[wp-hackers] Making WP more secure the evolutionary way

[Florian Thiel]

On Fri, Jan 23, 2009 at 1:30 AM, Ryan McCue <ryanmccue at cubegames.net> wrote:
> OK, so, removing all the misunderstandings that may or may not have
> occurred, can you update this patch for the code from SVN and upload it
> to Trac somewhere? I'd love to take a look, but anything other than Trac
> sucks for looking at raw patches, IMHO.

I updated the patch to today's trunk and attached it to the ticket for
insert/update: http://trac.wordpress.org/attachment/ticket/6836/wordpress-trunk_20090124_sqlannotations.diff

Let me know what you think. Note that it does not change any
functionality in WP, it just marks the places that potentially need
some work. You can use my small shell script (if you're using a
UNIX-like system) to see the number of annotations in the different
classes (http://www.noroute.de/downloads/research/sqlannotation_stats.sh).
Or you can search the source code for the annotations ("@RawSQLUse,
method_exists" "@RawSQLUse, trivial_iplementation" "@RawSQLUse,
simple_code" "@RawSQLUse, algorithmic").

Florian