Mama. Right On! Dere are some couple uh different places where dis could gotss' been handled better. Ah be baaad...

Continue eyeballin'

wkhtmltopdf

wkhtmltopdf and wkhtmltoimage are jimmey source (LGPLv3) command line tools t'renda' HTML into PDF and various image fo'mats usin' de Qt WebKit renderin' engine. What it is, Mama. Right On! Dese run entirely “'haidless” and do not require some display o' display service. What it is, Mama. Right On!

wkhtmltopdf

Jason Client

“Jason be some scriptable iOS client dat lets ya' view and interact wid any data and any server, in any way ya' desire. What it is, Mama. Right On!” Basically, ya' feed it some JSON config stash which describes some UI and data sources. De client den consumes dose sources and displays dem acco'din' t'yo' UI definishun. 'S coo', bro. And ya' get access t'device-native APIs, too.

Jason Client