質問編集履歴
2
引用の修正
test
CHANGED
|
File without changes
|
test
CHANGED
|
@@ -90,27 +90,31 @@
|
|
|
90
90
|
|
|
91
91
|
原文は以下です。
|
|
92
92
|
|
|
93
|
+
|
|
94
|
+
|
|
95
|
+
> 引用テキスト
|
|
96
|
+
|
|
93
|
-
## Unsafe SQL calls
|
|
97
|
+
> ## Unsafe SQL calls
|
|
94
98
|
|
|
95
99
|
|
|
96
100
|
|
|
97
|
-
When making database calls, it's highly important to protect your code from SQL injection vulnerabilities. You need to update your code to use prepare() with your queries to protect them.
|
|
101
|
+
> When making database calls, it's highly important to protect > your code from SQL injection vulnerabilities. You need to > > update your code to use prepare() with your queries to protect > them.
|
|
98
102
|
|
|
103
|
+
>
|
|
99
104
|
|
|
105
|
+
> Please review the following:
|
|
100
106
|
|
|
101
|
-
|
|
107
|
+
>
|
|
102
108
|
|
|
109
|
+
> * http://codex.wordpress.org/Class_Reference/wpdb#Protect_Queries> _Against_SQL_Injection_Attacks
|
|
103
110
|
|
|
111
|
+
> * http://codex.wordpress.org/Data_Validation#Database
|
|
104
112
|
|
|
105
|
-
* http://
|
|
113
|
+
> * http://make.wordpress.org/core/2012/12/12/php-warning-> missing-argument-2-for-wpdb-prepare/
|
|
106
114
|
|
|
107
|
-
* http://
|
|
115
|
+
> * http://ottopress.com/2013/better-know-a-vulnerability-sql-> injection/
|
|
108
116
|
|
|
109
|
-
* http://make.wordpress.org/core/2012/12/12/php-warning-missing-argument-2-for-wpdb-prepare/
|
|
110
|
-
|
|
111
|
-
|
|
117
|
+
>
|
|
112
|
-
|
|
113
|
-
|
|
114
118
|
|
|
115
119
|
|
|
116
120
|
|
1
コードブロックで囲いました。編集・追記依頼似合わせて編集しました。
test
CHANGED
|
File without changes
|
test
CHANGED
|
@@ -6,15 +6,59 @@
|
|
|
6
6
|
|
|
7
7
|
|
|
8
8
|
|
|
9
|
+
データベースにアクセスしてるのは複数ありますが、
|
|
10
|
+
|
|
11
|
+
主にはselectとupdateで以下の2つような形を使いまわしております。
|
|
12
|
+
|
|
13
|
+
|
|
14
|
+
|
|
15
|
+
```
|
|
16
|
+
|
|
9
17
|
global $wpdb;
|
|
10
18
|
|
|
11
19
|
$result = $wpdb->get_results( "SELECT * FROM wp_posts ORDER BY post_date ASC" );
|
|
12
20
|
|
|
13
21
|
foreach ($result as $value){
|
|
14
22
|
|
|
15
|
-
|
|
23
|
+
//もろもろ処理が入ってます。
|
|
16
24
|
|
|
17
25
|
}
|
|
26
|
+
|
|
27
|
+
|
|
28
|
+
|
|
29
|
+
|
|
30
|
+
|
|
31
|
+
|
|
32
|
+
|
|
33
|
+
//特定のidの記事のデータ一部を更新してます。
|
|
34
|
+
|
|
35
|
+
$post_id = $value->ID;
|
|
36
|
+
|
|
37
|
+
$wpdb->update($wpdb->posts,
|
|
38
|
+
|
|
39
|
+
array(
|
|
40
|
+
|
|
41
|
+
'カラム名1' => 値1,
|
|
42
|
+
|
|
43
|
+
'カラム名2' => 値2
|
|
44
|
+
|
|
45
|
+
),
|
|
46
|
+
|
|
47
|
+
array(
|
|
48
|
+
|
|
49
|
+
'ID' => $post_id
|
|
50
|
+
|
|
51
|
+
)
|
|
52
|
+
|
|
53
|
+
);
|
|
54
|
+
|
|
55
|
+
|
|
56
|
+
|
|
57
|
+
|
|
58
|
+
|
|
59
|
+
```
|
|
60
|
+
|
|
61
|
+
|
|
18
62
|
|
|
19
63
|
|
|
20
64
|
|
|
@@ -44,6 +88,36 @@
|
|
|
44
88
|
|
|
45
89
|
|
|
46
90
|
|
|
91
|
+
原文は以下です。
|
|
92
|
+
|
|
93
|
+
## Unsafe SQL calls
|
|
94
|
+
|
|
95
|
+
|
|
96
|
+
|
|
97
|
+
When making database calls, it's highly important to protect your code from SQL injection vulnerabilities. You need to update your code to use prepare() with your queries to protect them.
|
|
98
|
+
|
|
99
|
+
|
|
100
|
+
|
|
101
|
+
Please review the following:
|
|
102
|
+
|
|
103
|
+
|
|
104
|
+
|
|
105
|
+
* http://codex.wordpress.org/Class_Reference/wpdb#Protect_Queries_Against_SQL_Injection_Attacks
|
|
106
|
+
|
|
107
|
+
* http://codex.wordpress.org/Data_Validation#Database
|
|
108
|
+
|
|
109
|
+
* http://make.wordpress.org/core/2012/12/12/php-warning-missing-argument-2-for-wpdb-prepare/
|
|
110
|
+
|
|
111
|
+
* http://ottopress.com/2013/better-know-a-vulnerability-sql-injection/
|
|
112
|
+
|
|
113
|
+
|
|
114
|
+
|
|
115
|
+
|
|
116
|
+
|
|
117
|
+
|
|
118
|
+
|
|
119
|
+
|
|
120
|
+
|
|
47
121
|
セキュリティ的な問題があるということはなんとなくわかったのですが、
|
|
48
122
|
|
|
49
123
|
結果的にどのような形にしたら良いのかアドバイス、ヒント等ご教授いただければ幸いです。
|
|
@@ -51,3 +125,5 @@
|
|
|
51
125
|
|
|
52
126
|
|
|
53
127
|
よろしくお願いいたします。
|
|
128
|
+
|
|
129
|
+
追記:情報が不足していてすみませんでした。
|