Changeset 53255
- Timestamp:
- 04/25/2022 12:55:35 PM (3 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/class-wp-user-query.php
r52977 r53255 275 275 $qv = $this->fill_query_vars( $qv ); 276 276 277 $allowed_fields = array( 278 'ID', 279 'display_name', 280 'user_login', 281 'user_nicename', 282 'user_email', 283 'user_url', 284 'user_registered', 285 ); 286 277 287 if ( is_array( $qv['fields'] ) ) { 278 288 $qv['fields'] = array_unique( $qv['fields'] ); … … 284 294 } 285 295 $this->query_fields = implode( ',', $this->query_fields ); 286 } elseif ( 'all' === $qv['fields']) {296 } elseif ( ! in_array( $qv['fields'], $allowed_fields, true ) ) { 287 297 $this->query_fields = "$wpdb->users.*"; 288 298 } else { 289 $this->query_fields = "$wpdb->users.ID"; 299 $field = 'ID' === $qv['fields'] ? 'ID' : sanitize_key( $qv['fields'] ); 300 $this->query_fields = "$wpdb->users.$field"; 290 301 } 291 302 -
trunk/tests/phpunit/tests/user/query.php
r52010 r53255 199 199 'meta_key' => 'last_name', 200 200 'orderby' => 'meta_value', 201 'fields' => ' ids',201 'fields' => 'ID', 202 202 ) 203 203 ); … … 221 221 'meta_key' => 'user_age', 222 222 'orderby' => 'meta_value_num', 223 'fields' => ' ids',223 'fields' => 'ID', 224 224 ) 225 225 ); … … 243 243 'meta_key' => 'foo', 244 244 'orderby' => 'foo', 245 'fields' => ' ids',245 'fields' => 'ID', 246 246 ) 247 247 ); … … 262 262 $q = new WP_User_Query( 263 263 array( 264 'fields' => ' ids',264 'fields' => 'ID', 265 265 'meta_query' => array( 266 266 'foo_key' => array( … … 303 303 $q = new WP_User_Query( 304 304 array( 305 'fields' => ' ids',305 'fields' => 'ID', 306 306 'meta_query' => array( 307 307 'foo_key' => array( … … 333 333 $q = new WP_User_Query( 334 334 array( 335 'fields' => ' ids',335 'fields' => 'ID', 336 336 'meta_query' => array( 337 337 'foo_key' => array( … … 1282 1282 'orderby' => 'ID', 1283 1283 'order' => 'DESC', // Avoid funkiness with user 1. 1284 'fields' => ' ids',1284 'fields' => 'ID', 1285 1285 ) 1286 1286 ); … … 1358 1358 array( 1359 1359 'role' => 'editor', 1360 'fields' => ' ids',1360 'fields' => 'ID', 1361 1361 ) 1362 1362 ); … … 1967 1967 $this->assertContains( self::$author_ids[2], $found ); 1968 1968 } 1969 1970 /** 1971 * @ticket 53177 1972 * 1973 * @param $field 1974 * @param $expected 1975 * 1976 * @return void 1977 * 1978 * @dataProvider data_returning_fields 1979 * 1980 * @covers WP_User_Query::prepare_query 1981 */ 1982 public function test_returning_fields( $field, $expected_values ) { 1983 $q = new WP_User_Query( 1984 array( 1985 'fields' => $field, 1986 'include ' => array( self::$admin_ids[0] ), 1987 ) 1988 ); 1989 $results = $q->get_results(); 1990 1991 if ( 'all_with_meta' === $field ) { 1992 $data = array_shift( $results )->data; 1993 1994 } else { 1995 $data = ( isset( $results[0]->data ) ) ? $results[0]->data : $results[0]; 1996 } 1997 1998 foreach ( $expected_values as $key => $expected_value ) { 1999 if ( ! is_array( $results ) ) { 2000 $this->assertEquals( array_shift( $results ), $expected_value ); 2001 } else { 2002 $value = ( isset( $data->$key ) ) ? $data->$key : $data; 2003 $this->assertEquals( $value, $expected_value ); 2004 } 2005 } 2006 } 2007 2008 public function data_returning_fields() { 2009 return array( 2010 'all' => array( 2011 'field' => 'all', 2012 'expected' => array( 2013 'ID' => '1', 2014 'user_login' => 'admin', 2015 'user_nicename' => 'admin', 2016 'user_email' => 'admin@example.org', 2017 'user_url' => 'http://example.org', 2018 'user_activation_key' => '', 2019 'user_status' => '0', 2020 'display_name' => 'admin', 2021 ), 2022 ), 2023 'all_with_meta' => array( 2024 'field' => 'all_with_meta', 2025 'expected' => array( 2026 'ID' => '1', 2027 'user_login' => 'admin', 2028 'user_nicename' => 'admin', 2029 'user_email' => 'admin@example.org', 2030 'user_url' => 'http://example.org', 2031 'user_activation_key' => '', 2032 'user_status' => '0', 2033 'display_name' => 'admin', 2034 ), 2035 ), 2036 'ID' => array( 2037 'field' => 'ID', 2038 'expected' => array( 2039 'ID' => '1', 2040 ), 2041 ), 2042 'display_name' => array( 2043 'field' => 'display_name', 2044 'expected' => array( 2045 'display_name' => 'admin', 2046 ), 2047 ), 2048 'user_login' => array( 2049 'field' => 'user_login', 2050 'expected' => array( 2051 'user_login' => 'admin', 2052 ), 2053 ), 2054 'user_nicename' => array( 2055 'field' => 'user_nicename', 2056 'expected' => array( 2057 'user_nicename' => 'admin', 2058 ), 2059 ), 2060 'user_email' => array( 2061 'field' => 'user_email', 2062 'expected' => array( 2063 'user_email' => 'admin@example.org', 2064 ), 2065 ), 2066 'invalid_field' => array( 2067 'field' => 'invalid_field', 2068 'expected' => array( 2069 '0' => '1', 2070 ), 2071 ), 2072 ); 2073 } 2074 2075 /** 2076 * @ticket 53177 2077 * 2078 * @return void 2079 * 2080 * @covers WP_User_Query::prepare_query 2081 */ 2082 public function test_returning_field_user_registered() { 2083 $q = new WP_User_Query( 2084 array( 2085 'fields' => 'user_registered', 2086 'include' => array( self::$admin_ids[0] ), 2087 ) 2088 ); 2089 $results = $q->get_results(); 2090 $this->assertNotFalse( DateTime::createFromFormat( 'Y-m-d H:i:s', $results[0] ) ); 2091 } 1969 2092 }
Note: See TracChangeset
for help on using the changeset viewer.