Wp List 表短数据清理错误-解网

问：

这真的没有经过消毒：

如何消毒？

这是我尝试过的完整课程，但 WordPress 团队仍然说它没有经过适当消毒。

和 ## 不安全的 SQL 调用

进行数据库调用时，保护代码免受 SQL 注入漏洞的影响非常重要。您需要更新代码以使用 wpdb 调用，并在查询中准备（）以保护它们。



`$orderby = (isset($_REQUEST['orderby']) && in_array($_REQUEST['orderby'], array_keys($this->get_sortable_columns()))) ? $_REQUEST['orderby'] : 'country';`



`$order = (isset($_REQUEST['order']) && in_array($_REQUEST['order'], array('asc', 'desc'))) ? $_REQUEST['order'] : 'asc';`




class dsvatcalculator_List_Table extends WP_List_Table
{
function __construct()
{
global $status, $page;
parent::__construct(array(
'singular' => 'vat',
'plural'   => 'vats',
));
}
function column_default($item, $column_name)
{
return $item[$column_name];
}
function column_country($item)
{
return '<em>' . $item['country'] . '</em>';
}
function column_vat($item)
{
$actions = array(
'edit' => sprintf('<a href="?page=vats_form&id=%s">%s</a>', htmlspecialchars(absint($item['id'])), __('Edit', 'ds-vat-calculator')),
'delete' => sprintf('<a href="?page=%s&action=delete&id=%s">%s</a>',htmlspecialchars( $_REQUEST['page']),  htmlspecialchars(absint($item['id'])), __('Delete', 'ds-vat-calculator')),
);
return sprintf('%s %s',
esc_html($item['vat']),
$this->row_actions($actions)
);
}
function column_cb($item)
{
return sprintf(
'<input type="checkbox" name="id[]" value="%s" />',
absint($item['id'])
);
}
function get_columns()
{
$columns = array(
'cb' => esc_html('<input type="checkbox" />'),
'vat'      => esc_html(__('VAT Rate', 'ds-vat-calculator')),
'country'  => esc_html(__('Country Name', 'ds-vat-calculator')),
);
return $columns;
}
function get_sortable_columns()
{
$sortable_columns = array(
'vat'      => array('vat', true),
'country'  => array('country', true),
);
return $sortable_columns;
}
function get_bulk_actions()
{
$actions = array(
'delete' => 'Delete'
);
return $actions;
}
function process_bulk_action()
{
global $wpdb;
$dsvatcalculator_tbl = $wpdb->prefix . 'dsvatcalculator_vat_calculator';
if ('delete' === $this->current_action()) {
$idsvatcalculator = isset($_REQUEST['id']) ? (array) $_REQUEST['id'] : array();
$idsvatcalculator = array_map( 'esc_attr', $idsvatcalculator );;
if (is_array($idsvatcalculator)) $idsvatcalculator = implode(',', $idsvatcalculator);
if (!empty($idsvatcalculator)) {
$wpdb->query("DELETE FROM $dsvatcalculator_tbl WHERE id IN($idsvatcalculator)");
}
}
}
function prepare_items()
{
global $wpdb;
$dsvatcalculator_tbl = $wpdb->prefix . 'dsvatcalculator_vat_calculator';
$per_page = 10;
$columns = $this->get_columns();
$hidden = array();
$sortable = $this->get_sortable_columns();
$this->_column_headers = array($columns, $hidden, $sortable);
$this->process_bulk_action();
$total_items = $wpdb->get_var("SELECT COUNT(id) FROM $dsvatcalculator_tbl");
$paged = isset($_REQUEST['paged']) ? max(0, intval($_REQUEST['paged']) - 1) : 0;
$orderby = (isset($_REQUEST['orderby']) && in_array($_REQUEST['orderby'], array_keys($this->get_sortable_columns()))) ? $_REQUEST['orderby'] : 'country';
$order = (isset($_REQUEST['order']) && in_array($_REQUEST['order'], array('asc', 'desc'))) ? $_REQUEST['order'] : 'asc';
$orderby = sanitize_sql_orderby($orderby);
$order = sanitize_sql_orderby($order);
$this->items = $wpdb->get_results($wpdb->prepare("SELECT * FROM $dsvatcalculator_tbl ORDER BY $orderby  $order LIMIT %d OFFSET %d", $per_page, $paged), ARRAY_A);
$this->set_pagination_args(array(
'total_items' => $total_items,
'per_page' => $per_page,
'total_pages' => ceil($total_items / $per_page)
));
}
}

我试过这样的

your text

php wordpress sql 注入清理

Wp List 表短数据清理错误

Wp List table short data sanitizatio error

评论