On the SitePoint PHP blog today there's a new post from Craig Buckler for the WordPress users out there. The HTML that this popular blog/CMS tools spits out can sometimes be not-so-semantic. Craig shares a tip on cleaning up one aspect of it - the methods returning lists for menus or sitemaps.

love WordPress. I also love clean semantic HTML. Unfortunately, several of the standard WordPress theme functions return code that is a little untidy. For me, the primary culprits are wp_list_pages() and the newer wp_nav_menu(); both return an unordered list of page links.

He gives an example of a sample list generated by wp_nav_menu() that's full of badly formatted and unnecessary elements. To help fix the issue, he shares his regular expression-based call to strip out things like extra tabs, empty classes and all title attributes. Obviously you can customize this as you need, but it's a good start towards something that's a bit cleaner and up to code.

On the PHP Discovery blog, there's a new post reminding PHP developers of some of the more dangerous ways that remote execution could effect your site and some of the common entry points it can have.

PHP has numerous ways to execute raw PHP code unless you the programmer stops it. Best way in preventing these methods is making sure you check the input of what your users are inputting, and making sure you escape all malicious actions that a hacker,cracker, kiddy scripter might want to do to your website.

He summarizes four of the things from the Pro PHP Security book from Apress (by Chris Snyder and Michael Southwell) that can leave holes in you application for would-be explots - preg_replace, shell_exec/exec, eval (which we all know is only one letter from "evil" anyway) and require/include.