[brohee]

> I mean if you checked any internal codebase written in C today you're likely to still find multiple places where the developer has shot themselves in the foot over memory management.

This is absolutely nothing compared to the incredible stuff you can see auditing the average PHP code base... Most PHP programmers don't understand all the implicit conversions taking place, and that's a source of many bugs. I can't really blame them as many of them make no sense whatsoever. PHP is a really hard language to master, and most people that put the effort actually start to see PHP for what it is and go to a less insane language...

[sanswork]

I've seen it. I use to develop php full time between 6-9 or 10 years ago. I developed C full time 12-14 years ago. I'm not trying to say php is a great language here and I avoid it completely these days. I'm saying php the language has nothing to do with this type of security issue and the language itself isn't going to be more insecure than any alternative. The same developer building wordpress in C is still going to allow for uploading any file in an executable way since they want to enable people to upload plugins from the interface.