Ticket #17737: 17737.5.patch
File 17737.5.patch, 7.0 KB (added by , 11 years ago) |
---|
-
src/wp-includes/query.php
1460 1460 $qv['paged'] = absint($qv['paged']); 1461 1461 $qv['cat'] = preg_replace( '|[^0-9,-]|', '', $qv['cat'] ); // comma separated list of positive or negative integers 1462 1462 $qv['author'] = preg_replace( '|[^0-9,-]|', '', $qv['author'] ); // comma separated list of positive or negative integers 1463 $qv['pagename'] = trim( $qv['pagename'] );1464 $qv['name'] = trim( $qv['name'] );1463 $qv['pagename'] = ( ! is_array( $qv['pagename'] ) ) ? trim( $qv['pagename'] ) : ''; 1464 $qv['name'] = ( ! is_array( $qv['name'] ) ) ? trim( $qv['name'] ) : ''; 1465 1465 if ( '' !== $qv['hour'] ) $qv['hour'] = absint($qv['hour']); 1466 1466 if ( '' !== $qv['minute'] ) $qv['minute'] = absint($qv['minute']); 1467 1467 if ( '' !== $qv['second'] ) $qv['second'] = absint($qv['second']); … … 1468 1468 if ( '' !== $qv['menu_order'] ) $qv['menu_order'] = absint($qv['menu_order']); 1469 1469 1470 1470 // Compat. Map subpost to attachment. 1471 if ( '' != $qv['subpost'] )1471 if ( '' != $qv['subpost'] && ! is_array( $qv['subpost'] ) ) 1472 1472 $qv['attachment'] = $qv['subpost']; 1473 1473 if ( '' != $qv['subpost_id'] ) 1474 1474 $qv['attachment_id'] = $qv['subpost_id']; … … 1724 1724 if ( 'post_tag' == $taxonomy ) 1725 1725 continue; // Handled further down in the $q['tag'] block 1726 1726 1727 if ( $t->query_var && ! empty( $q[$t->query_var] ) ) {1727 if ( $t->query_var && ! empty( $q[ $t->query_var ] ) && ! is_array( $q[ $t->query_var ] ) ) { 1728 1728 $tax_query_defaults = array( 1729 1729 'taxonomy' => $taxonomy, 1730 1730 'field' => 'slug', … … 1731 1731 ); 1732 1732 1733 1733 if ( isset( $t->rewrite['hierarchical'] ) && $t->rewrite['hierarchical'] ) { 1734 $q[ $t->query_var] = wp_basename( $q[$t->query_var] );1734 $q[ $t->query_var ] = wp_basename( $q[ $t->query_var ] ); 1735 1735 } 1736 1736 1737 $term = $q[ $t->query_var];1737 $term = $q[ $t->query_var ]; 1738 1738 1739 1739 if ( strpos($term, '+') !== false ) { 1740 1740 $terms = preg_split( '/[+]+/', $term ); … … 1752 1752 } 1753 1753 1754 1754 // Category stuff 1755 if ( ! empty($q['cat']) && '0' != $q['cat'] && !$this->is_singular && $this->query_vars_changed ) {1756 $q['cat'] = ''.urldecode($q['cat']).'';1757 $q['cat'] = addslashes_gpc( $q['cat']);1758 $cat_array = preg_split( '/[,\s]+/', $q['cat']);1755 if ( ! empty( $q['cat'] ) && ! is_array( $q['cat'] ) && '0' != $q['cat'] && ! $this->is_singular && $this->query_vars_changed ) { 1756 $q['cat'] = urldecode( $q['cat'] ); 1757 $q['cat'] = addslashes_gpc( $q['cat'] ); 1758 $cat_array = preg_split( '/[,\s]+/', $q['cat'] ); 1759 1759 $q['cat'] = ''; 1760 1760 $req_cats = array(); 1761 1761 foreach ( (array) $cat_array as $cat ) { … … 1814 1814 } 1815 1815 1816 1816 // Tag stuff 1817 if ( '' != $q['tag'] && ! $this->is_singular && $this->query_vars_changed ) {1817 if ( '' != $q['tag'] && ! is_array( $q['tag'] ) && ! $this->is_singular && $this->query_vars_changed ) { 1818 1818 if ( strpos($q['tag'], ',') !== false ) { 1819 1819 $tags = preg_split('/[,\r\n\t ]+/', $q['tag']); 1820 1820 foreach ( (array) $tags as $tag ) { … … 2051 2051 $q['page_id'] = get_option('page_on_front'); 2052 2052 } 2053 2053 2054 if ( isset( $q['page']) ) {2055 $q['page'] = trim( $q['page'], '/');2056 $q['page'] = absint( $q['page']);2054 if ( isset( $q['page'] ) && ! is_array( $q['page'] ) ) { 2055 $q['page'] = trim( $q['page'], '/' ); 2056 $q['page'] = absint( $q['page'] ); 2057 2057 } 2058 2058 2059 2059 // If true, forcibly turns off SQL_CALC_FOUND_ROWS even when limits are present. … … 2233 2233 } 2234 2234 2235 2235 // If a search pattern is specified, load the posts that match 2236 if ( ! empty($q['s']) ) {2236 