Changeset 7593 for branches/2.5/wp-includes/formatting.php

Timestamp:

04/03/2008 03:06:01 AM (18 years ago)

Author:

markjaquith

Message:

Fix gallery shortcode orderby param for all SQL setups. Sanitize orderby. fixes #6476 for 2.5.1

File:

• branches/2.5/wp-includes/formatting.php (modified) (1 diff)

branches/2.5/wp-includes/formatting.php

@@ -365 +365 @@
 
     return $title;
+}
+
+// ensures a string is a valid SQL order by clause like: post_name ASC, ID DESC
+// accepts one or more columns, with or without ASC/DESC, and also accepts RAND()
+function sanitize_sql_orderby( $orderby ){
+    preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);
+    if ( !$obmatches )
+        return false;
+    return $orderby;
 }