Probably nobody is really aware of the recently discovered security flaw in the WordPress core. (See https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/ for the official word on the matter.) This flaw affects the wpdb object’s prepare() method and allows for potential SQL injection attacks. Of course, that raises an important question: why are we still getting these types of vulnerabilities in projects like WordPress? Well, I have an opinion on that. Obviously.
Anyway, you can see the technical details of the vulnerability over here. That link goes into more detail than you ever wanted on how the vulnerability works, why it’s a problem, and why it’s due to a fundamental flaw in the API design.
I don’t have anyting of substance to add to that analysis. However, I do want to say the following:
- This is not due to WordPress’s use of PHP. Using another language but implementing things in any substantially similar way would have exactly the same problems.
- This type of problem is not restricted to WordPress. Other high profile projects have been hit with similar API and/or implementation flaws.
- Proper implementation which does proper input validation can help but will not fix fundamental API design flaws.
- Incompetent or ignorant coders will find ways to implement security problems no matter how good your API is. However, that’s no excuse to just throw your hands up and say, “What’s the point?”.
- Even where backwards compatibility is important, it is still possible to implement and deploy a new saner API and then deprecate the old problematic one. Every project with dodgy APIs like the one in this instance should be doing the same thing.
- Rolling your own database abstraction layer is a dumb idea. Especially if the language environment you are using provides one that is reasonably good.
That’s about all I have to say on this matter at this time. I do encourage you to read the detail link above and understand it. It will give you some good insight on how not to design APIs with an eye toward database APIs.