if ( ! empty( $q['s'] ) && ! is_array( $q['s'] ) ) { 2237 2237 // added slashes screw with quote grouping when done early, so done later 2238 $q['s'] = stripslashes( $q['s']);2238 $q['s'] = stripslashes( $q['s'] ); 2239 2239 if ( empty( $_GET['s'] ) && $this->is_main_query() ) 2240 $q['s'] = urldecode( $q['s']);2241 if ( ! empty($q['sentence']) ) {2242 $q['search_terms'] = array( $q['s']);2240 $q['s'] = urldecode( $q['s'] ); 2241 if ( ! empty( $q['sentence'] ) ) { 2242 $q['search_terms'] = array( $q['s'] ); 2243 2243 } else { 2244 preg_match_all( '/".*?("|$)|((?<=[\r\n\t ",+])|^)[^\r\n\t ",+]+/', $q['s'], $matches);2245 $q['search_terms'] = array_map( '_search_terms_tidy', $matches[0]);2244 preg_match_all( '/".*?("|$)|((?<=[\r\n\t ",+])|^)[^\r\n\t ",+]+/', $q['s'], $matches ); 2245 $q['search_terms'] = array_map( '_search_terms_tidy', $matches[0] ); 2246 2246 } 2247 $n = ! empty($q['exact']) ? '' : '%';2247 $n = ! empty( $q['exact'] ) ? '' : '%'; 2248 2248 $searchand = ''; 2249 2249 foreach( (array) $q['search_terms'] as $term ) { 2250 2250 $term = esc_sql( like_escape( $term ) ); … … 2347 2347 2348 2348 // Author/user stuff 2349 2349 2350 if ( ! empty( $q['author'] ) && $q['author'] != '0' ) {2351 $q['author'] = addslashes_gpc( '' .urldecode( $q['author'] ) );2350 if ( ! empty( $q['author'] ) && ! is_array( $q['author'] ) && $q['author'] != '0' ) { 2351 $q['author'] = addslashes_gpc( urldecode( $q['author'] ) ); 2352 2352 $authors = array_unique( array_map( 'intval', preg_split( '/[,\s]+/', $q['author'] ) ) ); 2353 2353 foreach ( $authors as $author ) { 2354 2354 $key = $author > 0 ? 'author__in' : 'author__not_in'; … … 2367 2367 2368 2368 // Author stuff for nice URLs 2369 2369 2370 if ( '' != $q['author_name'] ) {2370 if ( '' != $q['author_name'] && ! is_array( $q['author_name'] ) ) { 2371 2371 if ( strpos($q['author_name'], '/') !== false ) { 2372 2372 $q['author_name'] = explode('/', $q['author_name']); 2373 2373 if ( $q['author_name'][ count($q['author_name'])-1 ] ) { … … 2390 2390 2391 2391 $where .= $search . $whichauthor . $whichmimetype; 2392 2392 2393 if ( empty( $q['order']) || ((strtoupper($q['order']) != 'ASC') && (strtoupper($q['order']) != 'DESC')) )2393 if ( empty( $q['order'] ) || is_array( $q['order'] ) || ! in_array( strtoupper( $q['order'] ), array( 'ASC', 'DESC' ) ) ) 2394 2394 $q['order'] = 'DESC'; 2395 2395 2396 2396 // Order by 2397 if ( empty( $q['orderby']) ) {2397 if ( empty( $q['orderby'] ) ) { 2398 2398 $orderby = "$wpdb->posts.post_date " . $q['order']; 2399 } elseif ( 'none' == $q['orderby'] ) {2399 } elseif ( 'none' == $q['orderby'] || is_array( $q['orderby'] ) ) { 2400 2400 $orderby = ''; 2401 2401 } elseif ( $q['orderby'] == 'post__in' && ! empty( $post__in ) ) { 2402 2402 $orderby = "FIELD( {$wpdb->posts}.ID, $post__in )"; … … 2404 2404 $orderby = "FIELD( {$wpdb->posts}.post_parent, $post_parent__in )"; 2405 2405 } else { 2406 2406 // Used to filter values 2407 $allowed_keys = array( 'name', 'author', 'date', 'title', 'modified', 'menu_order', 'parent', 'ID', 'rand', 'comment_count');2408 if ( ! empty($q['meta_key']) ) {2407 $allowed_keys = array( 'name', 'author', 'date', 'title', 'modified', 'menu_order', 'parent', 'ID', 'rand', 'comment_count' ); 2408 if ( ! empty( $q['meta_key'] ) ) { 2409 2409 $allowed_keys[] = $q['meta_key']; 2410 2410 $allowed_keys[] = 'meta_value'; 2411 2411 $allowed_keys[] = 'meta_value_num'; 2412 2412 } 2413 $q['orderby'] = urldecode( $q['orderby']);2414 $q['orderby'] = addslashes_gpc( $q['orderby']);2413 $q['orderby'] = urldecode( $q['orderby'] ); 2414 $q['orderby'] = addslashes_gpc( $q['orderby'] ); 2415 2415 2416 2416 $orderby_array = array(); 2417 2417 foreach ( explode( ' ', $q['orderby'] ) as $i => $orderby ) {