Database integrity checks
-
I have previously requested Anti-Hacking Checksums.
Now – just to keep everybody busy – I would like to ask for automated database integrity checks. The following background has been added to my blog post on the subject:
The database has a table, wp_postmeta, which tracks attachments. One record in this table has the values: meta_id=8474, post_id=2181, meta_key = ‘_wp_attached_file’, meta_value=’/services1/webpages/p/r/prefblog.com
/public//../../../../../../../../../../../../../../../../../tmp/10bum.txt’There is also: meta_id=8472, post_id=2180, meta_key = ‘__wp_attached_file’, meta_value = ‘/services1/webpages/p/r/prefblog.com
/public//../../../../../../../../../../../../../../../../../tmp/2newbum.txt’These records have been removed.
I have also deleted some entries in the wp_posts table. As far as I can make out from the WordPress codex the value of ‘post_parent’ should reference a ‘post_id’ in the same table, which are all positive integers.
After noting some odd entries, I queried the database: ‘select * from wp_posts where post_parent < 0’ and came up with seven records. Two have post_parent set to numbers that are large and negative; the ‘guid’ field indicates that this is stuff that I did, in fact, upload but somehow screwed up.
The remaining 5 records all have post_parent set to -1, with ‘guid’ having a variety of values: the first one, with ‘post_modifed’ = ‘2008-03-25 05:26:58’ has ‘guid’ = ‘http://www.prefblog.com
//../../../../../../../../../../../../../../../../../tmp/3rbsmag.txt’. The other entries are similar, with filenames 10bum.txt (three times) and 2newbum.txt.All these records have been deleted. Note that with these long field values, I have added a HTML line-break to make the full field look nice on this post.
I note that the first of these highly suspicious entries occurred within a week of my WP 2.3.3 installation!
It seems to me to be clear that a negative value for post_parent is simply wrong. A suite of functions whereby I could automatically validate the database for such things would be very useful.
- The topic ‘Database integrity checks’ is closed to new replies.