WordPress.org

Make WordPress Core

Changeset 7906


Ignore:
Timestamp:
05/08/2008 05:17:27 AM (10 years ago)
Author:
ryan
Message:

Query cleanups. Use absint, concat where instead of overwrite, make post_parent independent, sanitize postin and postnot_in. Props mdawaffe. see #6772

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/query.php

    r7905 r7906  
    516516            $this->is_robots = true;
    517517
    518         $qv['p'] =  (int) $qv['p'];
    519         $qv['page_id'] =  (int) $qv['page_id'];
    520         $qv['year'] = (int) $qv['year'];
    521         $qv['monthnum'] = (int) $qv['monthnum'];
    522         $qv['day'] = (int) $qv['day'];
    523         $qv['w'] = (int) $qv['w'];
    524         $qv['m'] =  (int) $qv['m'];
     518        $qv['p'] =  absint($qv['p']);
     519        $qv['page_id'] =  absint($qv['page_id']);
     520        $qv['year'] = absint($qv['year']);
     521        $qv['monthnum'] = absint($qv['monthnum']);
     522        $qv['day'] = absint($qv['day']);
     523        $qv['w'] = absint($qv['w']);
     524        $qv['m'] = absint($qv['m']);
    525525        $qv['cat'] = preg_replace( '|[^0-9,-]|', '', $qv['cat'] ); // comma separated list of positive or negative integers
    526         if ( '' !== $qv['hour'] ) $qv['hour'] = (int) $qv['hour'];
    527         if ( '' !== $qv['minute'] ) $qv['minute'] = (int) $qv['minute'];
    528         if ( '' !== $qv['second'] ) $qv['second'] = (int) $qv['second'];
     526        if ( '' !== $qv['hour'] ) $qv['hour'] = absint($qv['hour']);
     527        if ( '' !== $qv['minute'] ) $qv['minute'] = absint($qv['minute']);
     528        if ( '' !== $qv['second'] ) $qv['second'] = absint($qv['second']);
    529529
    530530        // Compat.  Map subpost to attachment.
     
    534534            $qv['attachment_id'] = $qv['subpost_id'];
    535535
    536         $qv['attachment_id'] = (int) $qv['attachment_id'];
     536        $qv['attachment_id'] = absint($qv['attachment_id']);
    537537
    538538        if ( ('' != $qv['attachment']) || !empty($qv['attachment_id']) ) {
     
    625625                $qv['category__in'] = array();
    626626            } else {
    627                 $qv['category__in'] = array_map('intval', $qv['category__in']);
     627                $qv['category__in'] = array_map('absint', $qv['category__in']);
    628628                $this->is_category = true;
    629629            }
     
    632632                $qv['category__not_in'] = array();
    633633            } else {
    634                 $qv['category__not_in'] = array_map('intval', $qv['category__not_in']);
     634                $qv['category__not_in'] = array_map('absint', $qv['category__not_in']);
    635635            }
    636636
     
    638638                $qv['category__and'] = array();
    639639            } else {
    640                 $qv['category__and'] = array_map('intval', $qv['category__and']);
     640                $qv['category__and'] = array_map('absint', $qv['category__and']);
    641641                $this->is_category = true;
    642642            }
     
    645645                $this->is_tag = true;
    646646
    647             $qv['tag_id'] = (int) $qv['tag_id'];
     647            $qv['tag_id'] = absint($qv['tag_id']);
    648648            if (  !empty($qv['tag_id']) )
    649649                $this->is_tag = true;
     
    652652                $qv['tag__in'] = array();
    653653            } else {
    654                 $qv['tag__in'] = array_map('intval', $qv['tag__in']);
     654                $qv['tag__in'] = array_map('absint', $qv['tag__in']);
    655655                $this->is_tag = true;
    656656            }
     
    659659                $qv['tag__not_in'] = array();
    660660            } else {
    661                 $qv['tag__not_in'] = array_map('intval', $qv['tag__not_in']);
     661                $qv['tag__not_in'] = array_map('absint', $qv['tag__not_in']);
    662662            }
    663663
     
    665665                $qv['tag__and'] = array();
    666666            } else {
    667                 $qv['tag__and'] = array_map('intval', $qv['tag__and']);
     667                $qv['tag__and'] = array_map('absint', $qv['tag__and']);
    668668                $this->is_category = true;
    669669            }
     
