Monthly Archives: August 2005

Photolog Fixed

To the (literally) hundreds of you who wrote in about the broken photos the past few weeks, I’m happy to say that the photolog is back online. It broke because while 95% of Gallery works fine with register_globals off, apparently some bit of code somewhere doesn’t. If you haven’t been to the photolog in a while there are some fun pictures from Dallas, Seattle, and New York.

AJAX and CSRF

When working on some new AJAX features for bbPress and WordPress we’ve noticed that AJAX requests don’t seem to send HTTP_REFERER values. We check referrers as one level of protection against cross-site-scripting, or XSS, so when they’re not set we aren’t able to use that value. How are most people using AJAX protecting against XSS? It seems the same things we’re doing to make things easily accesible in a dynamic fashion are also opening new vectors for attack.

Bar Camp Wrap-up

As I recover from the rush that was Bar Camp I just wanted to thank everyone who was a part of it, because I think the success of the event was directly because of all the amazing people who came out. A special thanks to SocialText for offering the venue that brought so many people together.