Using GUIDs for image URL
-
I was reviewing your plugin for use on a site. While reviewing the code, I wanted to alert you of one large issue I have found. In your function, z_get_attachment_id_by_url(), you are performing a wpdb query to find the id of the image by looking for the URL.
The first issue is that you are checking the GUID of the post to try finding the ID. The problem with this is that if a site were to change URLs, the GUID of a post would not necessarily change. The GUID is a unique identifier for each post and not a data store for the URL. (info here: http://codex.wordpress.org/Changing_The_Site_URL#Important_GUID_Note ). This means this could break for people who change URLs or switch between local development and live server.
Second, when you are performing the wpdb query, you should use $wpdb->prepare on your query statement to protect against SQL injection attacks. (See: http://codex.wordpress.org/Class_Reference/wpdb#Protect_Queries_Against_SQL_Injection_Attacks ).
I would get around doing a direct database query at all and maybe have the plugin store the ID of the attachment in the options table rather than the full URL. Then you should be able to use that to get what you need with only WordPress functions.
- The topic ‘Using GUIDs for image URL’ is closed to new replies.