    872872        if (isset($q['page'])) {
    873873            $q['page'] = trim($q['page'], '/');
    874             $q['page'] = (int) $q['page'];
    875             $q['page'] = abs($q['page']);
     874            $q['page'] = absint($q['page']);
    876875        }
    877876
     
    950949
    951950        if ( intval($q['comments_popup']) )
    952             $q['p'] = intval($q['comments_popup']);
     951            $q['p'] = absint($q['comments_popup']);
    953952
    954953        // If an attachment is requested by number, let it supercede any post number.
    955954        if ( $q['attachment_id'] )
    956             $q['p'] = $q['attachment_id'];
     955            $q['p'] = absint($q['attachment_id']);
    957956
    958957        // If a post number is specified, load that post
    959         if ( $q['p'] )
    960             $where = " AND {$wpdb->posts}.ID = " . $q['p'];
    961         elseif ( $q['post_parent'] )
    962             $where = $wpdb->prepare("AND $wpdb->posts.post_parent = %d ", $q['post_parent']);
    963         elseif ( $q['post__in'] ) {
    964             $post__in = "'" . implode("', '", $q['post__in']) . "'";
    965             $where = " AND {$wpdb->posts}.ID IN ($post__in)";
     958        if ( $q['p'] ) {
     959            $where .= " AND {$wpdb->posts}.ID = " . $q['p'];
     960        } elseif ( $q['post__in'] ) {
     961            $post__in = implode(',', array_map( 'absint', $q['post__in'] ));
     962            $where .= " AND {$wpdb->posts}.ID IN ($post__in)";
    966963        } elseif ( $q['post__not_in'] ) {
    967             $post__not_in = "'" . implode("', '", $q['post__not_in']) . "'";
    968             $where = " AND {$wpdb->posts}.ID NOT IN ($post__not_in)";
    969         }
     964            $post__not_in = implode(',',  array_map( 'absint', $q['post__not_in'] ));
     965            $where .= " AND {$wpdb->posts}.ID NOT IN ($post__not_in)";
     966        }
     967
     968        if ( $q['post_parent'] )
     969            $where .= $wpdb->prepare( " AND $wpdb->posts.post_parent = %d ", $q['post_parent'] );
    970970
    971971        if ( $q['page_id'] ) {
     
    12081208                $andor = 'AND';
    12091209                $q['author'] = explode('-', $q['author']);
    1210                 $q['author'] = ''.intval($q['author'][1]);
     1210                $q['author'] = '' . absint($q['author'][1]);
    12111211            } else {
    12121212                $eq = '=';
     
    12141214            }
    12151215            $author_array = preg_split('/[,\s]+/', $q['author']);
    1216             $whichauthor .= " AND ($wpdb->posts.post_author ".$eq.' '.intval($author_array[0]);
     1216            $whichauthor .= " AND ($wpdb->posts.post_author ".$eq.' '.absint($author_array[0]);
    12171217            for ($i = 1; $i < (count($author_array)); $i = $i + 1) {
    1218                 $whichauthor .= ' '.$andor." $wpdb->posts.post_author ".$eq.' '.intval($author_array[$i]);
     1218                $whichauthor .= ' '.$andor." $wpdb->posts.post_author ".$eq.' '.absint($author_array[$i]);
    12191219            }
    12201220            $whichauthor .= ')';
     
    12341234            $q['author_name'] = sanitize_title($q['author_name']);
    12351235            $q['author'] = $wpdb->get_var("SELECT ID FROM $wpdb->users WHERE user_nicename='".$q['author_name']."'");
    1236             $whichauthor .= " AND ($wpdb->posts.post_author = ".intval($q['author']).')';
     1236            $whichauthor .= " AND ($wpdb->posts.post_author = ".absint($q['author']).')';
    12371237        }
    12381238
     
    13741374            if ( empty($q['offset']) ) {
    13751375                $pgstrt = '';
    1376                 $pgstrt = (intval($page) -1) * $q['posts_per_page'] . ', ';
     1376                $pgstrt = ($page - 1) * $q['posts_per_page'] . ', ';
    13771377                $limits = 'LIMIT '.$pgstrt.$q['posts_per_page'];
    13781378            } else { // we're ignoring $page and using 'offset'
Note: See TracChangeset for help on using the changeset viewer.