[wp-hackers] idea: no SQL in themes
John Joseph Bachir
jjb at ibiblio.org
Tue Nov 15 20:48:37 GMT 2005
Hello,
What do people think of the idea of not allowing database calls in themes?
There would be an obvious security benefit, but also it would make it
easier for less geeky people to develop wordpress themes.
Looking at a few themes it looks like the only calls to $wpdb methods that
people use are 4 in comments-popup.php, and the query counter in the
footer. This functionality could all easily be provided through wordpress
functions.
So I guess the questions are:
[1] does anyone know of more extensive/custom/complicated sql that any
particular themes use (therefore rendering SQL restriction a Bad Idea)?
[2] how difficult would it be to restrict calls to the database within
themes? a few simple solutions pop to mind, i'm going to have to think a
little more about what a comprehensive solution would entail.
Cheers,
John
http://lyceum.ibiblio.org
More information about the wp-hackers
mailing list