If you accept user input and then export it as CSV, please read this now! James Kettle very neatly explains how something as simple as a CSV export can be used to deliver exploits. I didn’t know about this before today; hat tip to Gravity Forms and, via them, Ninja Forms.
Pádraic Brady has written a must-read article on some of the silly defaults in PHP that put the lie to the old adage, “what you don’t know won’t hurt you”. Clearly, some of this stuff could hurt you/your clients very easily. And I have to put my hand up to failing on the SSL/TLS and XML injection attack vulnerabilities…
PHP Security: Default Vulnerabilities, Security Omissions and Framing Programmers?