well, you had a problem with a badly written wordpress plugin ,not PHP. or are you saying PHP is insecure and no insecure code can be written in other plateforms ? for a project to be popular amongs developers and hobbyists , it has to be written in PHP, because PHP is easy to deploy even if you dont know PHP.
By the way, most CMSes on other plateforms assume you know the language , PHP CMSes dont, so maybe there is some effort to be made on these plateform to make thing easier or write better docs.
Wordpress would not be popular if it was in Python,Ruby or Java. Anyway the issue is with Wordpress plugin architecture , not PHP.
A clean plugin architecture would require some kind of DSL instead of plain PHP.
> you had a problem with a badly written wordpress plugin
The plugin is top 10 popular one
> because PHP is easy to deploy even if you dont know PHP.
Wordpress has clean URL, but under the hood many .php files are directly accessible via URL, so hacker found a exploit, crafted a parameter aginst one particular .php, and got in.
The solution? Limit URL entry to only one .php file (like index.php), more rewrite configs and mod_security. So you lost the benefit of copy-to-update, it becomes just as hard like other language/frameworks.
As ownCloud community grows, I think this problem will surf again and it will end up like many PHP forum/CMS today. You can put up a usable site very quickly, but once or few months you have to patch the system, and many plugins you need most are abandon-ware.
* > > you had a problem with a badly written wordpress plugin
> The plugin is top 10 popular one*
Popular !== Good
(where in this case good is in the context of being well written)
> so hacker found a exploit, crafted a parameter aginst one particular .php, and got in
That could happen with almost any laguage/framework though. While PHP makes it easy to write bad code (as do other options) it doesn't make it impossible to write secure code and you can't blame PHP and/or Wordpress for every bad plugin out there, even the massively popular ones.
By the way, most CMSes on other plateforms assume you know the language , PHP CMSes dont, so maybe there is some effort to be made on these plateform to make thing easier or write better docs.
Wordpress would not be popular if it was in Python,Ruby or Java. Anyway the issue is with Wordpress plugin architecture , not PHP.
A clean plugin architecture would require some kind of DSL instead of plain PHP.