Opened 9 months ago

Closed 8 months ago

#21827 closed enhancement (fixed)

Use wp_parse_id_list() in gallery_shortcode()

Reported by: SergeyBiryukov Owned by: nacin
Priority: low Milestone: 3.5
Component: Media Version: 3.0
Severity: normal Keywords: has-patch commit
Cc:

Description

In gallery_shortcode(), a regex is used to sanitize a list of IDs in 'include' and 'exclude' parameters.

We have a special function for that:
http://core.trac.wordpress.org/browser/tags/3.4.2/wp-includes/functions.php#L2345

Attachments (2)

21827.patch (1.2 KB) - added by SergeyBiryukov 9 months ago.
21827.2.patch (1.1 KB) - added by SergeyBiryukov 9 months ago.

Download all attachments as: .zip

Change History (6)

SergeyBiryukov9 months ago

comment:1   scribu9 months ago

  • Keywords commit added
  • Milestone changed from Awaiting Review to 3.5
  • Priority changed from normal to low

comment:2   TobiasBg9 months ago

wp_parse_id_list() is already applied to the 'include' parameter in get_posts(), after the patch it would be done twice...

Never mind, it's only done to be able to count the number of posts. It's not actually changing the 'include' parameter.

Version 3, edited 9 months ago by TobiasBg (previous) (next) (diff)

SergeyBiryukov9 months ago

comment:3   SergeyBiryukov9 months ago

Indeed: http://core.trac.wordpress.org/browser/tags/3.4.2/wp-includes/post.php#L1450

Thanks! So the sanitization in gallery_shortcode() is not necessary at all.

comment:4   nacin8 months ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In [21833]:

Don't sanitize include and exclude in gallery_shortcode(), as this is handled further down the stack, and better. props SergeyBiryukov, TobiasBg. fixes #21827.

Note: See TracTickets for help on using tickets.