Correction in the code on page 130

In the listing for the function unvulnerable_show_me_the_data(), the first line of the function seems to have a typo:

drupal_set_title(t('Searching for %suser-name', array('%user-name' => $user_search)));

The bolded placeholder in the text above passed to the translate function should probably be %user-name instead of %suser-name.

Comments

Also in the same code

Submitted by Samuraid on Fri, 05/08/2009 - 18:13.

Also in the same code listing, the delimiting quotes on many of the strings are incorrectly represented by double tick/apostrophe marks.

The Book, The Report

Cracking Drupal: A Drop in the Bucket

Written by a Drupal expert, this is the first book to reveal the vulnerabilities and security issues that exist in the sites that have been built with Drupal and how to prevent them from continuing.

Drupal Security White Paper

Curious about Drupal's security? Consider Drupal but want to make sure it's good enough? Read the Drupal Security Report

Security Review Service

If you are concerned about whether your site is secure, consider using the Security Review Module to get an initial sense. If you're looking for something much more in depth than a module or a book, Drupal Scout offers a Security Review Service for Drupal Sites.

Recent Blog Posts

Cracking Drupal Kindle Edition now available for $14.84 (Still relevant for Drupal 7)

Posted by greggles

0 comments
Using XSS to steal access

Posted by Ben Jeavons

4 comments
Drupalcon Training: Securing your Drupal site with code and configuration

Posted by greggles

0 comments