WordPress.org

Make WordPress Core

Ticket #11017: 11017.2.2.patch

File 11017.2.2.patch, 1.6 KB (added by ramiy, 9 years ago)

with parameter validation

  • author-template.php

     
    247247        global $wpdb;
    248248
    249249        $defaults = array(
     250                'orderby' => 'display_name', 'order' => 'ASC',
    250251                'optioncount' => false, 'exclude_admin' => true,
    251252                'show_fullname' => false, 'hide_empty' => true,
    252253                'feed' => '', 'feed_image' => '', 'feed_type' => '', 'echo' => true,
     
    257258        extract($r, EXTR_SKIP);
    258259        $return = '';
    259260
     261        $_orderby = strtolower($orderby);
     262        if ( 'login' == $_orderby || 'user_login' == $_orderby )
     263                $orderby = 'user_login';
     264        else if ( 'nicename' == $_orderby || 'user_nicename' == $_orderby )
     265                $orderby = 'user_nicename';
     266        else if ( 'display' == $_orderby || 'display_name' == $_orderby )
     267                $orderby = 'display_name';
     268        elseif ( empty($_orderby) || 'id' == $_orderby )
     269                $orderby = 'id';
     270
     271        $orderby = apply_filters( 'get_terms_orderby', $orderby, $args );
     272
    260273        /** @todo Move select to get_authors(). */
    261         $authors = $wpdb->get_results("SELECT ID, user_nicename from $wpdb->users " . ($exclude_admin ? "WHERE user_login <> 'admin' " : '') . "ORDER BY display_name");
     274        $authors = $wpdb->get_results("SELECT ID, user_nicename from $wpdb->users " . ($exclude_admin ? "WHERE user_login <> 'admin' " : '') . "ORDER BY $orderby $order");
    262275
    263276        $author_count = array();
    264277        foreach ((array) $wpdb->get_results("SELECT DISTINCT post_author, COUNT(ID) AS count FROM $wpdb->posts WHERE post_type = 'post' AND " . get_private_posts_cap_sql( 'post' ) . " GROUP BY post_author") as $row) {