WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

#21827 closed enhancement (fixed)

Use wp_parse_id_list() in gallery_shortcode()

Reported by: SergeyBiryukov Owned by: nacin
Milestone: 3.5 Priority: low
Severity: normal Version: 3.0
Component: Media Keywords: has-patch commit
Focuses: Cc:

Description

In gallery_shortcode(), a regex is used to sanitize a list of IDs in 'include' and 'exclude' parameters.

We have a special function for that:
http://core.trac.wordpress.org/browser/tags/3.4.2/wp-includes/functions.php#L2345

Attachments (2)

21827.patch (1.2 KB) - added by SergeyBiryukov 3 years ago.
21827.2.patch (1.1 KB) - added by SergeyBiryukov 3 years ago.

Download all attachments as: .zip

Change History (6)

@SergeyBiryukov3 years ago

comment:1 @scribu3 years ago

  • Keywords commit added
  • Milestone changed from Awaiting Review to 3.5
  • Priority changed from normal to low

comment:2 @TobiasBg3 years ago

wp_parse_id_list() is already applied to the 'include' parameter in get_posts(), after the patch it would be done twice...

Never mind, it's only done to be able to count the number of posts. It's not actually changing the 'include' parameter.

Version 3, edited 3 years ago by TobiasBg (previous) (next) (diff)

@SergeyBiryukov3 years ago

comment:3 @SergeyBiryukov3 years ago

Indeed: http://core.trac.wordpress.org/browser/tags/3.4.2/wp-includes/post.php#L1450

Thanks! So the sanitization in gallery_shortcode() is not necessary at all.

comment:4 @nacin3 years ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In [21833]:

Don't sanitize include and exclude in gallery_shortcode(), as this is handled further down the stack, and better. props SergeyBiryukov, TobiasBg. fixes #21827.

Note: See TracTickets for help on using tickets.