[wp-hackers] idea: no SQL in themes

John Joseph Bachir jjb at ibiblio.org
Tue Nov 15 21:08:49 GMT 2005

On Tue, 15 Nov 2005, David House wrote:

> I don't see any reason for positively banning SQL calls, but certainly
> providing a comprehensive API for all possible DB calls is a good
> idea.

Well, a malicious person could distribute a theme that had

   $wpdb->query("TRUNCATE $wpdb->posts");

The chances of someone doing this and succeeding in convincing others to 
install it are slim, but non-zero. As WordPress becomes more popular it 
will become more of a threat.

A more likely scenario is someone having a typo, some debug code, or just 
some bad logic, that worked fine during testing but on someone else's 
setup is destructive to data.

I think people generally don't think of a theme as being capable of 
affecting their data. A somewhat savy but non-programmer wordpress user 
might backup their DB before installing a plugin, but not before 
installing a theme.



p.s. I thought of this is because I am working on a multi-blog branch of 
WordPress [http://lyceum.ibiblio.org], so it is a much bigger problem for 
me because a buggy/malicious theme could damage every single blog in the 
installation. But it is still an issues for single user WP, and such a 
features could also perhaps benefit WordPress MU. I see (at least on 
wordpress.com, I haven't checked recent builds) that MU does not allow 
per-blog theme customization.

More information about the wp-hackers mailing list