queue  41
support
Results 1 to 6 of 6

Thread: PHP Error - SQL Injection Vulnerability?

  1. #1
    Junior Member
    Join Date
    Feb 2015
    Posts
    25

    PHP Error - SQL Injection Vulnerability?

    My site was hacked yesterday, and I'm scouring all over to see how the buggers got in.

    My error.log is spouting the same message over and over again:

    PHP Warning: Missing argument 2 for get_the_terms(), called in /public_html/mysite.com/wp-content/themes/floyd/portfolio.php on line 37 and defined in /public_html/mysite.com/wp-includes/category-template.php on line 1183


    Wordpress says that this error is a change in v.3.5 to close out SQL vulnerabilities: https://make.wordpress.org/core/2012...-wpdb-prepare/

    Is there a change we can make to close this hole?
    Last edited by flipper; 01-21-2018 at 18:18.

  2. #2
    Junior Member
    Join Date
    Feb 2015
    Posts
    25
    Quote Originally Posted by flipper View Post
    My site was hacked yesterday, and I'm scouring all over to see how the buggers got in.

    My error.log is spouting the same message over and over again:

    PHP Warning: Missing argument 2 for get_the_terms(), called in /public_html/mysite.com/wp-content/themes/floyd/portfolio.php on line 37 and defined in /public_html/mysite.com/wp-includes/category-template.php on line 1166


    Wordpress says that this error is a change in v.3.5 to close out SQL vulnerabilities: https://make.wordpress.org/core/2012...-wpdb-prepare/

    Is there a change we can make to close this hole?
    Anyone?

  3. #3
    Lead Support Ante's Avatar
    Join Date
    Oct 2012
    Posts
    16,930
    Hello, apologies for missing your thread.

    The link you found is not related, that's the fix for another function.

    Can you please paste here the contents of your portfolio.php file?

  4. #4
    Junior Member
    Join Date
    Feb 2015
    Posts
    25
    Quote Originally Posted by Ante View Post
    Hello, apologies for missing your thread.

    The link you found is not related, that's the fix for another function.

    Can you please paste here the contents of your portfolio.php file?

    Sorry for the delay in getting back to you. I've decided to have another go at making my site work in 2018

    The issue I have now is that the home page is showing an error message when you roll-over the picture icons to take you to the relevant post. The link works, but it says 'Warning: Missing Argument 2 for GET_THE_TERMS, called in...potfolio.php on line 37, and defined in...category-template on line 1183'. Looking at category-template, it seems it is after 2 arguments - $post and $taxonomy


    My Porfolio.PHP file:
    Code:
    <?php $t =& peTheme(); ?>
    <?php $content =& $t->content; ?>
    <?php $project =& $t->project; ?>
    <?php list($portfolio) = $t->template->data(); ?>
    
    
    		<ul class="filters">
    
    			<?php $project->filter('',"filter","active"); ?>
    
    		</ul>
    	</div>
    
    	<div class="portfolio-top"></div>
    
    	<ul class="portfolio-grid" id="<?php $content->slug(); ?>-portoflio-grid">
    
    		<?php $content =& $t->content; ?>
    
    		<?php while ($content->looping()): ?>
    
    			<?php $meta =& $content->meta(); ?>
    
    			<li class="mix <?php $project->filterClasses(); ?> mix_all">
    
    				<?php $content->img(800,530); ?>
    
    				<a href="<?php echo get_permalink(); ?>" class="open-project">
    
    					<div class="project-overlay">
    						<i class="fa fa-plane fa-3x"></i>
    
    						<span class="project-name"><?php $content->title(); ?></span>
    
    						<span><?php 
    
    								$terms = get_the_terms( get_the_id()  );
    								$output = '';
    
    								if ( $terms && ! is_wp_error( $terms ) ) :
    
    									foreach ( $terms as $term ) {
    										$output .= $term->name . ' / ';
    									}
    
    									$output = substr( $output, 0, -3 );
    
    									echo $output;
    
    								endif;
    
    								?></span>
    
    					</div>
    
    				</a>
    
    			</li>
    
    		<?php endwhile; ?>
    	
    	</ul>
    
    	<div class="project-extended">
    		<div class="container">
    			<ul class="project-controls">
    				<li>
    					<a href="#" class="close-project">
    						<i class="fa fa-times fa-2x"></i>
    					</a>
    				</li>
    			</ul>
    			<div class="project-content"></div>
    		</div>
    	</div>
    	<!-- End Ajax Loaded Portfolio -->
    	<div class="portfolio-bottom"></div>

  5. #5
    Administrator Donagh's Avatar
    Join Date
    Aug 2011
    Posts
    2,078
    Hi, That snippet of PHP code in our theme's portfolio.php file looks like this:

    Code:
    $terms = get_the_terms( get_the_id(), 'prj-category' );

  6. #6
    Junior Member
    Join Date
    Feb 2015
    Posts
    25
    Quote Originally Posted by Donagh View Post
    Hi, That snippet of PHP code in our theme's portfolio.php file looks like this:

    Code:
    $terms = get_the_terms( get_the_id(), 'prj-category' );
    Thanks!