WordPress.org

Make WordPress Core

Ticket #31071: 31071c.diff

File 31071c.diff, 1.2 KB (added by philipjohn, 3 years ago)

Updated patch includes query escaping and working mime types array

  • wp-includes/media.php

     
    31353135                }
    31363136        }
    31373137
     3138        // Get mime types
     3139        $mime_types = wp_get_mime_types();
     3140
     3141        // Get audio mime types and query for them
     3142        $audio_mime_types = preg_grep( '/audio*/', $mime_types );
     3143        $audio_mime_types = array_values( $audio_mime_types );
    31383144        $has_audio = $wpdb->get_var( "
    31393145                SELECT ID
    31403146                FROM $wpdb->posts
    31413147                WHERE post_type = 'attachment'
    3142                 AND post_mime_type LIKE 'audio%'
     3148                AND post_mime_type IN ('" . implode( "', '", esc_sql( $audio_mime_types ) ) . "')
    31433149                LIMIT 1
    31443150        " );
     3151
     3152        // Get video mime types and query for them
     3153        $video_mime_types = preg_grep( '/video*/', $mime_types );
     3154        $video_mime_types = array_values($video_mime_types);
    31453155        $has_video = $wpdb->get_var( "
    31463156                SELECT ID
    31473157                FROM $wpdb->posts
    31483158                WHERE post_type = 'attachment'
    3149                 AND post_mime_type LIKE 'video%'
     3159                AND post_mime_type IN ('" . implode( "', '", esc_sql( $video_mime_types ) ) . "')
    31503160                LIMIT 1
    31513161        " );
     3162
    31523163        $months = $wpdb->get_results( $wpdb->prepare( "
    31533164                SELECT DISTINCT YEAR( post_date ) AS year, MONTH( post_date ) AS month
    31543165                FROM $wpdb->posts