WordPress.org

Make WordPress Core

Changeset 20048


Ignore:
Timestamp:
02/29/2012 10:19:18 PM (6 years ago)
Author:
nacin
Message:

In WP_Themes_List_Table, don't perform unnecessary sanitization on search terms or filter features. We only use these for case-insensitive comparison. see #19815.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/class-wp-themes-list-table.php

    r20043 r20048  
    1010class WP_Themes_List_Table extends WP_List_Table {
    1111
    12     var $search = array();
     12    protected $search_terms = array();
    1313    var $features = array();
    14    
     14
    1515    function __construct() {
    1616        parent::__construct( array(
     
    2727        $themes = wp_get_themes( array( 'allowed' => true ) );
    2828
    29         if ( ! empty( $_REQUEST['s'] ) ) {
    30             $search = strtolower( stripslashes( $_REQUEST['s'] ) );
    31             $this->search = array_merge( $this->search, array_filter( array_map( 'trim', explode( ',', $search ) ) ) );
    32             $this->search = array_unique( $this->search );
    33         }
    34 
    35         if ( !empty( $_REQUEST['features'] ) ) {
     29        if ( ! empty( $_REQUEST['s'] ) )
     30            $this->search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', strtolower( stripslashes( $_REQUEST['s'] ) ) ) ) ) );
     31
     32        if ( ! empty( $_REQUEST['features'] ) ) {
     33            var_dump( $_REQUEST['features'] );
    3634            $this->features = $_REQUEST['features'];
    37             $this->features = array_map( 'trim', $this->features );
    38             $this->features = array_map( 'sanitize_title_with_dashes', $this->features );
    39             $this->features = array_unique( $this->features );
    40         }
    41 
    42         if ( $this->search || $this->features ) {
     35        }
     36
     37        if ( $this->search_terms || $this->features ) {
    4338            foreach ( $themes as $key => $theme ) {
    4439                if ( ! $this->search_theme( $theme ) )
     
    6459
    6560    function no_items() {
    66         if ( $this->search || $this->features ) {
     61        if ( $this->search_terms || $this->features ) {
    6762            _e( 'No items found.' );
    6863            return;
     
    187182    function search_theme( $theme ) {
    188183        // Search the features
    189         if ( $this->features ) {
    190             foreach ( $this->features as $word ) {
    191                 if ( ! in_array( $word, $theme->get('Tags') ) )
    192                     return false;
    193             }
     184        foreach ( $this->features as $word ) {
     185            if ( ! in_array( $word, $theme->get('Tags') ) )
     186                return false;
    194187        }
    195188
    196189        // Match all phrases
    197         if ( $this->search ) {
    198             foreach ( $this->search as $word ) {
    199                 if ( in_array( $word, $theme->get('Tags') ) )
    200                     continue;
    201 
    202                 foreach ( array( 'Name', 'Description', 'Author', 'AuthorURI' ) as $header ) {
    203                     // Don't mark up; Do translate.
    204                     if ( false !== stripos( $theme->display( $header, false, true ), $word ) )
    205                         continue 2;
    206                 }
    207 
    208                 if ( false !== stripos( $theme->get_stylesheet(), $word ) )
    209                     continue;
    210 
    211                 if ( false !== stripos( $theme->get_template(), $word ) )
    212                     continue;
    213  
    214                 return false;
    215             }
     190        foreach ( $this->search_terms as $word ) {
     191            if ( in_array( $word, $theme->get('Tags') ) )
     192                continue;
     193
     194            foreach ( array( 'Name', 'Description', 'Author', 'AuthorURI' ) as $header ) {
     195                // Don't mark up; Do translate.
     196                if ( false !== stripos( $theme->display( $header, false, true ), $word ) )
     197                    continue 2;
     198            }
     199
     200            if ( false !== stripos( $theme->get_stylesheet(), $word ) )
     201                continue;
     202
     203            if ( false !== stripos( $theme->get_template(), $word ) )
     204                continue;
     205
     206            return false;
    216207        }
    217208
Note: See TracChangeset for help on using the changeset viewer.