WordPress.org

Make WordPress Core

Changeset 18345


Ignore:
Timestamp:
06/27/2011 03:46:11 PM (9 years ago)
Author:
ryan
Message:

Sanitize order and orderby in get_bookmarks()

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/bookmark.php

    r17146 r18345  
    214214    $orderby = strtolower($orderby);
    215215    $length = '';
    216     switch ($orderby) {
     216    switch ( $orderby ) {
    217217        case 'length':
    218218            $length = ", CHAR_LENGTH(link_name) AS length";
     
    221221            $orderby = 'rand()';
    222222            break;
     223        case 'link_id':
     224            $orderby = "$wpdb->links.link_id";
     225            break;
    223226        default:
    224227            $orderparams = array();
    225             foreach ( explode(',', $orderby) as $ordparam )
    226                 $orderparams[] = 'link_' . trim($ordparam);
     228            foreach ( explode(',', $orderby) as $ordparam ) {
     229                $ordparam = trim($ordparam);
     230                if ( in_array( $ordparam, array( 'name', 'url', 'visible', 'rating', 'owner', 'updated' ) ) )
     231                    $orderparams[] = 'link_' . $ordparam;
     232            }
    227233            $orderby = implode(',', $orderparams);
    228234    }
    229235
    230     if ( 'link_id' == $orderby )
    231         $orderby = "$wpdb->links.link_id";
     236    if ( empty( $orderby ) )
     237        $orderby = 'link_name';
     238
     239    $order = strtoupper( $order );
     240    if ( '' !== $order && !in_array( $order, array( 'ASC', 'DESC' ) ) )
     241        $order = 'ASC';
    232242
    233243    $visible = '';
Note: See TracChangeset for help on using the changeset viewer.