in WP_Query, sanitization breaks usage of multiple post_status values
|Reported by:||markjaquith||Owned by:||markjaquith|
Description (last modified by markjaquith)
I was trying to get WP_Query to give me all draft OR future posts by other authors, but found that it would not accept comma-separated post_status values. Turns out we're using sanitize_user() on the query values of post_status which breaks that functionality. We need to allow commas so that WP_Query can process post_status=draft,future
Switching that sanitize_user() line to a [^a-z0-9,_-] preg_replace() sanitization line allowed my WP_Query call to work as intended.
We're also doing that sanitization on post_type, but it doesn't look like the functionality to accept multiple post_type values is there (and it's certainly less useful than accepting multiple post_statuses).
Change History (10)
comment:1 @markjaquith — 7 years ago
- Description modified (diff)
- Summary changed from in WP_Query, sanitization breaks usage of multiple post_type or post_status values to in WP_Query, sanitization breaks usage of multiple post_status values
comment:2 @markjaquith — 7 years ago
- Owner changed from anonymous to markjaquith
- Status changed from new to assigned
- Milestone changed from 2.7 to 2.6.1
- Resolution fixed deleted
- Status changed from closed to reopened