[Code Review] An array should not be directly put into a string

[kamiyeye]

Description

In latest wordpress 2.8 nightly build, file wp-includes/link-template.php, function get_boundary_post, from line 1037 to 1041

$categories = array_merge($cat_array, $excluded_categories);

$order = $start ? 'ASC' : 'DESC';

return get_posts("numberposts=1&order=$order&orderby=ID&category=$categories");

As you see, $categories is an array, it should not be used in this way, which will cause a string "Array" in php, am i right?

P/S

I noticed these codes are part of 2.8 new feature "display adjacent relational links in the head" - Ticket #8703, thus determine Severity to be major. If it doesn't meet your bug evaluation principle, feel free to point it.

[dd32]

Core shouldn't be using the string notation anyway.. It should be passing an array for this exact reason.

I'll make up a patch in an hour if no-one else is making one.

[dd32]

attachment 10047.diff added

• Changes the code mentioned to use array notation
• Changes a XMLRPC call to array notation as well (Changed it earlier.. not because it was buggy though)

For anyone elses reference, Heres a quick regex to pull up the locations where the string notation is used:

\w+\(\s*["'][a-z0-9]+=

[ryan]

(In [11528]) Use array instead of query string notation. Prop dd32, kamiyeye. fixes #10047

[westonruter]

In 62041:

Docs: Indicate that get_posts() can take a query string in addition to an array of query vars.

A string is supported by virtue of wp_parse_args() being used on the supplied arguments. While a string is not currently passed to get_posts() in core, a significant number of plugins are doing so. So in addition to documenting actual ecosystem usage, this also adds a test to ensure that supplying a query string continues to be supported in the future.

Developed in ​https://github.com/WordPress/wordpress-develop/pull/11179

Follow-up to r11528.

Props rodrigosprimo, westonruter, shailu25, mukesh27.
See #64224, #10047.
Fixes #64813.