Make WordPress Core

Opened 13 years ago

Closed 11 years ago

Last modified 10 years ago

#16854 closed enhancement (fixed)

wp_query does not handle multiple exclude author properly

Reported by: commentluv's profile commentluv Owned by: wonderboymusic's profile wonderboymusic
Milestone: 3.7 Priority: normal
Severity: normal Version: 3.1
Component: Query Keywords: has-patch 3.5-early
Focuses: Cc:


when making a query with $args containing

'author' => '-2,-3,-4'

line 2008 of wp-includes/query.php only uses 1 element of the array that is created from the

$q['author'] string
 $q['author'] = explode('-', $q['author']);
 $q['author'] = (string)absint($q['author'][1]);

I have attached a patch that works with 1 or more excluded authors

essentially it, implodes the array back into a string of author ID's rather than selecting only element [1] of the exploded array

$q['author'] = explode('-', $q['author']);
$q['author'] = implode('',$q['author']);

Attachments (5)

query-patch-for-multiple-exclude-authors.patch (442 bytes) - added by commentluv 13 years ago.
patch for wp-includes/query.php for wordpress version 3.1
16854.patch (1.9 KB) - added by boonebgorges 13 years ago.
16854.2.patch (3.0 KB) - added by pollett 13 years ago.
Introduce authorin and authornot_in and parse author parameter into them.
16854.diff (3.0 KB) - added by wonderboymusic 11 years ago.
16854.2.diff (7.9 KB) - added by wonderboymusic 11 years ago.

Download all attachments as: .zip

Change History (25)

13 years ago

patch for wp-includes/query.php for wordpress version 3.1

#1 @scribu
13 years ago

  • Keywords has-patch removed

That gleefully opens the door to SQL injections.

Instead of overloading the 'author' query var, I think we shold have author__in and author__not_in.

Similar: #13927

#2 @commentluv
13 years ago

yes I agree, it was a quick and dirty patch.
I did consider doing an array_walk and absint each of the id's but I figured I would wait until one of the regular wp folks would come up with a better way. and you did! (in minutes flat!) :-)

the author__in and author_not_in would make more sense, it would allow and/nots for authors
at the moment, it's " show from everyone except this one" and not able to "show from these but not these"

looking forward to see what happens with it

#3 @boonebgorges
13 years ago

  • Keywords has-patch dev-feedback added; needs-patch removed

I ran into this problem myself so I wrote up a patch. It does not add authorin and authornot_in, but it does, in effect, do those things with the 'author' param. See 16854.patch

Essentially, if you pass only '-' values to 'author', a NOT IN query is assembled. If you pass only values without an '-', you get an IN query. If you pass a mix of '-' and non-'-', the '-' values are ignored and you get an IN query (since the NOTs would be redundant anyway).

While I was refactoring, I introduced support for passing an array as well as a string.

13 years ago

#4 @Viper007Bond
13 years ago

I got caught by the comma-separated string only (no arrays allowed) issue, heh. It'd be good to introduce author__in and author__not_in and make them accept both arrays and strings -- two birds, one stone.

#5 @gingerhendrix
13 years ago

  • Cc gingerhendrix added
  • Version changed from 3.1 to 3.3

Just hoping this bug can get looked at again. It's not fixed in 3.3 beta 2. It's had a patch for 5 months, and it's definitely a significant bug - the codex even has a broken example

$query = new WP_Query( 'author=-12,-34,-56' );

The above example from the docs, is the perfect test case for this bug. More than happy to help if the patch needs updated. I've a manually patched wordpress installation for one of my clients, and I currently need to re-patch every release.

#6 @SergeyBiryukov
13 years ago

  • Version changed from 3.3 to 3.1

Version number is used to track when the bug was initially reported.

#7 @aesqe
13 years ago

duplicate: #13278

Last edited 13 years ago by aesqe (previous) (diff)

#8 @aesqe
13 years ago

  • Cc aesqe@… added

#9 @SergeyBiryukov
13 years ago

  • Milestone changed from Awaiting Review to Future Release

13 years ago

Introduce authorin and authornot_in and parse author parameter into them.

#10 @pollett
13 years ago

  • Cc pollett added

#11 @ocean90
12 years ago

Closed #20150 as a duplicate.

#12 @sc0ttkclark
12 years ago

  • Cc lol@… added

This one has been bugging me, pollett's code seems like an excellent solution. 3.5 milestone?

#13 @scribu
12 years ago

  • Keywords 3.5-early added; dev-feedback removed

#14 @scribu
12 years ago

  • Type changed from defect (bug) to enhancement

#15 @alexdunae
12 years ago

  • Cc alex@… added

#16 @tomauger
11 years ago

  • Cc tomaugerdotcom@… added

#17 @wonderboymusic
11 years ago

  • Milestone changed from Future Release to 3.7

I really dig this. I rewrote parts of the patch and refreshed others against trunk.

Allows vars like these:

get_posts( array( 'author' => '' ) );
get_posts( array( 'author' => 0 ) );
get_posts( array( 'author' => '0' ) );
get_posts( array( 'author' => 1 ) );
get_posts( array( 'author' => '1,2' ) );
get_posts( array( 'author' => '-1,2' ) );
get_posts( array( 'author' => '1,-2' ) );
get_posts( array( 'author' => '-1,-2' ) );
get_posts( array( 'author__in' => array( 1, 2 ) ) );
get_posts( array( 'author__not_in' => array( 1, 2 ) ) );
get_posts( array( 'author_name' => 'admin' ) );

#19 @wonderboymusic
11 years ago

  • Owner set to wonderboymusic
  • Resolution set to fixed
  • Status changed from new to closed

In 25248:

Introduce author__in and author__not_in query vars. Fixes issue with multiple author exclusion when comma-separated string is passed for author. Adds a bunch of missing unit tests.

Props pollett for initial patch.
Fixes #16854.

#20 @SergeyBiryukov
10 years ago

In 28800:

Add @ticket references.

see #16854, #19198.

Note: See TracTickets for help on using tickets.