Changeset 13501
- Timestamp:
- 02/28/2010 12:49:10 PM (15 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/query.php
r13495 r13501 2057 2057 $allowed_keys[] = $q['meta_key']; 2058 2058 $allowed_keys[] = 'meta_value'; 2059 $allowed_keys[] = 'meta_value_num'; 2059 2060 } 2060 2061 $q['orderby'] = urldecode($q['orderby']); 2061 2062 $q['orderby'] = addslashes_gpc($q['orderby']); 2062 $orderby_array = explode(' ',$q['orderby']); 2063 if ( empty($orderby_array) ) 2064 $orderby_array[] = $q['orderby']; 2063 $orderby_array = explode(' ', $q['orderby']); 2065 2064 $q['orderby'] = ''; 2066 for ($i = 0; $i < count($orderby_array); $i++) { 2065 2066 foreach ( $orderby_array as $i => $orderby ) { 2067 2067 // Only allow certain values for safety 2068 $orderby = $orderby_array[$i]; 2068 if ( ! in_array($orderby, $allowed_keys) ) 2069 continue; 2070 2069 2071 switch ($orderby) { 2070 2072 case 'menu_order': … … 2080 2082 $orderby = "$wpdb->postmeta.meta_value"; 2081 2083 break; 2084 case 'meta_value_num': 2085 $orderby = "$wpdb->postmeta.meta_value+0"; 2086 break; 2082 2087 case 'comment_count': 2083 2088 $orderby = "$wpdb->posts.comment_count"; … … 2086 2091 $orderby = "$wpdb->posts.post_" . $orderby; 2087 2092 } 2088 if ( in_array($orderby_array[$i], $allowed_keys) ) 2089 $q['orderby'] .= (($i == 0) ? '' : ',') . $orderby; 2090 } 2093 2094 $q['orderby'] .= (($i == 0) ? '' : ',') . $orderby; 2095 } 2096 2091 2097 // append ASC or DESC at the end 2092 2098 if ( !empty($q['orderby'])) … … 2645 2651 $tax = $this->get('taxonomy'); 2646 2652 $slug = $this->get('term'); 2647 $term = &get_terms($tax, array( 'slug'=>$slug));2653 $term = &get_terms($tax, array( 'slug' => $slug ) ); 2648 2654 if ( is_wp_error($term) || empty($term) ) 2649 2655 return NULL; … … 2657 2663 $this->queried_object = $this->post; 2658 2664 $this->queried_object_id = (int) $this->post->ID; 2659 } elseif ( $this->is_page ) {2665 } elseif ( $this->is_page && !is_null($this->post) ) { 2660 2666 $this->queried_object = $this->post; 2661 2667 $this->queried_object_id = (int) $this->post->ID;
Note: See TracChangeset
for help on using the changeset viewer.