#18052 closed defect (bug) (invalid)
'category__and' does not filter invalid input by itself
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 3.2 |
| Component: | Query | Keywords: | |
| Focuses: | Cc: |
Description (last modified by )
Since WP 3.2
'category__and' does not filter invalid input when array given while using variables which may be valid integers or just anything depending on user input. E.g. a dropdown with categories to filter results. (what if no category or 'all' was selected?)
consequence: loop breaks, no results returned
example code
I`m pretty sure this worked prior to WP 3.2
$media_type = ( isset($_GET['media_type'])) ? get_category_by_slug($_GET['media_type']) : '';
$country = ( isset($_GET['country'])) ? get_category_by_slug($_GET['country']) : '';
$args = array(
'category__and' => array($media_type->term_id,$country->term_id),
'category__in' => array(8),
'paged' => $paged,
'monthnum' => $release_month,
'year'=> $release_year
);
query_posts($args);
If get_category_by_slug() cannot return an ID, it will return FALSE. So $media_type and $country are set to FALSE.
This will break the loop and return no result.
Fix
$media_type = ( isset($_GET['media_type'])) ? get_category_by_slug($_GET['media_type']) : '';
$country = ( isset($_GET['country'])) ? get_category_by_slug($_GET['country']) : '';
$paged = (get_query_var('paged')) ? get_query_var('paged') : 1;
$filter = array(
$media_type->term_id,
$country->term_id
);
// remove false, null and empty values (category__and needs clean values)
$filter = array_filter($filter);
$args = array(
'category__and' => $filter,
'category__in' => array(8),
'paged' => $paged,
'monthnum' => $release_months,
'year'=> $release_years
);
query_posts($args);
If you run the values through array_filter() first, which will remove false, empty or 0 values, it will work.
My Opinion
I think 'category__and' should take care of filtering the values instead of the developer having to wrap his head about this.
This has cost me 1,5 days headache because the change is nowhere documentated :(
Change History (7)
#4
@
15 years ago
The reason why i am pretty sure that it worked is because i am using it for a Dropdown Filter for posts where you can select "Month, Year and 2 Categories". That filter worked 100% in 3.1 before the update and the only thing i can see why it is not working now with the old code, is because of 'categoryand'. It may be possible that there is another reason but i don`t think so.
#6
@
13 years ago
- Keywords needs-patch reporter-feedback removed
- Milestone changed from Future Release to Awaiting Review
- Resolution set to invalid
- Status changed from new to closed
2 things:
1) don't use query_posts - make a new WP_Query or alter the main query using 'pre_get_posts' if absolutely necessary
2) if you pass: 'category__and' => array( 1, 2, 3, false ) - your query should fail, you should be validating your inputs
Related: #20604
Just moving this to 3.2.1 for review, WP_Tax_Query was introduced in 3.1, so checking to see if this is a 3.0 or a 3.1 regression would be helpful.