WordPress.org

Make WordPress Core


Ignore:
Timestamp:
01/26/2017 01:49:12 PM (3 years ago)
Author:
ocean90
Message:

Query: Ensure that queries work correctly with post type names with special characters.

Merge of [39952] to the 4.5 branch.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/4.5/src/wp-includes/query.php

    r37075 r39958  
    30533053        if ( 'any' == $post_type ) {
    30543054            $in_search_post_types = get_post_types( array('exclude_from_search' => false) );
    3055             if ( empty( $in_search_post_types ) )
     3055            if ( empty( $in_search_post_types ) ) {
    30563056                $where .= ' AND 1=0 ';
    3057             else
    3058                 $where .= " AND $wpdb->posts.post_type IN ('" . join("', '", $in_search_post_types ) . "')";
     3057            } else {
     3058                $where .= " AND {$wpdb->posts}.post_type IN ('" . join( "', '", array_map( 'esc_sql', $in_search_post_types ) ) . "')";
     3059            }
    30593060        } elseif ( !empty( $post_type ) && is_array( $post_type ) ) {
    3060             $where .= " AND $wpdb->posts.post_type IN ('" . join("', '", $post_type) . "')";
     3061            $where .= " AND {$wpdb->posts}.post_type IN ('" . join("', '", esc_sql( $post_type ) ) . "')";
    30613062        } elseif ( ! empty( $post_type ) ) {
    3062             $where .= " AND $wpdb->posts.post_type = '$post_type'";
     3063            $where .= $wpdb->prepare( " AND {$wpdb->posts}.post_type = %s", $post_type );
    30633064            $post_type_object = get_post_type_object ( $post_type );
    30643065        } elseif ( $this->is_attachment ) {
Note: See TracChangeset for help on using the changeset viewer.