Improper value sanitization in WP_Date_Query::build_value() can lead to incorrect results

[boonebgorges]

WP_Date_Query::build_value() sanitizes the $value param for two purposes: (1) for safe use in SQL queries, and (2) to make sure that the values provided make sense with the $compare operator. However, the reliance on intval() means that the following cases arise:

• With compare IN and NOT IN, values like 'foo' turn into (0) while 'foo1' turns into (1)
• With compare BETWEEN and NOT BETWEEN, a singleton array as the $value will be sanitized down to 1, leading to clauses like BETWEEN 1 AND 1

In each of these cases, the query might end up returning unexpected results. I suggest returning false out of build_query() when an invalid value is passed. The attached patch does this using is_numeric().

A related issue that I've also addressed in the patch: for BETWEEN and NOT BETWEEN, passing a two-membered array like array( 2 => 5, 3 => 6 ) would result in the query failing, because the parser is expected array keys 0 and 1. I suggest that in cases where two numeric values are passed, we use them, regardless of the keys.

[boonebgorges]

Commit message seems to have missed this. Fixed in r29797.