Mais conteúdo relacionado
Semelhante a Secure Coding With Wordpress (BarCamp Orlando 2009) (20)
Mais de Mark Jaquith (13)
Secure Coding With Wordpress (BarCamp Orlando 2009)
- 2. XSS privilege
shell execution
escalation
CSRF
SQL injection
- 7. <?php
$newtitle =
$wpdb->escape( $newtitle );
$my_id = absint( $my_id );
$wpdb->query(
quot;UPDATE $wpdb->posts
SET post_title = '$newtitle'
WHERE ID = $my_idquot;
);
?>
- 13. <?php
$post_title = 'New Title';
$wheres['ID'] = 123;
$wheres['post_title'] = 'Old Title';
$wpdb->update(
$wpdb->posts,
compact( 'post_title' ),
$wheres
);
?>
- 15. <?php
$title = 'Post Title';
$ID = 123;
$content = $wpdb->get_var(
$wpdb->prepare(
quot;SELECT post_content
FROM $wpdb->posts
WHERE post_title = %s
AND ID = %dquot;,
$title, $ID )
);
?>
- 20. <?php
$title =
'<script> pwnage(); </script>'
?>
<h1>
<?php
echo $title;
?>
</h1>
- 24. <?php
$title =
'<script> pwnage(); </script>'
?>
<h1>
<?php
echo wp_specialchars( $title );
?>
</h1>
- 25. <?php
$title = 'quot; onmouseover=quot;pwnd();';
?>
<a href=quot;#wordcampquot; title=quot;
<?php
echo wp_specialchars( $title );
?>
quot;>
Link Text
</a>
- 27. <?php
$title = 'quot; onmouseover=quot;pwnd();';
?>
<a href=quot;#wordcampquot; title=quot;
<?php
echo attribute_escape( $title );
?>
quot;>
Link Text
</a>
- 28. <?php
$url = 'javascript:pwnage();';
?>
<a href=quot;
<?php
echo attribute_escape( $url );
?>
quot;>
Link Text
</a>
- 30. <?php
$url = 'javascript:pwnage();';
?>
<a href=quot;
<?php
echo clean_url( $url );
?>
quot;>
Link Text
</a>
- 44. • wp_create_nonce( 'your_action' );
• &_ajax_nonce=YOUR_NONCE
• check_ajax_referer( 'your_action' );