Ticket #17737: 17737.3.patch
File 17737.3.patch, 4.4 KB (added by , 11 years ago) |
---|
-
src/wp-includes/query.php
1460 1460 $qv['paged'] = absint($qv['paged']); 1461 1461 $qv['cat'] = preg_replace( '|[^0-9,-]|', '', $qv['cat'] ); // comma separated list of positive or negative integers 1462 1462 $qv['author'] = preg_replace( '|[^0-9,-]|', '', $qv['author'] ); // comma separated list of positive or negative integers 1463 if ( is_array( $qv['pagename'] ) ) 1464 $qv['pagename'] = current( $qv['pagename'] ); 1463 1465 $qv['pagename'] = trim( $qv['pagename'] ); 1466 if ( is_array( $qv['name'] ) ) 1467 $qv['name'] = current( $qv['name'] ); 1464 1468 $qv['name'] = trim( $qv['name'] ); 1465 1469 if ( '' !== $qv['hour'] ) $qv['hour'] = absint($qv['hour']); 1466 1470 if ( '' !== $qv['minute'] ) $qv['minute'] = absint($qv['minute']); … … 1731 1735 ); 1732 1736 1733 1737 if ( isset( $t->rewrite['hierarchical'] ) && $t->rewrite['hierarchical'] ) { 1738 if ( is_array( $q[$t->query_var] ) ) 1739 $q[$t->query_var] = current( $q[$t->query_var] ); 1734 1740 $q[$t->query_var] = wp_basename( $q[$t->query_var] ); 1735 1741 } 1736 1742 … … 1753 1759 1754 1760 // Category stuff 1755 1761 if ( !empty($q['cat']) && '0' != $q['cat'] && !$this->is_singular && $this->query_vars_changed ) { 1756 $q['cat'] = ''.urldecode($q['cat']).''; 1757 $q['cat'] = addslashes_gpc($q['cat']); 1758 $cat_array = preg_split('/[,\s]+/', $q['cat']); 1762 if ( is_array( $q['cat'] ) ) 1763 $q['cat'] = current( $q['cat'] ); 1764 $q['cat'] = urldecode( $q['cat'] ); 1765 $q['cat'] = addslashes_gpc( $q['cat'] ); 1766 $cat_array = preg_split( '/[,\s]+/', $q['cat'] ); 1759 1767 $q['cat'] = ''; 1760 1768 $req_cats = array(); 1761 1769 foreach ( (array) $cat_array as $cat ) { … … 2049 2057 $q['page_id'] = get_option('page_on_front'); 2050 2058 } 2051 2059 2052 if ( isset($q['page']) ) { 2053 $q['page'] = trim($q['page'], '/'); 2054 $q['page'] = absint($q['page']); 2060 if ( isset( $q['page'] ) ) { 2061 if ( is_array( $q['page'] ) ) 2062 $q['page'] = current( $q['page'] ); 2063 $q['page'] = trim( $q['page'], '/' ); 2064 $q['page'] = absint( $q['page'] ); 2055 2065 } 2056 2066 2057 2067 // If true, forcibly turns off SQL_CALC_FOUND_ROWS even when limits are present. … … 2189 2199 } 2190 2200 } 2191 2201 } elseif ( '' != $q['attachment'] ) { 2202 if ( is_array( $q['attachment'] ) ) 2203 $q['attachment'] = current( $q['attachment'] ); 2192 2204 $q['attachment'] = sanitize_title_for_query( wp_basename( $q['attachment'] ) ); 2193 2205 $q['name'] = $q['attachment']; 2194 2206 $where .= " AND $wpdb->posts.post_name = '" . $q['attachment'] . "'"; … … 2233 2245 // If a search pattern is specified, load the posts that match 2234 2246 if ( !empty($q['s']) ) { 2235 2247 // added slashes screw with quote grouping when done early, so done later 2236 $q['s'] = stripslashes($q['s']); 2248 if ( is_array( $q['s'] ) ) 2249 $q['s'] = current( $q['s'] ); 2250 $q['s'] = stripslashes( $q['s'] ); 2237 2251 if ( empty( $_GET['s'] ) && $this->is_main_query() ) 2238 $q['s'] = urldecode( $q['s']);2252 $q['s'] = urldecode( $q['s'] ); 2239 2253 if ( !empty($q['sentence']) ) { 2240 2254 $q['search_terms'] = array($q['s']); 2241 2255 } else { … … 2346 2360 // Author/user stuff 2347 2361 2348 2362 if ( ! empty( $q['author'] ) && $q['author'] != '0' ) { 2349 $q['author'] = addslashes_gpc( '' . urldecode( $q['author'] ) ); 2363 if ( is_array( $q['author'] ) ) 2364 $q['author'] = current( $q['author'] ); 2365 $q['author'] = urldecode( $q['author'] ); 2366 $q['author'] = addslashes_gpc( $q['author'] ); 2350 2367 $authors = array_unique( array_map( 'intval', preg_split( '/[,\s]+/', $q['author'] ) ) ); 2351 2368 foreach ( $authors as $author ) { 2352 2369 $key = $author > 0 ? 'author__in' : 'author__not_in'; … … 2366 2383 // Author stuff for nice URLs 2367 2384 2368 2385 if ( '' != $q['author_name'] ) { 2386 if ( is_array( $q['author_name'] ) ) 2387 $q['author_name'] = current( $q['author_name'] ); 2369 2388 if ( strpos($q['author_name'], '/') !== false ) { 2370 2389 $q['author_name'] = explode('/', $q['author_name']); 2371 2390 if ( $q['author_name'][ count($q['author_name'])-1 ] ) { … … 2408 2427 $allowed_keys[] = 'meta_value'; 2409 2428 $allowed_keys[] = 'meta_value_num'; 2410 2429 } 2411 $q['orderby'] = urldecode($q['orderby']); 2412 $q['orderby'] = addslashes_gpc($q['orderby']); 2430 if ( is_array( $q['orderby'] ) ) 2431 $q['orderby'] = current( $q['orderby'] ); 2432 $q['orderby'] = urldecode( $q['orderby'] ); 2433 $q['orderby'] = addslashes_gpc( $q['orderby'] ); 2413 2434 2414 2435 $orderby_array = array(); 2415 2436 foreach ( explode( ' ', $q['orderby'] ) as $i => $orderby ) {