Changeset 29933
- Timestamp:
- 10/17/2014 01:19:03 AM (10 years ago)
- Location:
- trunk
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/date.php
r29925 r29933 436 436 * Validates a column name parameter. 437 437 * 438 * Column names without a table prefix (like 'post_date') are checked against a whitelist of 439 * known tables, and then, if found, have a table prefix (such as 'wp_posts.') prepended. 440 * Prefixed column names (such as 'wp_posts.post_date') bypass this whitelist check, 441 * and are only sanitized to remove illegal characters. 442 * 438 443 * @since 3.7.0 439 444 * @access public … … 443 448 */ 444 449 public function validate_column( $column ) { 450 global $wpdb; 451 445 452 $valid_columns = array( 446 453 'post_date', 'post_date_gmt', 'post_modified', 447 454 'post_modified_gmt', 'comment_date', 'comment_date_gmt' 448 455 ); 449 /** 450 * Filter the list of valid date query columns. 451 * 452 * @since 3.7.0 453 * 454 * @param array $valid_columns An array of valid date query columns. Defaults are 'post_date', 'post_date_gmt', 455 * 'post_modified', 'post_modified_gmt', 'comment_date', 'comment_date_gmt' 456 */ 457 if ( ! in_array( $column, apply_filters( 'date_query_valid_columns', $valid_columns ) ) ) 458 $column = 'post_date'; 459 460 return $column; 456 457 // Attempt to detect a table prefix. 458 if ( false === strpos( $column, '.' ) ) { 459 /** 460 * Filter the list of valid date query columns. 461 * 462 * @since 3.7.0 463 * 464 * @param array $valid_columns An array of valid date query columns. Defaults 465 * are 'post_date', 'post_date_gmt', 'post_modified', 466 * 'post_modified_gmt', 'comment_date', 'comment_date_gmt' 467 */ 468 if ( ! in_array( $column, apply_filters( 'date_query_valid_columns', $valid_columns ) ) ) { 469 $column = 'post_date'; 470 } 471 472 $known_columns = array( 473 $wpdb->posts => array( 474 'post_date', 475 'post_date_gmt', 476 'post_modified', 477 'post_modified_gmt', 478 ), 479 $wpdb->comments => array( 480 'comment_date', 481 'comment_date_gmt', 482 ), 483 ); 484 485 // If it's a known column name, add the appropriate table prefix. 486 foreach ( $known_columns as $table_name => $table_columns ) { 487 if ( in_array( $column, $table_columns ) ) { 488 $column = $table_name . '.' . $column; 489 break; 490 } 491 } 492 493 } 494 495 // Remove unsafe characters. 496 return preg_replace( '/[^a-zA-Z0-9_$\.]/', '', $column ); 461 497 } 462 498 -
trunk/tests/phpunit/tests/date/query.php
r29925 r29933 202 202 203 203 public function test_validate_column_post_date() { 204 $q = new WP_Date_Query( array() ); 205 206 $this->assertSame( 'post_date', $q->validate_column( 'post_date' ) ); 204 global $wpdb; 205 $q = new WP_Date_Query( array() ); 206 207 $this->assertSame( $wpdb->posts . '.post_date', $q->validate_column( 'post_date' ) ); 207 208 } 208 209 209 210 public function test_validate_column_post_date_gmt() { 210 $q = new WP_Date_Query( array() ); 211 212 $this->assertSame( 'post_date_gmt', $q->validate_column( 'post_date_gmt' ) ); 211 global $wpdb; 212 $q = new WP_Date_Query( array() ); 213 214 $this->assertSame( $wpdb->posts . '.post_date_gmt', $q->validate_column( 'post_date_gmt' ) ); 213 215 } 214 216 215 217 public function test_validate_column_post_modified() { 216 $q = new WP_Date_Query( array() ); 217 218 $this->assertSame( 'post_modified', $q->validate_column( 'post_modified' ) ); 218 global $wpdb; 219 $q = new WP_Date_Query( array() ); 220 221 $this->assertSame( $wpdb->posts . '.post_modified', $q->validate_column( 'post_modified' ) ); 219 222 } 220 223 221 224 public function test_validate_column_post_modified_gmt() { 222 $q = new WP_Date_Query( array() ); 223 224 $this->assertSame( 'post_modified_gmt', $q->validate_column( 'post_modified_gmt' ) ); 225 global $wpdb; 226 $q = new WP_Date_Query( array() ); 227 228 $this->assertSame( $wpdb->posts . '.post_modified_gmt', $q->validate_column( 'post_modified_gmt' ) ); 225 229 } 226 230 227 231 public function test_validate_column_comment_date() { 228 $q = new WP_Date_Query( array() ); 229 230 $this->assertSame( 'comment_date', $q->validate_column( 'comment_date' ) ); 232 global $wpdb; 233 $q = new WP_Date_Query( array() ); 