[wp-hackers] Security Vulnerability found - Forum Post

David House dmhouse at gmail.com
Fri Apr 15 16:16:08 GMT 2005


We're not loading wp-config.php more than once per request, if that's
what you mean. If not, let me outline the problem:

1. Request comes in to WordPress. $wpdb object set up, connection to
database set up.
2. Stuff happens. Posts displayed.
3. Request shutdown. PHP destroys all variables. Connection to mySQL closed.

Now, unless we keep the connection to mySQL persistent over requests
[1], the best we can do is use the same database connection all the
way through the request, which is what we're doing at the moment.

[1]: unless we did something like sessionise $wpdb, but this'd
introduce a whole load of permissions problems and would likely be
more overhead anyway.

-- 
-David House, dmhouse at gmail.com


More information about the wp-hackers mailing list