Ticket #10649: query.php.3.diff
| File query.php.3.diff, 1.6 KB (added by , 15 years ago) |
|---|
-
wp-includes/query.php
2021 2021 if ( !empty($q['meta_key']) ) { 2022 2022 $allowed_keys[] = $q['meta_key']; 2023 2023 $allowed_keys[] = 'meta_value'; 2024 $allowed_keys[] = 'meta_value_num'; 2024 2025 } 2025 2026 $q['orderby'] = urldecode($q['orderby']); 2026 2027 $q['orderby'] = addslashes_gpc($q['orderby']); 2027 $orderby_array = explode(' ',$q['orderby']); 2028 if ( empty($orderby_array) ) 2029 $orderby_array[] = $q['orderby']; 2028 $orderby_array = explode(' ', $q['orderby']); 2030 2029 $q['orderby'] = ''; 2031 for ($i = 0; $i < count($orderby_array); $i++) { 2030 2031 foreach ( $orderby_array as $i => $orderby ) { 2032 2032 // Only allow certain values for safety 2033 $orderby = $orderby_array[$i]; 2033 if ( ! in_array($orderby, $allowed_keys) ) 2034 continue; 2035 2034 2036 switch ($orderby) { 2035 2037 case 'menu_order': 2036 2038 break; … … 2044 2046 case 'meta_value': 2045 2047 $orderby = "$wpdb->postmeta.meta_value"; 2046 2048 break; 2049 case 'meta_value_num': 2050 $orderby = "$wpdb->postmeta.meta_value+0"; 2051 break; 2047 2052 case 'comment_count': 2048 2053 $orderby = "$wpdb->posts.comment_count"; 2049 2054 break; 2050 2055 default: 2051 2056 $orderby = "$wpdb->posts.post_" . $orderby; 2052 2057 } 2053 if ( in_array($orderby_array[$i], $allowed_keys) ) 2054 2058 2059 $q['orderby'] .= (($i == 0) ? '' : ',') . $orderby; 2055 2060 } 2061 2056 2062 // append ASC or DESC at the end 2057 2063 if ( !empty($q['orderby'])) 2058 2064 $q['orderby'] .= " {$q['order']}";