Profile

Cover photo
Andrew Nacin
Works at WordPress
Attended The George Washington University
Lives in Washington, D.C.
4,862 followers|54,425 views
AboutPostsPhotosVideos

Stream

Andrew Nacin

Shared publicly  - 
 
The future is now.
13
1
Samuel “Otto” Wood's profile photoJames Yeo (Rev. Voodoo)'s profile photoJohn Bloch's profile photo
2 comments
 
Everybody knows good tacos come by air... http://tacocopter.com/
Add a comment...

Andrew Nacin

Shared publicly  - 
 
On Saturday at WordCamp Portland, I'll be presenting on the WP Query API. Despite being leveraged by most theme and plugin developers, few understand how or why it works. Many use it incorrectly or inefficiently, or are simply missing out on many of its awesome features, hooks, and flags.

I'll be walking through the API, how it works, and the things that scare most developers away (but shouldn't). Given how important this API is, the club shouldn't be nearly as exclusive.

My questions for you: What's something you don't know or fully understand and want to hear more of? And what's something you do know that you think would be great for this talk?
18
4
Elio Rivero's profile photoStanley Dankoski's profile photoAndrew Norcross's profile photoFrederic Mejia Duran's profile photo
25 comments
 
hi Andrew Nacin
can u  give me your email 
or  add me  on chat  :
m0580812220@gmail.com
Add a comment...

Andrew Nacin

Shared publicly  - 
 
Do it!
Matt Mullenweg originally shared:
 
Go to http://wordpress.org/ and +1 on the Google button at the bottom, support WordPress. :)
WordPress.org. Home; Showcase; Extend. Plugins; Themes; Mobile. About; Docs; Blog; Forums; Hosting; Download. WordPress is web software you can use to create a beautiful website or blog. We like to sa...
50 comments on original post
1
1
Andy Simmons's profile photoRoy Eyal's profile photoChris Peters's profile photoAaron Campbell's profile photo
4 comments
 
small price to pay for such a great offering. - Done
Add a comment...

Andrew Nacin

Shared publicly  - 
 
Me: "Do you have sauerkraut?"
Him: "Yes."
Me: "Do you have --"
Him: "Cooked onions?"
Me: "Yep!"
Him: "So you're from New York?"

I present my new favorite half smoke/hot dog street vendor.
9
Casandra Marburger's profile photoAndrew Nacin's profile photoMike McKee's profile photoLarry Dickinson's profile photo
4 comments
 
Great pic, wonderful smile
Add a comment...

Andrew Nacin

Shared publicly  - 
 
Last night's Fireworks on the National Mall
10
Add a comment...

Andrew Nacin changed his profile photo.

Shared publicly  - 
 
Andrew Nacin changed his profile photo.
2
Ryan Imel's profile photoAndrew Nacin's profile photoZack Wussow's profile photo
5 comments
 
Yep, if you've got a cleft chin Nacin will sue you for brand infringement.
Add a comment...
In his circles
153 people
Have him in circles
4,862 people
Philippe Schaillee's profile photo
Deryk Wenaus's profile photo
Joe Taiabjee's profile photo
Barry Kooij's profile photo
kinjo yasu's profile photo
Valdnei Pinto's profile photo
Игорь Интересный's profile photo
dave martin's profile photo
luna lee's profile photo

Andrew Nacin

Shared publicly  - 
8
Jhenna Dela Cruz's profile photo
 
Wow
Add a comment...

Andrew Nacin

Shared publicly  - 
 
This is bogus, as usual. Folks, this isn't rocket science: Administrators and editors are allowed to post unfiltered HTML in titles and content. It's been like that for years. Nothing has suddenly changed.

This is a weekly occurrence -- someone supposedly knowledgable about web security publishes a blatantly obvious "How did they miss that?" security vulnerability without doing any testing or research. Everyone believes them and no one searches Google first.

<script>alert(1)</script>? Really? I mean, come on. Yeah, you're right, we totally missed that one. :-)
Sergej Müller originally shared:
 
Wichtig: XSS Lücke in WordPress 3.2.1

Blogs mit mehreren (Gast)Autoren sind von der Schwachstelle betroffen. Um die Lücke auszunutzen, reicht ein Script-Tag im Artikeltitel zu hinterlassen (siehe Screenshot). Der Fehler ist reproduzierbar. Als Beispiel: http://32.wpcoder.de/4/descendingalert1/

Als schneller Bugfix reicht zuerst eine Anpassung in der Datei /wp-includes/post-template.php in der Zeile #52.

Davor:
echo $title;

Danach:
echo wp_strip_all_tags($title);

Ist nicht die eleganteste Lösung, aber sie tut. Man könnte noch weitere Stellen absichern, aber das ist die relevanteste.
17 comments on original post
7
Ron Rennick's profile photoMichael Bastos's profile photoChris Olbekson's profile photoSeyed Morteza Hamidzadeh's profile photo
4 comments
 
Hello dear Andrew ,
Please reading my poems & send your comment about them.
My 13 poems are english language in my blog.

http://smh-rahemobham.blogfa.com

Thank you
Add a comment...

Andrew Nacin

Shared publicly  - 
 
The future of WordPress: Q&A with founder Matt Mullenweg
9
Add a comment...
Andrew Nacin was tagged in a photo.

Andrew Nacin

Shared publicly  - 
1
People
In his circles
153 people
Have him in circles
4,862 people
Philippe Schaillee's profile photo
Deryk Wenaus's profile photo
Joe Taiabjee's profile photo
Barry Kooij's profile photo
kinjo yasu's profile photo
Valdnei Pinto's profile photo
Игорь Интересный's profile photo
dave martin's profile photo
luna lee's profile photo
Work
Occupation
WordPress Lead Developer
Employment
  • WordPress
    Lead Developer, 2010 - present
  • Hatchet Publications, Inc.
    Web Director, 2007 - 2010
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Washington, D.C.
Previously
East Windsor, Conn.
Contact Information
Work
Email
Story
Tagline
WordPress Lead Developer
Education
  • The George Washington University
    2006 - 2010
Basic Information
Gender
Male