Changeset 36251 for trunk/src/wp-includes/query.php

Timestamp:

01/10/2016 03:25:15 AM (9 years ago)

Author:

boonebgorges

Message:

Avoid invalid SQL when building ORDER BY clause using long search strings.

The introduction of negative search terms in 4.4 [34934] introduced the
possibility that the ORDER BY clause of a search query could be assembled in
such a way as to create invalid syntax. The current changeset fixes this by
ensuring that the ORDER BY clause corresponding to the search terms is
excluded when it would otherwise be empty.

Props salvoaranzulla.
Fixes #35361.

File:

• trunk/src/wp-includes/query.php (modified) (2 diffs)

trunk/src/wp-includes/query.php

@@ -2269 +2269 @@
             }
 
-            $search_orderby = '(CASE ';
+            $search_orderby = '';
 
             // sentence match in 'post_title'
@@ -2290 +2290 @@
                 $search_orderby .= $wpdb->prepare( "WHEN $wpdb->posts.post_content LIKE %s THEN 4 ", $like );
             }
-            $search_orderby .= 'ELSE 5 END)';
+
+            if ( $search_orderby ) {
+                $search_orderby = '(CASE ' . $search_orderby . 'ELSE 5 END)';
+            }
         } else {
             // single word or sentence search