My website is undergoing an SQL injection attack redirecting to ad site dolohen[dot]com.
I need to strip out the javascript before it is served up.
Is there a filter I can add or update to remove everything between tags in wp_posts post_content
I am new to programming wordpress but not to sql and databases.
Its a bit confusing because some people want to put javascript in posts but can't. Yet these SQL injectors seem to do it at will!
Thanks Phil
My website is undergoing an SQL injection attack redirecting to ad site dolohen[dot]com.
I need to strip out the javascript before it is served up.
Is there a filter I can add or update to remove everything between tags in wp_posts post_content
I am new to programming wordpress but not to sql and databases.
Its a bit confusing because some people want to put javascript in posts but can't. Yet these SQL injectors seem to do it at will!
Thanks Phil
Share Improve this question edited Oct 4, 2019 at 19:15 JakeParis 6633 gold badges7 silver badges22 bronze badges asked Oct 3, 2019 at 17:36 PHILBOPHILBO 12 bronze badges1 Answer
Reset to default 1If the javascript code is actually embedded in the post content, you could use php filters such as the_content to remove script tags. But that will strip it out at runtime, every time the page is loaded. If this is your situation, then you'd be better off stripping it out of the wp_posts.post_content table/column from the database.
If you want to quickly strip out the content just for display, you can use the the_content filter, like so (in your theme's functions file)
add_filter('the_content', function($content){
return wp_kses_post( $content );
});
But again, this will run every time the page is loaded. It's more of a short term fix.
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1745105321a4611521.html
评论列表(0条)