wp_query does not handle multiple exclude author properly

[commentluv]

when making a query with $args containing

'author' => '-2,-3,-4'

line 2008 of wp-includes/query.php only uses 1 element of the array that is created from the

$q['author'] string

 $q['author'] = explode('-', $q['author']);
 $q['author'] = (string)absint($q['author'][1]);

I have attached a patch that works with 1 or more excluded authors

essentially it, implodes the array back into a string of author ID's rather than selecting only element [1] of the exploded array

$q['author'] = explode('-', $q['author']);
$q['author'] = implode('',$q['author']);

patch for wp-includes/query.php for wordpress version 3.1

That gleefully opens the door to SQL injections.

Instead of overloading the 'author' query var, I think we shold have author__in and author__not_in.

Similar: #13927

yes I agree, it was a quick and dirty patch.
I did consider doing an array_walk and absint each of the id's but I figured I would wait until one of the regular wp folks would come up with a better way. and you did! (in minutes flat!) :-)

the author__in and author_not_in would make more sense, it would allow and/nots for authors
at the moment, it's " show from everyone except this one" and not able to "show from these but not these"

looking forward to see what happens with it

I ran into this problem myself so I wrote up a patch. It does not add authorin and authornot_in, but it does, in effect, do those things with the 'author' param. See 16854.patch

Essentially, if you pass only '-' values to 'author', a NOT IN query is assembled. If you pass only values without an '-', you get an IN query. If you pass a mix of '-' and non-'-', the '-' values are ignored and you get an IN query (since the NOTs would be redundant anyway).

While I was refactoring, I introduced support for passing an array as well as a string.

I got caught by the comma-separated string only (no arrays allowed) issue, heh. It'd be good to introduce author__in and author__not_in and make them accept both arrays and strings -- two birds, one stone.

Just hoping this bug can get looked at again. It's not fixed in 3.3 beta 2. It's had a patch for 5 months, and it's definitely a significant bug - the codex even has a broken example

​http://codex.wordpress.org/Class_Reference/WP_Query#Author_Parameters

$query = new WP_Query( 'author=-12,-34,-56' );

The above example from the docs, is the perfect test case for this bug. More than happy to help if the patch needs updated. I've a manually patched wordpress installation for one of my clients, and I currently need to re-patch every release.

Version number is used to track when the bug was initially reported.

duplicate: #13278

Introduce authorin and authornot_in and parse author parameter into them.

Closed #20150 as a duplicate.

This one has been bugging me, pollett's code seems like an excellent solution. 3.5 milestone?