[wp-trac] [WordPress Trac] #16740: Calling wpmu_delete_blog with $blog_id delete all database tables
WordPress Trac
wp-trac at lists.automattic.com
Thu Mar 3 16:28:45 UTC 2011
#16740: Calling wpmu_delete_blog with $blog_id delete all database tables
--------------------------+-----------------------------
Reporter: mblanc | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.1
Severity: major | Keywords: needs-patch
--------------------------+-----------------------------
When calling the `wpmu_delete_blog` function with a blog_id of 1,
`get_blog_prefix` called by this function returns a dangerous (for the
delete purpose) prefix (i.e. 'wp\_%', assuming the installation prefix was
'wp_').
Since tables returned by "SHOW TABLES LIKE 'wp\_%'" are deleted, all the
Wordpress tables are destroyed.
Of course, the backoffice doesn't allow an admin to delete the blog 1, but
it might be a safe idea to prevent this by checking that `$blog_id` passed
to `wpmu_delete_blog` is never 0 or 1 since any plugin can call it with a
wrong parameter.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16740>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list