[wp-hackers] idea: no SQL in themes

Robert Deaton false.hopes at gmail.com
Tue Nov 15 21:22:25 GMT 2005


Without devising a fully tag-based templating system that would
inevitable force us to lose some of the power of templates due to the
lack of the ability to use real PHP, I'm afraid that blocking out SQL
is, to my knowledge, impossible without modification of php.ini.

Even if $wpdb was not available, the standard mysql calls are, or
regular function calls are, in which case you could wrap functions in
a plugin that you ask to be bundled and execute it from there, or even
include another file that defines the functions. Heck, you could even
grab the values of the constants set in wp-config and open up your own
mysql connection. The odds of us being able to stop this are severly
in our disfavor.

If your multiblog implementation would like to devise a complete tag
based system like that of MovableType to solve this problem, you're
more than welcome to mess with it, but I highly doubt anything like
this going into the WordPress core.

On 11/15/05, John Joseph Bachir <jjb at ibiblio.org> wrote:
> On Tue, 15 Nov 2005, David House wrote:
>
> > I don't see any reason for positively banning SQL calls, but certainly
> > providing a comprehensive API for all possible DB calls is a good
> > idea.
>
> Well, a malicious person could distribute a theme that had
>
>    $wpdb->query("TRUNCATE $wpdb->posts");
>
> The chances of someone doing this and succeeding in convincing others to
> install it are slim, but non-zero. As WordPress becomes more popular it
> will become more of a threat.
>
> A more likely scenario is someone having a typo, some debug code, or just
> some bad logic, that worked fine during testing but on someone else's
> setup is destructive to data.
>
> I think people generally don't think of a theme as being capable of
> affecting their data. A somewhat savy but non-programmer wordpress user
> might backup their DB before installing a plugin, but not before
> installing a theme.
>
> Thoughts?
>
> John
>
> p.s. I thought of this is because I am working on a multi-blog branch of
> WordPress [http://lyceum.ibiblio.org], so it is a much bigger problem for
> me because a buggy/malicious theme could damage every single blog in the
> installation. But it is still an issues for single user WP, and such a
> features could also perhaps benefit WordPress MU. I see (at least on
> wordpress.com, I haven't checked recent builds) that MU does not allow
> per-blog theme customization.
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


--
--Robert Deaton
http://somethingunpredictable.com


More information about the wp-hackers mailing list