Make WordPress Core


Ignore:
Timestamp:
02/20/2016 08:03:31 PM (9 years ago)
Author:
boonebgorges
Message:

In get_terms(), assemble WHERE conditions in an array instead of concatenating.

This method is more reliable when adding new WHERE conditions.

See #35495.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/taxonomy.php

    r36564 r36598  
    13101310    }
    13111311
    1312     $where = "tt.taxonomy IN ('" . implode("', '", $taxonomies) . "')";
     1312    $where_conditions = array();
     1313
     1314    $where_conditions[] = "tt.taxonomy IN ('" . implode("', '", $taxonomies) . "')";
    13131315
    13141316    $exclude = $args['exclude'];
     
    13241326
    13251327    if ( ! empty( $inclusions ) ) {
    1326         $inclusions = ' AND t.term_id IN ( ' . $inclusions . ' )';
    1327         $where .= $inclusions;
     1328        $where_conditions[] = 't.term_id IN ( ' . $inclusions . ' )';
    13281329    }
    13291330
     
    13551356
    13561357    if ( ! empty( $exclusions ) ) {
    1357         $exclusions = ' AND t.term_id NOT IN (' . implode( ',', array_map( 'intval', $exclusions ) ) . ')';
     1358        $exclusions = 't.term_id NOT IN (' . implode( ',', array_map( 'intval', $exclusions ) ) . ')';
    13581359    } else {
    13591360        $exclusions = '';
     
    13721373
    13731374    if ( ! empty( $exclusions ) ) {
    1374         $where .= $exclusions;
     1375        // Must do string manipulation here for backward compatibility with filter.
     1376        $where_conditions[] = preg_replace( '/^\s*AND\s*/', '', $exclusions );
    13751377    }
    13761378
     
    13821384        }
    13831385
    1384         $where .= " AND t.name IN ('" . implode( "', '", array_map( 'esc_sql', $names ) ) . "')";
     1386        $where_conditions[] = "t.name IN ('" . implode( "', '", array_map( 'esc_sql', $names ) ) . "')";
    13851387    }
    13861388
     
    13881390        if ( is_array( $args['slug'] ) ) {
    13891391            $slug = array_map( 'sanitize_title', $args['slug'] );
    1390             $where .= " AND t.slug IN ('" . implode( "', '", $slug ) . "')";
     1392            $where_conditions[] = "t.slug IN ('" . implode( "', '", $slug ) . "')";
    13911393        } else {
    13921394            $slug = sanitize_title( $args['slug'] );
    1393             $where .= " AND t.slug = '$slug'";
     1395            $where_conditions[] = "t.slug = '$slug'";
    13941396        }
    13951397    }
    13961398
    13971399    if ( ! empty( $args['name__like'] ) ) {
    1398         $where .= $wpdb->prepare( " AND t.name LIKE %s", '%' . $wpdb->esc_like( $args['name__like'] ) . '%' );
     1400        $where_conditions[] = $wpdb->prepare( "t.name LIKE %s", '%' . $wpdb->esc_like( $args['name__like'] ) . '%' );
    13991401    }
    14001402
    14011403    if ( ! empty( $args['description__like'] ) ) {
    1402         $where .= $wpdb->prepare( " AND tt.description LIKE %s", '%' . $wpdb->esc_like( $args['description__like'] ) . '%' );
     1404        $where_conditions[] = $wpdb->prepare( "tt.description LIKE %s", '%' . $wpdb->esc_like( $args['description__like'] ) . '%' );
    14031405    }
    14041406
    14051407    if ( '' !== $parent ) {
    14061408        $parent = (int) $parent;
    1407         $where .= " AND tt.parent = '$parent'";
     1409        $where_conditions[] = "tt.parent = '$parent'";
    14081410    }
    14091411
     
    14131415    }
    14141416    if ( $args['hide_empty'] && !$hierarchical ) {
    1415         $where .= ' AND tt.count > 0';
     1417        $where_conditions[] = 'tt.count > 0';
    14161418    }
    14171419
     
    14321434    if ( ! empty( $args['search'] ) ) {
    14331435        $like = '%' . $wpdb->esc_like( $args['search'] ) . '%';
    1434         $where .= $wpdb->prepare( ' AND ((t.name LIKE %s) OR (t.slug LIKE %s))', $like, $like );
     1436        $where_conditions[] = $wpdb->prepare( '((t.name LIKE %s) OR (t.slug LIKE %s))', $like, $like );
    14351437    }
    14361438
     
    14451447
    14461448    if ( ! empty( $meta_clauses ) ) {
    1447         $join  .= $mq_sql['join'];
    1448         $where .= $mq_sql['where'];
     1449        $join .= $mq_sql['join'];
     1450        $where_conditions[] = preg_replace( '/^\s*AND\s*/', '', $mq_sql['where'] );
    14491451        $distinct .= "DISTINCT";
    14501452
     
    15341536    $join .= " INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id";
    15351537
     1538    $where = implode( ' AND ', $where_conditions );
     1539
    15361540    $pieces = array( 'fields', 'join', 'where', 'distinct', 'orderby', 'order', 'limits' );
    15371541
     
    15551559    $limits = isset( $clauses[ 'limits' ] ) ? $clauses[ 'limits' ] : '';
    15561560
    1557     $query = "SELECT $distinct $fields FROM $wpdb->terms AS t $join WHERE $where $orderby $order $limits";
     1561    if ( $where ) {
     1562        $where = "WHERE $where";
     1563    }
     1564
     1565    $query = "SELECT $distinct $fields FROM $wpdb->terms AS t $join $where $orderby $order $limits";
    15581566
    15591567    // $args can be anything. Only use the args defined in defaults to compute the key.
Note: See TracChangeset for help on using the changeset viewer.