Changeset 29933 for trunk/src/wp-includes/date.php
- Timestamp:
- 10/17/2014 01:19:03 AM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/date.php
r29925 r29933 436 436 * Validates a column name parameter. 437 437 * 438 * Column names without a table prefix (like 'post_date') are checked against a whitelist of 439 * known tables, and then, if found, have a table prefix (such as 'wp_posts.') prepended. 440 * Prefixed column names (such as 'wp_posts.post_date') bypass this whitelist check, 441 * and are only sanitized to remove illegal characters. 442 * 438 443 * @since 3.7.0 439 444 * @access public … … 443 448 */ 444 449 public function validate_column( $column ) { 450 global $wpdb; 451 445 452 $valid_columns = array( 446 453 'post_date', 'post_date_gmt', 'post_modified', 447 454 'post_modified_gmt', 'comment_date', 'comment_date_gmt' 448 455 ); 449 /** 450 * Filter the list of valid date query columns. 451 * 452 * @since 3.7.0 453 * 454 * @param array $valid_columns An array of valid date query columns. Defaults are 'post_date', 'post_date_gmt', 455 * 'post_modified', 'post_modified_gmt', 'comment_date', 'comment_date_gmt' 456 */ 457 if ( ! in_array( $column, apply_filters( 'date_query_valid_columns', $valid_columns ) ) ) 458 $column = 'post_date'; 459 460 return $column; 456 457 // Attempt to detect a table prefix. 458 if ( false === strpos( $column, '.' ) ) { 459 /** 460 * Filter the list of valid date query columns. 461 * 462 * @since 3.7.0 463 * 464 * @param array $valid_columns An array of valid date query columns. Defaults 465 * are 'post_date', 'post_date_gmt', 'post_modified', 466 * 'post_modified_gmt', 'comment_date', 'comment_date_gmt' 467 */ 468 if ( ! in_array( $column, apply_filters( 'date_query_valid_columns', $valid_columns ) ) ) { 469 $column = 'post_date'; 470 } 471 472 $known_columns = array( 473 $wpdb->posts => array( 474 'post_date', 475 'post_date_gmt', 476 'post_modified', 477 'post_modified_gmt', 478 ), 479 $wpdb->comments => array( 480 'comment_date', 481 'comment_date_gmt', 482 ), 483 ); 484 485 // If it's a known column name, add the appropriate table prefix. 486 foreach ( $known_columns as $table_name => $table_columns ) { 487 if ( in_array( $column, $table_columns ) ) { 488 $column = $table_name . '.' . $column; 489 break; 490 } 491 } 492 493 } 494 495 // Remove unsafe characters. 496 return preg_replace( '/[^a-zA-Z0-9_$\.]/', '', $column ); 461 497 } 462 498
Note: See TracChangeset
for help on using the changeset viewer.