search

marcodeltongo / thematic

Automatically exported from code.google.com/p/thematic
0 stars 0 forks source link

add_filter for thematic_remove_generators #57

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Problem: thematic_remove_generators filters out the_generator by default. At 
the very least I 
think this function should be able to be filtered.

Here is a support issue as a result of this breaking compatibility with the 
linkdin WordPress App:

http://themeshaper.com/forums/topic/thematic-breaks-the-linkedin-wordpress-app

Example of possible filter:

function thematic_remove_generators() { 
    $generator = NULL;
    $generator = apply_filters('thematic_remove_generators', $generator);
    if (is_null($generator)) {
     add_filter('the_generator','thematic_remove_generators');
    }
}
add_action ('init','thematic_remove_generators');

Also see this for another valid reason to leave the_generator alone:

http://googlewebmastercentral.blogspot.com/2009/11/new-software-version-notifica
tions-
for.html

IMHO I think thematic falls on the wrong side of progress by removing 
the_generator by default.

I might be totally off base with my interpretation of this function's purpose; 
but with third party 
generator-based connectivity like the linkedin app and google webmaster tools, 
I think that 
thematic should join in and lead the community away from this heretical look at 
security through 
obscurity.

Thanks,

Gene

Original issue reported on code.google.com by gene%emh...@gtempaccount.com on 29 Nov 2009 at 9:24

GoogleCodeExporter commented 9 years ago 
Hi Gene,

I spent nearly ten years in the security business mainly Anti Virus. During 
this time
I learned a lot 'bout the efficiency of a virus / worm or trojan attack. 

These techniques can be directly compared to scripting. I still believe that 
having a
generator will increase the chance to get hit. If I would create a script using 
a
brand new exploit, I would create a database with web sites that use the 
generator
and blow these sites out of the water. 

It happened to me two times running Joomla. Both attacks were directed against 
Joomla
sites using the generator and my CMS was hit during the first two days.

In terms of updating / upgrading .. there are plugins available that will email 
you
as soon as updates / upgrades are available. 

In terms of plugins that break 'cause there's no generator .. Don't understand 
why
these plugins insist on having the generator.

I guess we could discuss this back and forth for weeks or so :)

Anyway .. I implemented a filter to prevent thematic_remove_generators in the 
latest
and greatest revision. But currently I do not see any reason why we should 
display
the generators by default.

Cheers,

Chris

Original comment by chris.gossmann@googlemail.com on 30 Nov 2009 at 6:03

GoogleCodeExporter commented 9 years ago 
.. Ian is on CC now.

Original comment by chris.gossmann@googlemail.com on 30 Nov 2009 at 6:04

GoogleCodeExporter commented 9 years ago 
Chris' solution sounds A-OK to me. And it covers Gene's request for the 'very 
least'
that could be done.

Original comment by ian%them...@gtempaccount.com on 30 Nov 2009 at 6:24

GoogleCodeExporter commented 9 years ago 
Thanks for the insight and the prompt solution. 

-Gene

Original comment by gene%emh...@gtempaccount.com on 30 Nov 2009 at 6:47