Ticket #24687: 24687.diff
File 24687.diff, 1.5 KB (added by , 11 years ago) |
---|
-
query.php
2371 2371 $q['orderby'] = addslashes_gpc($q['orderby']); 2372 2372 2373 2373 $orderby_array = array(); 2374 foreach ( explode( ' ', $q['orderby'] ) as $i => $orderby ) { 2374 $orderby_parts = preg_split( '/[, ]/', $q['orderby'], -1, PREG_SPLIT_NO_EMPTY ); 2375 foreach ( $orderby_parts as $i => $orderby ) { 2375 2376 // Only allow certain values for safety 2376 2377 if ( ! in_array($orderby, $allowed_keys) ) 2377 2378 continue; 2378 2379 2380 // If the next word is ASC or DESC, use it 2381 // for this sort key and cancel $q['order'] 2382 $order = ''; 2383 if ( isset( $orderby_parts[ $i + 1 ] ) ) { 2384 $next_part = strtoupper( $orderby_parts[ $i + 1 ] ); 2385 if ( in_array( $next_part, array( 'ASC', 'DESC' ) ) ) { 2386 $q['order'] = ''; 2387 $order = $next_part; 2388 } 2389 } 2390 2379 2391 switch ( $orderby ) { 2380 2392 case 'menu_order': 2381 2393 $orderby = "$wpdb->posts.menu_order"; … … 2400 2412 $orderby = "$wpdb->posts.post_" . $orderby; 2401 2413 } 2402 2414 2403 $orderby_array[] = $orderby;2415 $orderby_array[] = trim( "$orderby $order" ); 2404 2416 } 2405 $orderby = implode( ', ', $orderby_array );2417 $orderby = implode( ', ', $orderby_array ); 2406 2418 2407 2419 if ( empty( $orderby ) ) 2408 $orderby = "$wpdb->posts.post_date ".$q['order'];2409 else 2410 $orderby .= " {$q['order']}";2420 $orderby = "$wpdb->posts.post_date"; 2421 2422 $orderby = trim( "$orderby {$q['order']}" ); 2411 2423 } 2412 2424 2413 2425 if ( is_array( $post_type ) && count( $post_type ) > 1 ) {