Changeset 6380 for trunk/wp-includes/query.php
- Timestamp:
- 12/14/2007 06:20:42 AM (18 years ago)
- File:
-
- 1 edited
-
trunk/wp-includes/query.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/query.php
r6377 r6380 1114 1114 } else { 1115 1115 // Used to filter values 1116 $allowed_keys = array('author', 'date', 'category', 'title', 'modified', 'menu_order' );1116 $allowed_keys = array('author', 'date', 'category', 'title', 'modified', 'menu_order', 'parent', 'ID'); 1117 1117 $q['orderby'] = urldecode($q['orderby']); 1118 1118 $q['orderby'] = addslashes_gpc($q['orderby']); … … 1124 1124 // Only allow certain values for safety 1125 1125 $orderby = $orderby_array[$i]; 1126 if ( 'menu_order' != $orderby)1126 if ( !('menu_order' == $orderby || 'ID' == $orderby )) 1127 1127 $orderby = 'post_' . $orderby; 1128 1128 if ( in_array($orderby_array[$i], $allowed_keys) ) 1129 $q['orderby'] .= (($i == 0) ? '' : ',') . "$orderby {$q['order']}"; 1130 } 1129 $q['orderby'] .= (($i == 0) ? '' : ',') . $orderby; 1130 } 1131 /* append ASC or DESC at the end */ 1132 if ( !empty($q['orderby'])){ 1133 $q['orderby'] .= " {$q['order']}"; 1134 } 1135 1131 1136 if ( empty($q['orderby']) ) 1132 1137 $q['orderby'] = 'post_date '.$q['order'];
Note: See TracChangeset
for help on using the changeset viewer.