Ticket #6476: 6476.003.diff
File 6476.003.diff, 2.8 KB (added by , 17 years ago) |
---|
-
wp-includes/post.php
460 460 if (!empty($exclusions)) 461 461 $exclusions .= ')'; 462 462 463 // orderby 464 if ( preg_match( '/.+ +(ASC|DESC)/i', $orderby ) ) 465 $order = ''; // orderby has its own order, so we'll use that 466 463 467 $query = "SELECT DISTINCT * FROM $wpdb->posts "; 464 468 $query .= empty( $category ) ? '' : ", $wpdb->term_relationships, $wpdb->term_taxonomy "; 465 469 $query .= empty( $meta_key ) ? '' : ", $wpdb->postmeta "; -
wp-includes/media.php
339 339 $output = apply_filters('post_gallery', '', $attr); 340 340 if ( $output != '' ) 341 341 return $output; 342 342 343 // We're trusting author input, so let's at least make sure it looks like a valid orderby statement 344 if ( isset( $attr['orderby'] ) ) { 345 $attr['orderby'] = sanitize_sql_orderby( $attr['orderby'] ); 346 if ( !$attr['orderby'] ) 347 unset( $attr['orderby'] ); 348 } 349 343 350 extract(shortcode_atts(array( 344 351 'orderby' => 'menu_order ASC, ID ASC', 345 352 'id' => $post->ID, … … 351 358 ), $attr)); 352 359 353 360 $id = intval($id); 354 $orderby = addslashes($orderby); 355 $attachments = get_children("post_parent=$id&post_type=attachment&post_mime_type=image&orderby=\"{$orderby}\""); 361 $attachments = get_children("post_parent=$id&post_type=attachment&post_mime_type=image&orderby={$orderby}"); 356 362 357 363 if ( empty($attachments) ) 358 364 return ''; … … 426 432 function adjacent_image_link($prev = true) { 427 433 global $post; 428 434 $post = get_post($post); 429 $attachments = array_values(get_children("post_parent=$post->post_parent&post_type=attachment&post_mime_type=image&orderby= \"menu_order ASC, ID ASC\""));435 $attachments = array_values(get_children("post_parent=$post->post_parent&post_type=attachment&post_mime_type=image&orderby=menu_order ASC, ID ASC")); 430 436 431 437 foreach ( $attachments as $k => $attachment ) 432 438 if ( $attachment->ID == $post->ID ) -
wp-includes/formatting.php
366 366 return $title; 367 367 } 368 368 369 // ensures a string is a valid SQL order by clause like: post_name ASC, ID DESC 370 // accepts one or more columns, with or without ASC/DESC, and also accepts RAND() 371 function sanitize_sql_orderby( $orderby ){ 372 preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches); 373 if ( !$obmatches ) 374 return false; 375 return $orderby; 376 } 377 369 378 function convert_chars($content, $deprecated = '') { 370 379 // Translation of invalid Unicode references range to valid range 371 380 $wp_htmltranswinuni = array(