WordPress.org

Make WordPress Core

#21827 closed enhancement (fixed)

Use wp_parse_id_list() in gallery_shortcode()

Reported by: SergeyBiryukov Owned by: nacin
Milestone: 3.5 Priority: low
Severity: normal Version: 3.0
Component: Media Keywords: has-patch commit
Focuses: Cc:

Description

In gallery_shortcode(), a regex is used to sanitize a list of IDs in 'include' and 'exclude' parameters.

We have a special function for that:
http://core.trac.wordpress.org/browser/tags/3.4.2/wp-includes/functions.php#L2345

Attachments (2)

21827.patch (1.2 KB) - added by SergeyBiryukov 20 months ago.
21827.2.patch (1.1 KB) - added by SergeyBiryukov 20 months ago.

Download all attachments as: .zip

Change History (6)

SergeyBiryukov20 months ago

comment:1 scribu20 months ago

  • Keywords commit added
  • Milestone changed from Awaiting Review to 3.5
  • Priority changed from normal to low

comment:2 TobiasBg20 months ago

wp_parse_id_list() is already applied to the 'include' parameter in get_posts(), after the patch it would be done twice...

Never mind, it's only done to be able to count the number of posts. It's not actually changing the 'include' parameter.

Version 3, edited 20 months ago by TobiasBg (previous) (next) (diff)

SergeyBiryukov20 months ago

comment:3 SergeyBiryukov20 months ago

Indeed: http://core.trac.wordpress.org/browser/tags/3.4.2/wp-includes/post.php#L1450

Thanks! So the sanitization in gallery_shortcode() is not necessary at all.

comment:4 nacin19 months ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In [21833]:

Don't sanitize include and exclude in gallery_shortcode(), as this is handled further down the stack, and better. props SergeyBiryukov, TobiasBg. fixes #21827.

Note: See TracTickets for help on using tickets.