From bb7af108f577a3fd6019e789e6a56deb301f61ab Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Mon, 27 Jun 2011 15:45:12 +0000
Subject: [PATCH] Sanitize order and orderby in get_terms()

git-svn-id: https://develop.svn.wordpress.org/trunk@18344 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-includes/taxonomy.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/wp-includes/taxonomy.php b/wp-includes/taxonomy.php
index 9cda49581e..dee7af8b64 100644
--- a/wp-includes/taxonomy.php
+++ b/wp-includes/taxonomy.php
@@ -1229,6 +1229,8 @@ function &get_terms($taxonomies, $args = '') {
 		$orderby = '';
 	elseif ( empty($_orderby) || 'id' == $_orderby )
 		$orderby = 't.term_id';
+	else
+		$orderby = 't.name';
 
 	$orderby = apply_filters( 'get_terms_orderby', $orderby, $args );
 
@@ -1237,6 +1239,10 @@ function &get_terms($taxonomies, $args = '') {
 	else
 		$order = '';
 
+	$order = strtoupper( $order );
+	if ( '' !== $order && !in_array( $order, array( 'ASC', 'DESC' ) ) )
+		$order = 'ASC';
+
 	$where = "tt.taxonomy IN ('" . implode("', '", $taxonomies) . "')";
 	$inclusions = '';
 	if ( !empty($include) ) {