Am I paranoid?
All of the PHP code in RdMise and friends was written by me. It's partly because I want full control over the code, and partly because I'm paranoid about third-party code messing up.
Many popular PHP-based blogging, wiki and content management programs can be exploited through a security hole in the way PHP programs handle XML commands. The flaw allows an attacker to compromise a web server, and is found in programs including PostNuke, WordPress, Drupal, Serendipity, phpAdsNew, phpWiki and phpMyFAQ, among others.
Netcraft confirms it. (Sorry!)
I'm just not sure whether I'm being proved right, or if this is just proof I'm desperately trying to justify my stupid decisions. All signs point to "Meh".
Feedback is closed. Feel free to contact me privately.