Make WordPress Core

Opened 9 years ago

Closed 9 years ago

#21827 closed enhancement (fixed)

Use wp_parse_id_list() in gallery_shortcode()

Reported by: SergeyBiryukov Owned by: nacin
Milestone: 3.5 Priority: low
Severity: normal Version: 3.0
Component: Media Keywords: has-patch commit
Focuses: Cc:


In gallery_shortcode(), a regex is used to sanitize a list of IDs in 'include' and 'exclude' parameters.

We have a special function for that:

Attachments (2)

21827.patch (1.2 KB) - added by SergeyBiryukov 9 years ago.
21827.2.patch (1.1 KB) - added by SergeyBiryukov 9 years ago.

Download all attachments as: .zip

Change History (6)

#1 @scribu
9 years ago

  • Keywords commit added
  • Milestone changed from Awaiting Review to 3.5
  • Priority changed from normal to low

#2 @TobiasBg
9 years ago

wp_parse_id_list() is already applied to the 'include' parameter in get_posts(), after the patch it would be done twice...

Never mind, it's only done to be able to count the number of posts. It's not actually changing the 'include' parameter.

Wrong again... The 'include' parameter is being mapped to 'post__in', with wp_parse_id_list() applied, and then not used again. Thus, with the patch from above, wp_parse_id_list() would be applied twice here.

Last edited 9 years ago by TobiasBg (previous) (diff)

#3 @SergeyBiryukov
9 years ago

Indeed: http://core.trac.wordpress.org/browser/tags/3.4.2/wp-includes/post.php#L1450

Thanks! So the sanitization in gallery_shortcode() is not necessary at all.

#4 @nacin
9 years ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In [21833]:

Don't sanitize include and exclude in gallery_shortcode(), as this is handled further down the stack, and better. props SergeyBiryukov, TobiasBg. fixes #21827.

Note: See TracTickets for help on using tickets.