Ticket #17737: 17737.diff
File 17737.diff, 4.4 KB (added by , 11 years ago) |
---|
-
src/wp-includes/query.php
1471 1471 $qv['paged'] = absint($qv['paged']); 1472 1472 $qv['cat'] = preg_replace( '|[^0-9,-]|', '', $qv['cat'] ); // comma separated list of positive or negative integers 1473 1473 $qv['author'] = preg_replace( '|[^0-9,-]|', '', $qv['author'] ); // comma separated list of positive or negative integers 1474 $qv['pagename'] = trim( $qv['pagename'] );1475 $qv['name'] = trim( $qv['name'] );1474 $qv['pagename'] = ! is_array( $qv['pagename'] ) ? trim( $qv['pagename'] ) : ''; 1475 $qv['name'] = ! is_array( $qv['name'] ) ? trim( $qv['name'] ) : ''; 1476 1476 if ( '' !== $qv['hour'] ) $qv['hour'] = absint($qv['hour']); 1477 1477 if ( '' !== $qv['minute'] ) $qv['minute'] = absint($qv['minute']); 1478 1478 if ( '' !== $qv['second'] ) $qv['second'] = absint($qv['second']); … … 1483 1483 $qv['s'] = ''; 1484 1484 1485 1485 // Compat. Map subpost to attachment. 1486 if ( '' != $qv['subpost'] )1486 if ( '' != $qv['subpost'] && ! is_array( $qv['subpost'] ) ) 1487 1487 $qv['attachment'] = $qv['subpost']; 1488 1488 if ( '' != $qv['subpost_id'] ) 1489 1489 $qv['attachment_id'] = $qv['subpost_id']; … … 1739 1739 if ( 'post_tag' == $taxonomy ) 1740 1740 continue; // Handled further down in the $q['tag'] block 1741 1741 1742 if ( $t->query_var && ! empty( $q[$t->query_var] ) ) {1742 if ( $t->query_var && ! empty( $q[ $t->query_var ] ) && ! is_array( $q[ $t->query_var ] ) ) { 1743 1743 $tax_query_defaults = array( 1744 1744 'taxonomy' => $taxonomy, 1745 1745 'field' => 'slug', … … 1767 1767 } 1768 1768 1769 1769 // Category stuff 1770 if ( ! empty($q['cat']) && '0' != $q['cat'] && !$this->is_singular && $this->query_vars_changed ) {1771 $q['cat'] = ''.urldecode($q['cat']).'';1770 if ( ! empty( $q['cat'] ) && ! is_array( $q['cat'] ) && '0' != $q['cat'] && ! $this->is_singular && $this->query_vars_changed ) { 1771 $q['cat'] = urldecode($q['cat']); 1772 1772 $q['cat'] = addslashes_gpc($q['cat']); 1773 1773 $cat_array = preg_split('/[,\s]+/', $q['cat']); 1774 1774 $q['cat'] = ''; … … 1829 1829 } 1830 1830 1831 1831 // Tag stuff 1832 if ( '' != $q['tag'] && ! $this->is_singular && $this->query_vars_changed ) {1832 if ( '' != $q['tag'] && ! is_array( $q['tag'] ) && ! $this->is_singular && $this->query_vars_changed ) { 1833 1833 if ( strpos($q['tag'], ',') !== false ) { 1834 1834 $tags = preg_split('/[,\r\n\t ]+/', $q['tag']); 1835 1835 foreach ( (array) $tags as $tag ) { … … 2243 2243 $q['page_id'] = get_option('page_on_front'); 2244 2244 } 2245 2245 2246 if ( isset( $q['page']) ) {2246 if ( isset( $q['page'] ) && ! is_array( $q['page'] ) ) { 2247 2247 $q['page'] = trim($q['page'], '/'); 2248 2248 $q['page'] = absint($q['page']); 2249 2249 } … … 2425 2425 } 2426 2426 2427 2427 // If a search pattern is specified, load the posts that match. 2428 if ( ! empty( $q['s'] ) )2428 if ( ! empty( $q['s'] ) && ! is_array( $q['s'] ) ) 2429 2429 $search = $this->parse_search( $q ); 2430 2430 2431 2431 // Taxonomies … … 2513 2513 2514 2514 // Author/user stuff 2515 2515 2516 if ( ! empty( $q['author'] ) && $q['author'] != '0' ) {2517 $q['author'] = addslashes_gpc( '' .urldecode( $q['author'] ) );2516 if ( ! empty( $q['author'] ) && ! is_array( $q['author'] ) && $q['author'] != '0' ) { 2517 $q['author'] = addslashes_gpc( urldecode( $q['author'] ) ); 2518 2518 $authors = array_unique( array_map( 'intval', preg_split( '/[,\s]+/', $q['author'] ) ) ); 2519 2519 foreach ( $authors as $author ) { 2520 2520 $key = $author > 0 ? 'author__in' : 'author__not_in'; … … 2533 2533 2534 2534 // Author stuff for nice URLs 2535 2535 2536 if ( '' != $q['author_name'] ) {2536 if ( '' != $q['author_name'] && ! is_array( $q['author_name'] ) ) { 2537 2537 if ( strpos($q['author_name'], '/') !== false ) { 2538 2538 $q['author_name'] = explode('/', $q['author_name']); 2539 2539 if ( $q['author_name'][ count($q['author_name'])-1 ] ) { … … 2556 2556 2557 2557 $where .= $search . $whichauthor . $whichmimetype; 2558 2558 2559 if ( empty( $q['order']) || ((strtoupper($q['order']) != 'ASC') && (strtoupper($q['order']) != 'DESC')) )2559 if ( empty( $q['order'] ) || is_array( $q['order'] ) || ! in_array( strtoupper( $q['order'] ), array( 'ASC', 'DESC' ) ) ) 2560 2560 $q['order'] = 'DESC'; 2561 2561 2562 2562 // Order by 2563 2563 if ( empty($q['orderby']) ) { 2564 2564 $orderby = "$wpdb->posts.post_date " . $q['order']; 2565 } elseif ( 'none' == $q['orderby'] ) {2565 } elseif ( 'none' == $q['orderby'] || is_array( $q['orderby'] ) ) { 2566 2566 $orderby = ''; 2567 2567 } elseif ( $q['orderby'] == 'post__in' && ! empty( $post__in ) ) { 2568 2568 $orderby = "FIELD( {$wpdb->posts}.ID, $post__in )";