234 235 $this->assertSame( $wpdb->comments . '.comment_date', $q->validate_column( 'comment_date' ) ); 231 236 } 232 237 233 238 public function test_validate_column_comment_date_gmt() { 234 $q = new WP_Date_Query( array() ); 235 236 $this->assertSame( 'comment_date_gmt', $q->validate_column( 'comment_date_gmt' ) ); 239 global $wpdb; 240 $q = new WP_Date_Query( array() ); 241 242 $this->assertSame( $wpdb->comments . '.comment_date_gmt', $q->validate_column( 'comment_date_gmt' ) ); 237 243 } 238 244 239 245 public function test_validate_column_invalid() { 240 $q = new WP_Date_Query( array() ); 241 242 $this->assertSame( 'post_date', $q->validate_column( 'foo' ) ); 246 global $wpdb; 247 $q = new WP_Date_Query( array() ); 248 249 $this->assertSame( $wpdb->posts . '.post_date', $q->validate_column( 'foo' ) ); 250 } 251 252 /** 253 * @ticket 25775 254 */ 255 public function test_validate_column_with_date_query_valid_columns_filter() { 256 $q = new WP_Date_Query( array() ); 257 258 add_filter( 'date_query_valid_columns', array( $this, 'date_query_valid_columns_callback' ) ); 259 260 $this->assertSame( 'my_custom_column', $q->validate_column( 'my_custom_column' ) ); 261 262 remove_filter( 'date_query_valid_columns', array( $this, 'date_query_valid_columns_callback' ) ); 263 } 264 265 /** 266 * @ticket 25775 267 */ 268 public function test_validate_column_prefixed_column_name() { 269 $q = new WP_Date_Query( array() ); 270 271 $this->assertSame( 'foo.bar', $q->validate_column( 'foo.bar' ) ); 272 } 273 274 /** 275 * @ticket 25775 276 */ 277 public function test_validate_column_prefixed_column_name_with_illegal_characters() { 278 $q = new WP_Date_Query( array() ); 279 280 $this->assertSame( 'foo.bar', $q->validate_column( 'f"\'oo\/.b;:()ar' ) ); 243 281 } 244 282 245 283 public function test_build_value_value_null() { 284 global $wpdb; 246 285 $q = new WP_Date_Query( array() ); 247 286 … … 903 942 } 904 943 } 944 945 /** Helpers **********************************************************/ 946 947 public function date_query_valid_columns_callback( $columns ) { 948 $columns[] = 'my_custom_column'; 949 return $columns; 950 } 905 951 } -
trunk/tests/phpunit/tests/query/dateQuery.php
r29923 r29933 611 611 612 612 public function test_date_params_monthnum_m_duplicate() { 613 global $wpdb; 614 613 615 $this->create_posts(); 614 616 … … 630 632 $this->assertEquals( $expected_dates, wp_list_pluck( $posts, 'post_date' ) ); 631 633 632 $this->assertContains( "MONTH( post_date ) = 5", $this->q->request );633 $this->assertNotContains( "MONTH( post_date ) = 9", $this->q->request );634 $this->assertContains( "MONTH( $wpdb->posts.post_date ) = 5", $this->q->request ); 635 $this->assertNotContains( "MONTH( $wpdb->posts.post_date ) = 9", $this->q->request ); 634 636 } 635 637 636 638 public function test_date_params_week_w_duplicate() { 639 global $wpdb; 640 637 641 $this->create_posts(); 638 642 … … 653 657 $this->assertEquals( $expected_dates, wp_list_pluck( $posts, 'post_date' ) ); 654 658 655 $this->assertContains( "WEEK( post_date, 1 ) = 21", $this->q->request ); 656 $this->assertNotContains( "WEEK( post_date, 1 ) = 22", $this->q->request ); 659 $this->assertContains( "WEEK( $wpdb->posts.post_date, 1 ) = 21", $this->q->request ); 660 $this->assertNotContains( "WEEK( $wpdb->posts.post_date, 1 ) = 22", $this->q->request ); 661 } 662 663 /** 664 * @ticket 25775 665 */ 666 public function test_date_query_with_taxonomy_join() { 667 $p1 = $this->factory->post->create( array( 668 'post_date' => '2013-04-27 01:01:01', 669 ) ); 670 $p2 = $this->factory->post->create( array( 671 'post_date' => '2013-03-21 01:01:01', 672 ) ); 673 674 register_taxonomy( 'foo', 'post' ); 675 wp_set_object_terms( $p1, 'bar', 'foo' ); 676 677 $posts = $this->_get_query_result( array( 678 'date_query' => array( 679 'year' => 2013, 680 ), 681 'tax_query' => array( 682 array( 683 'taxonomy' => 'foo', 684 'terms' => array( 'bar' ), 685 'field' => 'name', 686 ), 687 ), 688 ) ); 689 690 _unregister_taxonomy( 'foo' ); 691 692 $this->assertEquals( array( $p1 ), wp_list_pluck( $posts, 'ID' ) ); 657 693 } 658 694
Note: See TracChangeset
for help on using the changeset viewer.