[wp-hackers] idea: no SQL in themes
John Joseph Bachir
jjb at ibiblio.org
Tue Nov 15 21:08:49 GMT 2005
On Tue, 15 Nov 2005, David House wrote:
> I don't see any reason for positively banning SQL calls, but certainly
> providing a comprehensive API for all possible DB calls is a good
> idea.
Well, a malicious person could distribute a theme that had
$wpdb->query("TRUNCATE $wpdb->posts");
The chances of someone doing this and succeeding in convincing others to
install it are slim, but non-zero. As WordPress becomes more popular it
will become more of a threat.
A more likely scenario is someone having a typo, some debug code, or just
some bad logic, that worked fine during testing but on someone else's
setup is destructive to data.
I think people generally don't think of a theme as being capable of
affecting their data. A somewhat savy but non-programmer wordpress user
might backup their DB before installing a plugin, but not before
installing a theme.
Thoughts?
John
p.s. I thought of this is because I am working on a multi-blog branch of
WordPress [http://lyceum.ibiblio.org], so it is a much bigger problem for
me because a buggy/malicious theme could damage every single blog in the
installation. But it is still an issues for single user WP, and such a
features could also perhaps benefit WordPress MU. I see (at least on
wordpress.com, I haven't checked recent builds) that MU does not allow
per-blog theme customization.
More information about the wp-hackers
mailing list