This blog is running WordPress, one of the most popular web-logging applications. Recently, another flaw in WordPress surfaced and caused some stir and panic. The issue was (in the end) missing type-checking on user-provided input, a well-known and well-understood flaw. This must not happen to a project of WordPress’ popularity and professionalism.
I looked at WordPress while writing my Diploma Thesis and found that WordPress lacks important means for consistent type-checking:
- There is no centralized definition (regexps and constraints) for all the data ‘types’ WordPress uses
- There is no general agreement on exactly when and how input and output filtering and sanitation take place. This leads to ad-hoc solutions like the one causing the current vulnerability.
What WordPress really needs is a better architecture that solves the two problems stated above and as such makes vulnerabilities like this recent one very unlikely, not ever more ad-hoc hacks. Unless the WordPress project is willing to spend considerably effort on the architecture, using WordPress for professional means will become an intolerable liability. Software Engineering is about long-term stability and dependability, established in the process, not about “if you update your WordPress every few days, you’re safe” (as Matt Mullenweg suggested).