Changeset 6760
- Timestamp:
- 02/08/2008 07:50:10 PM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/query.php
r6740 r6760 1151 1151 } else { 1152 1152 // Used to filter values 1153 $allowed_keys = array('author', 'date', 'category', 'title', 'modified', 'menu_order', 'parent', 'ID' );1153 $allowed_keys = array('author', 'date', 'category', 'title', 'modified', 'menu_order', 'parent', 'ID', 'rand'); 1154 1154 $q['orderby'] = urldecode($q['orderby']); 1155 1155 $q['orderby'] = addslashes_gpc($q['orderby']); … … 1161 1161 // Only allow certain values for safety 1162 1162 $orderby = $orderby_array[$i]; 1163 if ( !('menu_order' == $orderby || 'ID' == $orderby )) 1164 $orderby = 'post_' . $orderby; 1163 switch ($orderby) { 1164 case 'menu_order': 1165 case 'ID': 1166 break; 1167 case 'rand': 1168 $orderby = 'RAND()'; 1169 break; 1170 default: 1171 $orderby = 'post_' . $orderby; 1172 } 1165 1173 if ( in_array($orderby_array[$i], $allowed_keys) ) 1166 1174 $q['orderby'] .= (($i == 0) ? '' : ',') . $orderby;
Note: See TracChangeset
for help on using the changeset viewer.