vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-06-28 22:30:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix gallery shortcode orderby param for all SQL setups. Sanitize orderby. fixes #6476 for trunk

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@7592 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Mark Jaquith
2008-04-03 03:05:49 +00:00
parent ecc7ec153a
commit ba4dab3cd6
3 changed files with 23 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
wp-includes/formatting.php
View File

@@ -366,6 +366,15 @@ function sanitize_title_with_dashes($title) {
return $title;
}
// ensures a string is a valid SQL order by clause like: post_name ASC, ID DESC
// accepts one or more columns, with or without ASC/DESC, and also accepts RAND()
function sanitize_sql_orderby( $orderby ){
preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);
if ( !$obmatches )
return false;
return $orderby;
}
function convert_chars($content, $deprecated = '') {
// Translation of invalid Unicode references range to valid range
$wp_htmltranswinuni = array(