Make WordPress Core

Opened 12 years ago

Closed 12 years ago

#21827 closed enhancement (fixed)

Use wp_parse_id_list() in gallery_shortcode()

Reported by: sergeybiryukov's profile SergeyBiryukov Owned by: nacin's profile nacin
Milestone: 3.5 Priority: low
Severity: normal Version: 3.0
Component: Media Keywords: has-patch commit
Focuses: Cc:

Description

In gallery_shortcode(), a regex is used to sanitize a list of IDs in 'include' and 'exclude' parameters.

We have a special function for that:
http://core.trac.wordpress.org/browser/tags/3.4.2/wp-includes/functions.php#L2345

Attachments (2)

21827.patch (1.2 KB) - added by SergeyBiryukov 12 years ago.
21827.2.patch (1.1 KB) - added by SergeyBiryukov 12 years ago.

Download all attachments as: .zip

Change History (6)

#1 @scribu
12 years ago

  • Keywords commit added
  • Milestone changed from Awaiting Review to 3.5
  • Priority changed from normal to low

#2 @TobiasBg
12 years ago

wp_parse_id_list() is already applied to the 'include' parameter in get_posts(), after the patch it would be done twice...

Never mind, it's only done to be able to count the number of posts. It's not actually changing the 'include' parameter.

Wrong again... The 'include' parameter is being mapped to 'post__in', with wp_parse_id_list() applied, and then not used again. Thus, with the patch from above, wp_parse_id_list() would be applied twice here.

Last edited 12 years ago by TobiasBg (previous) (diff)

#3 @SergeyBiryukov
12 years ago

Indeed: http://core.trac.wordpress.org/browser/tags/3.4.2/wp-includes/post.php#L1450

Thanks! So the sanitization in gallery_shortcode() is not necessary at all.

#4 @nacin
12 years ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In [21833]:

Don't sanitize include and exclude in gallery_shortcode(), as this is handled further down the stack, and better. props SergeyBiryukov, TobiasBg. fixes #21827.

Note: See TracTickets for help on using tickets.