A WordPress theme designed to be used by Internet Society (ISOC) chapters to create WordPress sites using the new Internet Society brand and styling from 2016.
in od/includes/hooks-setup.php, line 69 and od/includes/utils.php, line 82 an attempt is made to select a record from table 'odposts'. This table would not exist in standard WordPress installations, as it implies that the WP installation uses 'od' as a table prefix. Using a fixed table prefix is bad for security and using a hardcoded table name makes the theme inflexible.
Suggested fix:
replace
$oPost = $wpdb->get_row("SELECT post_name FROM od_posts WHERE post_name = '".$sPageSlug."'");
with
$oPost = $wpdb->get_row( "SELECT post_name FROM $wpdb->posts WHERE post_name = '" . sanitize_title( $sPageSlug ) . "'" );
in od/includes/hooks-setup.php, line 69 and od/includes/utils.php, line 82 an attempt is made to select a record from table 'odposts'. This table would not exist in standard WordPress installations, as it implies that the WP installation uses 'od' as a table prefix. Using a fixed table prefix is bad for security and using a hardcoded table name makes the theme inflexible.
Suggested fix: replace
$oPost = $wpdb->get_row("SELECT post_name FROM od_posts WHERE post_name = '".$sPageSlug."'");with$oPost = $wpdb->get_row( "SELECT post_name FROM $wpdb->posts WHERE post_name = '" . sanitize_title( $sPageSlug ) . "'" );