Context Navigation

← Previous Change
Next Change →

class-wp-user-query.php

Timestamp:

04/25/2022 12:55:35 PM (3 years ago)

Author:

audrasjb

Message:

Users: Make sure WP_User_Query can be filtered using the fields parameter.

This change ensures the fields parameter is taken into account when running WP_User_Query by fixing the conditional statement used to process the fields param.

Props rilwis, peterwilsoncc, NomNom99, hellofromTonya, audrasjb, rilwis, Boniu91.
Fixes #53177.

File:

: 1 edited

trunk/src/wp-includes/class-wp-user-query.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/src/wp-includes/class-wp-user-query.php

-                      r52977
+                      r53255
         $qv = $this->fill_query_vars( $qv );
+        $allowed_fields = array(
+            'ID',
+            'display_name',
+            'user_login',
+            'user_nicename',
+            'user_email',
+            'user_url',
+            'user_registered',
+        );
         if ( is_array( $qv['fields'] ) ) {
             $qv['fields'] = array_unique( $qv['fields'] );
 …
+            }
             $this->query_fields = implode( ',', $this->query_fields );
         } elseif ( 'all' === $qv['fields'] ) {
+        } elseif ( ! in_array( $qv['fields'], $allowed_fields, true ) ) {
             $this->query_fields = "$wpdb->users.*";
         } else {
+            $this->query_fields = "$wpdb->users.ID";
+            $field              = 'ID' === $qv['fields'] ? 'ID' : sanitize_key( $qv['fields'] );
+            $this->query_fields = "$wpdb->users.$field";
+        }

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Make WordPress Core

Context Navigation

Changeset 53255 for trunk/src/wp-includes/class-wp-user-query.php

Legend:

trunk/src/wp-includes/class-wp-user-query.php

Download in other formats: