WordPress.org

Make WordPress Core

Changeset 36598


Ignore:
Timestamp:
02/20/16 20:03:31 (19 months ago)
Author:
boonebgorges
Message:

In get_terms(), assemble WHERE conditions in an array instead of concatenating.

This method is more reliable when adding new WHERE conditions.

See #35495.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/taxonomy.php

    r36564 r36598  
    13101310    } 
    13111311 
    1312     $where = "tt.taxonomy IN ('" . implode("', '", $taxonomies) . "')"; 
     1312    $where_conditions = array(); 
     1313 
     1314    $where_conditions[] = "tt.taxonomy IN ('" . implode("', '", $taxonomies) . "')"; 
    13131315 
    13141316    $exclude = $args['exclude']; 
     
    13241326 
    13251327    if ( ! empty( $inclusions ) ) { 
    1326         $inclusions = ' AND t.term_id IN ( ' . $inclusions . ' )'; 
    1327         $where .= $inclusions; 
     1328        $where_conditions[] = 't.term_id IN ( ' . $inclusions . ' )'; 
    13281329    } 
    13291330 
     
    13551356 
    13561357    if ( ! empty( $exclusions ) ) { 
    1357         $exclusions = ' AND t.term_id NOT IN (' . implode( ',', array_map( 'intval', $exclusions ) ) . ')'; 
     1358        $exclusions = 't.term_id NOT IN (' . implode( ',', array_map( 'intval', $exclusions ) ) . ')'; 
    13581359    } else { 
    13591360        $exclusions = ''; 
     
    13721373 
    13731374    if ( ! empty( $exclusions ) ) { 
    1374         $where .= $exclusions; 
     1375        // Must do string manipulation here for backward compatibility with filter. 
     1376        $where_conditions[] = preg_replace( '/^\s*AND\s*/', '', $exclusions ); 
    13751377    } 
    13761378 
     
    13821384        } 
    13831385 
    1384         $where .= " AND t.name IN ('" . implode( "', '", array_map( 'esc_sql', $names ) ) . "')"; 
     1386        $where_conditions[] = "t.name IN ('" . implode( "', '", array_map( 'esc_sql', $names ) ) . "')"; 
    13851387    } 
    13861388 
     
    13881390        if ( is_array( $args['slug'] ) ) { 
    13891391            $slug = array_map( 'sanitize_title', $args['slug'] ); 
    1390             $where .= " AND t.slug IN ('" . implode( "', '", $slug ) . "')"; 
     1392            $where_conditions[] = "t.slug IN ('" . implode( "', '", $slug ) . "')"; 
    13911393        } else { 
    13921394            $slug = sanitize_title( $args['slug'] ); 
    1393             $where .= " AND t.slug = '$slug'"; 
     1395            $where_conditions[] = "t.slug = '$slug'"; 
    13941396        } 
    13951397    } 
    13961398 
    13971399    if ( ! empty( $args['name__like'] ) ) { 
    1398         $where .= $wpdb->prepare( " AND t.name LIKE %s", '%' . $wpdb->esc_like( $args['name__like'] ) . '%' ); 
     1400        $where_conditions[] = $wpdb->prepare( "t.name LIKE %s", '%' . $wpdb->esc_like( $args['name__like'] ) . '%' ); 
    13991401    } 
    14001402 
    14011403    if ( ! empty( $args['description__like'] ) ) { 
    1402         $where .= $wpdb->prepare( " AND tt.description LIKE %s", '%' . $wpdb->esc_like( $args['description__like'] ) . '%' ); 
     1404        $where_conditions[] = $wpdb->prepare( "tt.description LIKE %s", '%' . $wpdb->esc_like( $args['description__like'] ) . '%' ); 
    14031405    } 
    14041406 
    14051407    if ( '' !== $parent ) { 
    14061408        $parent = (int) $parent; 
    1407         $where .= " AND tt.parent = '$parent'"; 
     1409        $where_conditions[] = "tt.parent = '$parent'"; 
    14081410    } 
    14091411 
     
    14131415    } 
    14141416    if ( $args['hide_empty'] && !$hierarchical ) { 
    1415         $where .= ' AND tt.count > 0'; 
     1417        $where_conditions[] = 'tt.count > 0'; 
    14161418    } 
    14171419 
     
    14321434    if ( ! empty( $args['search'] ) ) { 
    14331435        $like = '%' . $wpdb->esc_like( $args['search'] ) . '%'; 
    1434         $where .= $wpdb->prepare( ' AND ((t.name LIKE %s) OR (t.slug LIKE %s))', $like, $like ); 
     1436        $where_conditions[] = $wpdb->prepare( '((t.name LIKE %s) OR (t.slug LIKE %s))', $like, $like ); 
    14351437    } 
    14361438 
     
    14451447 
    14461448    if ( ! empty( $meta_clauses ) ) { 
    1447         $join  .= $mq_sql['join']; 
    1448         $where .= $mq_sql['where']; 
     1449        $join .= $mq_sql['join']; 
     1450        $where_conditions[] = preg_replace( '/^\s*AND\s*/', '', $mq_sql['where'] ); 
    14491451        $distinct .= "DISTINCT"; 
    14501452 
     
    15341536    $join .= " INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id"; 
    15351537 
     1538    $where = implode( ' AND ', $where_conditions ); 
     1539 
    15361540    $pieces = array( 'fields', 'join', 'where', 'distinct', 'orderby', 'order', 'limits' ); 
    15371541 
     
    15551559    $limits = isset( $clauses[ 'limits' ] ) ? $clauses[ 'limits' ] : ''; 
    15561560 
    1557     $query = "SELECT $distinct $fields FROM $wpdb->terms AS t $join WHERE $where $orderby $order $limits"; 
     1561    if ( $where ) { 
     1562        $where = "WHERE $where"; 
     1563    } 
     1564 
     1565    $query = "SELECT $distinct $fields FROM $wpdb->terms AS t $join $where $orderby $order $limits"; 
    15581566 
    15591567    // $args can be anything. Only use the args defined in defaults to compute the key. 
Note: See TracChangeset for help on using the changeset viewer.