WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 8 months ago

#16854 closed enhancement (fixed)

wp_query does not handle multiple exclude author properly

Reported by: commentluv Owned by: wonderboymusic
Milestone: 3.7 Priority: normal
Severity: normal Version: 3.1
Component: Query Keywords: has-patch 3.5-early
Focuses: Cc:

Description

when making a query with $args containing

'author' => '-2,-3,-4'

line 2008 of wp-includes/query.php only uses 1 element of the array that is created from the

$q['author'] string
 $q['author'] = explode('-', $q['author']);
 $q['author'] = (string)absint($q['author'][1]);

I have attached a patch that works with 1 or more excluded authors

essentially it, implodes the array back into a string of author ID's rather than selecting only element [1] of the exploded array

$q['author'] = explode('-', $q['author']);
$q['author'] = implode('',$q['author']);

Attachments (5)

query-patch-for-multiple-exclude-authors.patch (442 bytes) - added by commentluv 3 years ago.
patch for wp-includes/query.php for wordpress version 3.1
16854.patch (1.9 KB) - added by boonebgorges 3 years ago.
16854.2.patch (3.0 KB) - added by pollett 2 years ago.
Introduce authorin and authornot_in and parse author parameter into them.
16854.diff (3.0 KB) - added by wonderboymusic 8 months ago.
16854.2.diff (7.9 KB) - added by wonderboymusic 8 months ago.

Download all attachments as: .zip

Change History (24)

commentluv3 years ago

patch for wp-includes/query.php for wordpress version 3.1

comment:1 scribu3 years ago

  • Keywords has-patch removed

That gleefully opens the door to SQL injections.

Instead of overloading the 'author' query var, I think we shold have author__in and author__not_in.

Similar: #13927

comment:2 commentluv3 years ago

yes I agree, it was a quick and dirty patch.
I did consider doing an array_walk and absint each of the id's but I figured I would wait until one of the regular wp folks would come up with a better way. and you did! (in minutes flat!) :-)

the author__in and author_not_in would make more sense, it would allow and/nots for authors
at the moment, it's " show from everyone except this one" and not able to "show from these but not these"

looking forward to see what happens with it

comment:3 boonebgorges3 years ago

  • Keywords has-patch dev-feedback added; needs-patch removed

I ran into this problem myself so I wrote up a patch. It does not add authorin and authornot_in, but it does, in effect, do those things with the 'author' param. See 16854.patch

Essentially, if you pass only '-' values to 'author', a NOT IN query is assembled. If you pass only values without an '-', you get an IN query. If you pass a mix of '-' and non-'-', the '-' values are ignored and you get an IN query (since the NOTs would be redundant anyway).

While I was refactoring, I introduced support for passing an array as well as a string.

boonebgorges3 years ago

comment:4 Viper007Bond3 years ago

I got caught by the comma-separated string only (no arrays allowed) issue, heh. It'd be good to introduce author__in and author__not_in and make them accept both arrays and strings -- two birds, one stone.

comment:5 gingerhendrix2 years ago

  • Cc gingerhendrix added
  • Version changed from 3.1 to 3.3

Just hoping this bug can get looked at again. It's not fixed in 3.3 beta 2. It's had a patch for 5 months, and it's definitely a significant bug - the codex even has a broken example

http://codex.wordpress.org/Class_Reference/WP_Query#Author_Parameters

$query = new WP_Query( 'author=-12,-34,-56' );

The above example from the docs, is the perfect test case for this bug. More than happy to help if the patch needs updated. I've a manually patched wordpress installation for one of my clients, and I currently need to re-patch every release.

comment:6 SergeyBiryukov2 years ago

  • Version changed from 3.3 to 3.1

Version number is used to track when the bug was initially reported.

comment:7 aesqe2 years ago

duplicate: #13278

Last edited 2 years ago by aesqe (previous) (diff)

comment:8 aesqe2 years ago

  • Cc aesqe@… added

comment:9 SergeyBiryukov2 years ago

  • Milestone changed from Awaiting Review to Future Release

pollett2 years ago

Introduce authorin and authornot_in and parse author parameter into them.

comment:10 pollett2 years ago

  • Cc pollett added

comment:11 ocean902 years ago

Closed #20150 as a duplicate.

comment:12 sc0ttkclark2 years ago

  • Cc lol@… added

This one has been bugging me, pollett's code seems like an excellent solution. 3.5 milestone?

comment:13 scribu2 years ago

  • Keywords 3.5-early added; dev-feedback removed

comment:14 scribu2 years ago

  • Type changed from defect (bug) to enhancement

comment:15 alexdunae18 months ago

  • Cc alex@… added

comment:16 tomauger12 months ago

  • Cc tomaugerdotcom@… added

wonderboymusic8 months ago

comment:17 wonderboymusic8 months ago

  • Milestone changed from Future Release to 3.7

I really dig this. I rewrote parts of the patch and refreshed others against trunk.

Allows vars like these:

get_posts( array( 'author' => '' ) );
get_posts( array( 'author' => 0 ) );
get_posts( array( 'author' => '0' ) );
get_posts( array( 'author' => 1 ) );
get_posts( array( 'author' => '1,2' ) );
get_posts( array( 'author' => '-1,2' ) );
get_posts( array( 'author' => '1,-2' ) );
get_posts( array( 'author' => '-1,-2' ) );
get_posts( array( 'author__in' => array( 1, 2 ) ) );
get_posts( array( 'author__not_in' => array( 1, 2 ) ) );
get_posts( array( 'author_name' => 'admin' ) );
exit();

wonderboymusic8 months ago

comment:19 wonderboymusic8 months ago

  • Owner set to wonderboymusic
  • Resolution set to fixed
  • Status changed from new to closed

In 25248:

Introduce author__in and author__not_in query vars. Fixes issue with multiple author exclusion when comma-separated string is passed for author. Adds a bunch of missing unit tests.

Props pollett for initial patch.
Fixes #16854.

Note: See TracTickets for help on using tickets.