Ticket #16844: 16844.diff
| File 16844.diff, 1.9 KB (added by scribu, 6 years ago) |
|---|
-
wp-includes/query.php
2271 2271 2272 2272 // Order by 2273 2273 if ( empty($q['orderby']) ) { 2274 $ q['orderby']= "$wpdb->posts.post_date " . $q['order'];2274 $orderby = "$wpdb->posts.post_date " . $q['order']; 2275 2275 } elseif ( 'none' == $q['orderby'] ) { 2276 $ q['orderby']= '';2276 $orderby = ''; 2277 2277 } else { 2278 2278 // Used to filter values 2279 2279 $allowed_keys = array('author', 'date', 'title', 'modified', 'menu_order', 'parent', 'ID', 'rand', 'comment_count'); … … 2284 2284 } 2285 2285 $q['orderby'] = urldecode($q['orderby']); 2286 2286 $q['orderby'] = addslashes_gpc($q['orderby']); 2287 $orderby_array = explode(' ', $q['orderby']);2288 $q['orderby'] = '';2289 2287 2290 foreach ( $orderby_array as $i => $orderby ) { 2288 $orderby_array = array(); 2289 foreach ( explode( ' ', $q['orderby'] ) as $i => $orderby ) { 2291 2290 // Only allow certain values for safety 2292 2291 if ( ! in_array($orderby, $allowed_keys) ) 2293 2292 continue; … … 2315 2314 $orderby = "$wpdb->posts.post_" . $orderby; 2316 2315 } 2317 2316 2318 $ q['orderby'] .= (($i == 0) ? '' : ',') .$orderby;2317 $orderby_array[] = $orderby; 2319 2318 } 2319 $orderby = implode( ',', $orderby_array ); 2320 2320 2321 // append ASC or DESC at the end 2322 if ( !empty($q['orderby'])) 2323 $q['orderby'] .= " {$q['order']}"; 2324 2325 if ( empty($q['orderby']) ) 2326 $q['orderby'] = "$wpdb->posts.post_date ".$q['order']; 2321 if ( empty( $orderby ) ) 2322 $orderby = "$wpdb->posts.post_date ".$q['order']; 2323 else 2324 $orderby .= " {$q['order']}"; 2327 2325 } 2328 2326 2329 2327 if ( is_array( $post_type ) ) { … … 2512 2510 $where = "AND 0"; 2513 2511 } 2514 2512 2515 $orderby = $q['orderby'];2516 2517 2513 $pieces = array( 'where', 'groupby', 'join', 'orderby', 'distinct', 'fields', 'limits' ); 2518 2514 2519 2515 // Apply post-paging filters on where and join. Only plugins that
