Changeset 34090 for trunk/src/wp-includes/query.php

Timestamp:

09/12/2015 09:05:14 PM (10 years ago)

Author:

boonebgorges

Message:

Use stricter sanitization for meta query clause keys.

By forcing all clause keys to be strings, we make it possible to use strict
comparison when validating values of 'orderby' as passed to WP_Query. This
eliminates situations where the presence of numeric clause keys could result
in an improperly validated 'orderby' value.

Props nikolov.tmw.
Fixes #32937.

File:

• trunk/src/wp-includes/query.php (modified) (1 diff)

trunk/src/wp-includes/query.php

@@ -2281 +2281 @@
         }
 
-        if ( ! in_array( $orderby, $allowed_keys ) ) {
+        if ( ! in_array( $orderby, $allowed_keys, true ) ) {
             return false;
         }