Make WordPress Core


Ignore:
Timestamp:
09/12/2015 09:05:14 PM (9 years ago)
Author:
boonebgorges
Message:

Use stricter sanitization for meta query clause keys.

By forcing all clause keys to be strings, we make it possible to use strict
comparison when validating values of 'orderby' as passed to WP_Query. This
eliminates situations where the presence of numeric clause keys could result
in an improperly validated 'orderby' value.

Props nikolov.tmw.
Fixes #32937.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/query.php

    r34089 r34090  
    22812281        }
    22822282
    2283         if ( ! in_array( $orderby, $allowed_keys ) ) {
     2283        if ( ! in_array( $orderby, $allowed_keys, true ) ) {
    22842284            return false;
    22852285        }
Note: See TracChangeset for help on using the changeset viewer.