Abe Olandres posted the warning in his blog, there is a security update for WordPress 1.5.1.3 if your web server runs register_globals = on in the PHP configuration.
What got my attention was the WordPress warning that “Perl and PHP code exist to automatically exploit vulnerable WP 1.5.1.3 sites.”
I was uploading files for a Serendipity installation for another Cybercafe experiment when I read the warning. I made a mental note to immediately perform the upgrade for my, my wife’s and our Newsletter Solutions blogs – all powered by WordPress.
But I encountered problems in the uploading of the files. I finally finished installing the Cybercafe test site at 5:30 a.m. and I was spent so I went to sleep without installing the fixes. I woke up close to noon and played with the kids. I checked my test site later in the afternoon and posted an entry (the time on the post is wrong, I forgot to enter a value to offset the US-based server time).
The security update slipped my mind because it was listed in one of my server-based wikis (I maintain two. As to why I maintain two server-based wikis, I’ll discuss in a much-delayed article on TiddlyWikis). The wikis hold my notes and tasks list and as much as possible, I do not open these on my dayoff.
I was finally able to apply the fixes early today.
Max is a journalist and blogger based in Cebu. He has written and edited for such publications as The Freeman, The Independent Post, Today, Sun.Star Cebu, Cebu Daily News, Philstar Life, and Rappler.
He is also a mobile app and web developer and co-founded InnoPub Media with his wife Marlen.
Leave a Reply