Changeset 39953

Timestamp:

01/26/2017 01:35:34 PM (8 years ago)

Author:

ocean90

Message:

Query: Ensure that queries work correctly with post type names with special characters.

Merge of [39952] to the 4.7 branch.

Location:

branches/4.7

Files:

• . (modified) (1 prop)
• src/wp-includes/class-wp-query.php (modified) (1 diff)

branches/4.7/src/wp-includes/class-wp-query.php

@@ -2256 +2256 @@
                 $where .= ' AND 1=0 ';
             } else {
-                $where .= " AND {$wpdb->posts}.post_type IN ('" . join("', '", $in_search_post_types ) . "')";
+                $where .= " AND {$wpdb->posts}.post_type IN ('" . join( "', '", array_map( 'esc_sql', $in_search_post_types ) ) . "')";
             }
         } elseif ( !empty( $post_type ) && is_array( $post_type ) ) {
-            $where .= " AND {$wpdb->posts}.post_type IN ('" . join("', '", $post_type) . "')";
+            $where .= " AND {$wpdb->posts}.post_type IN ('" . join("', '", esc_sql( $post_type ) ) . "')";
         } elseif ( ! empty( $post_type ) ) {
-            $where .= " AND {$wpdb->posts}.post_type = '$post_type'";
+            $where .= $wpdb->prepare( " AND {$wpdb->posts}.post_type = %s", $post_type );
             $post_type_object = get_post_type_object ( $post_type );
         } elseif ( $this->is_attachment ) {