As I noted a few weeks ago, WordPress has had an obfuscated easter egg in it for some time.
Despite reporting this security defect / software engineering malpractice to two different WordPress folks (the author of the excellent WP development blog, and the security team’s e-mail), 2.7 was released with the easter egg.
Hopefully, this will be resolved in a future release.
I love how they spend time adding stupid easter eggs, instead of cleaning up their core codebase which is just nasty. *sigh*
I found a couple of other places where they’ve packed the JS.
As far as I can tell, those examples are okay as they’re using it to compress the size of some externally provided libraries.
Now that 2.7 is out, I might give it a good ol’ review whilst on Christmas holidays.
Leave a Reply