WordPress.org

Make WordPress Core

Changeset 25392


Ignore:
Timestamp:
09/12/2013 06:24:09 AM (7 years ago)
Author:
wonderboymusic
Message:
  • Add isset() checks all over WP_User_Query::prepare_query() and WP_User_Query::query(). When a WP_User_Query instance is constructed without passing args, no query vars are filled in, thus $qv doesn't contain most of the expected indices.
  • Suppress an undefined index notice in tests/user/query.php

Fixes #25292.
See #25282.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/user.php

    r25331 r25392  
    410410        }
    411411
    412         if ( $qv['count_total'] )
     412        if ( isset( $qv['count_total'] ) && $qv['count_total'] )
    413413            $this->query_fields = 'SQL_CALC_FOUND_ROWS ' . $this->query_fields;
    414414
     
    417417
    418418        // sorting
    419         if ( in_array( $qv['orderby'], array('nicename', 'email', 'url', 'registered') ) ) {
    420             $orderby = 'user_' . $qv['orderby'];
    421         } elseif ( in_array( $qv['orderby'], array('user_nicename', 'user_email', 'user_url', 'user_registered') ) ) {
    422             $orderby = $qv['orderby'];
    423         } elseif ( 'name' == $qv['orderby'] || 'display_name' == $qv['orderby'] ) {
    424             $orderby = 'display_name';
    425         } elseif ( 'post_count' == $qv['orderby'] ) {
    426             // todo: avoid the JOIN
    427             $where = get_posts_by_author_sql('post');
    428             $this->query_from .= " LEFT OUTER JOIN (
    429                 SELECT post_author, COUNT(*) as post_count
    430                 FROM $wpdb->posts
    431                 $where
    432                 GROUP BY post_author
    433             ) p ON ({$wpdb->users}.ID = p.post_author)
    434             ";
    435             $orderby = 'post_count';
    436         } elseif ( 'ID' == $qv['orderby'] || 'id' == $qv['orderby'] ) {
    437             $orderby = 'ID';
    438         } elseif ( 'meta_value' == $qv['orderby'] ) {
    439             $orderby = "$wpdb->usermeta.meta_value";
    440         } else {
     419        if ( isset( $qv['orderby'] ) ) {
     420            if ( in_array( $qv['orderby'], array('nicename', 'email', 'url', 'registered') ) ) {
     421                $orderby = 'user_' . $qv['orderby'];
     422            } elseif ( in_array( $qv['orderby'], array('user_nicename', 'user_email', 'user_url', 'user_registered') ) ) {
     423                $orderby = $qv['orderby'];
     424            } elseif ( 'name' == $qv['orderby'] || 'display_name' == $qv['orderby'] ) {
     425                $orderby = 'display_name';
     426            } elseif ( 'post_count' == $qv['orderby'] ) {
     427                // todo: avoid the JOIN
     428                $where = get_posts_by_author_sql('post');
     429                $this->query_from .= " LEFT OUTER JOIN (
     430                    SELECT post_author, COUNT(*) as post_count
     431                    FROM $wpdb->posts
     432                    $where
     433                    GROUP BY post_author
     434                ) p ON ({$wpdb->users}.ID = p.post_author)
     435                ";
     436                $orderby = 'post_count';
     437            } elseif ( 'ID' == $qv['orderby'] || 'id' == $qv['orderby'] ) {
     438                $orderby = 'ID';
     439            } elseif ( 'meta_value' == $qv['orderby'] ) {
     440                $orderby = "$wpdb->usermeta.meta_value";
     441            } else {
     442                $orderby = 'user_login';
     443            }
     444        }
     445
     446        if ( empty( $orderby ) )
    441447            $orderby = 'user_login';
    442         }
    443 
    444         $qv['order'] = strtoupper( $qv['order'] );
     448
     449        $qv['order'] = isset( $qv['order'] ) ? strtoupper( $qv['order'] ) : '';
    445450        if ( 'ASC' == $qv['order'] )
    446451            $order = 'ASC';
     
    450455
    451456        // limit
    452         if ( $qv['number'] ) {
     457        if ( isset( $qv['number'] ) && $qv['number'] ) {
    453458            if ( $qv['offset'] )
    454459                $this->query_limit = $wpdb->prepare("LIMIT %d, %d", $qv['offset'], $qv['number']);
     
    457462        }
    458463
    459         $search = trim( $qv['search'] );
     464        $search = '';
     465        if ( isset( $qv['search'] ) )
     466            $search = trim( $qv['search'] );
     467
    460468        if ( $search ) {
    461469            $leading_wild = ( ltrim($search, '*') != $search );
     
    491499        }
    492500
    493         $blog_id = absint( $qv['blog_id'] );
    494 
    495         if ( 'authors' == $qv['who'] && $blog_id ) {
     501        $blog_id = 0;
     502        if ( isset( $qv['blog_id'] ) )
     503            $blog_id = absint( $qv['blog_id'] );
     504
     505        if ( isset( $qv['who'] ) && 'authors' == $qv['who'] && $blog_id ) {
    496506            $qv['meta_key'] = $wpdb->get_blog_prefix( $blog_id ) . 'user_level';
    497507            $qv['meta_value'] = 0;
     
    500510        }
    501511
    502         $role = trim( $qv['role'] );
     512        $role = '';
     513        if ( isset( $qv['role'] ) )
     514            $role = trim( $qv['role'] );
    503515
    504516        if ( $blog_id && ( $role || is_multisite() ) ) {
     
    526538        }
    527539
    528         if ( !empty( $qv['include'] ) ) {
     540        if ( ! empty( $qv['include'] ) ) {
    529541            $ids = implode( ',', wp_parse_id_list( $qv['include'] ) );
    530542            $this->query_where .= " AND $wpdb->users.ID IN ($ids)";
    531         } elseif ( !empty($qv['exclude']) ) {
     543        } elseif ( ! empty( $qv['exclude'] ) ) {
    532544            $ids = implode( ',', wp_parse_id_list( $qv['exclude'] ) );
    533545            $this->query_where .= " AND $wpdb->users.ID NOT IN ($ids)";
     
    554566        }
    555567
    556         if ( $qv['count_total'] )
     568        if ( isset( $qv['count_total'] ) && $qv['count_total'] )
    557569            $this->total_users = $wpdb->get_var( apply_filters( 'found_users_query', 'SELECT FOUND_ROWS()' ) );
    558570
  • trunk/tests/phpunit/tests/user/query.php

    r25331 r25392  
    2121
    2222        $this->assertEquals( '', $users->get( 'fields' ) );
    23         $this->assertEquals( '', $users->query_vars['fields'] );
     23        $this->assertEquals( '', @$users->query_vars['fields'] );
    2424
    2525        $users->set( 'fields', 'all' );
Note: See TracChangeset for help on using the changeset viewer.