Make WordPress Core

Changeset 36354


Ignore:
Timestamp:
01/20/2016 04:37:13 AM (9 years ago)
Author:
dd32
Message:

Query: Avoid invalid SQL when building ORDER BY clause using long search strings.

The introduction of negative search terms in 4.4 [34934] introduced the
possibility that the ORDER BY clause of a search query could be assembled in
such a way as to create invalid syntax. The current changeset fixes this by
ensuring that the ORDER BY clause corresponding to the search terms is
excluded when it would otherwise be empty.

Merges [36251] to the 4.4 branch.
Props salvoaranzulla, boonebgorges.
Fixes #35361.

Location:
branches/4.4
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/4.4

  • branches/4.4/src/wp-includes/query.php

    r36281 r36354  
    23012301            }
    23022302
    2303             $search_orderby = '(CASE ';
     2303            $search_orderby = '';
    23042304
    23052305            // sentence match in 'post_title'
     
    23222322                $search_orderby .= $wpdb->prepare( "WHEN $wpdb->posts.post_content LIKE %s THEN 4 ", $like );
    23232323            }
    2324             $search_orderby .= 'ELSE 5 END)';
     2324
     2325            if ( $search_orderby ) {
     2326                $search_orderby = '(CASE ' . $search_orderby . 'ELSE 5 END)';
     2327            }
    23252328        } else {
    23262329            // single word or sentence search
  • branches/4.4/tests/phpunit/tests/query/search.php

    r35242 r36354  
    126126        $this->assertEqualSets( array( $p3 ), $q->posts );
    127127    }
     128
     129    /**
     130     * @ticket 35361
     131     */
     132    public function test_search_orderby_should_be_empty_when_search_string_is_longer_than_6_words_and_exclusion_operator_is_used() {
     133        $q = new WP_Query( array(
     134            's' => 'foo1 foo2 foo3 foo4 foo5 foo6 foo7 -bar',
     135            'fields' => 'ids',
     136        ) );
     137
     138        $this->assertNotRegExp( '|ORDER BY \(CASE[^\)]+\)|', $q->request );
     139    }
    128140}
Note: See TracChangeset for help on using the changeset viewer.