vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-06-28 22:30:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Query: Validate relation in WP_Date_Query.

Browse Source 
Props dd32, johnjamesjacoby, martinkrcho, ehtis, paulkevan, peterwilsoncc.


git-svn-id: https://develop.svn.wordpress.org/trunk@54530 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Jb Audras
2022-10-17 11:47:41 +00:00
parent 3765886b49
commit d815d2e8b2
3 changed files with 224 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/wp-includes/class-wp-date-query.php
View File

@@ -150,8 +150,8 @@ class WP_Date_Query {
return;
}
if ( isset( $date_query['relation'] ) && 'OR' === strtoupper( $date_query['relation'] ) ) {
$this->relation = 'OR';
if ( isset( $date_query['relation'] ) ) {
$this->relation = $this->sanitize_relation( $date_query['relation'] );
} else {
$this->relation = 'AND';
}
@@ -220,6 +220,9 @@ class WP_Date_Query {
$this->validate_date_values( $queries );
}
// Sanitize the relation parameter.
$queries['relation'] = $this->sanitize_relation( $queries['relation'] );
foreach ( $queries as $key => $q ) {
if ( ! is_array( $q ) || in_array( $key, $this->time_keys, true ) ) {
// This is a first-order query. Trust the values and sanitize when building SQL.
@@ -1041,4 +1044,20 @@ class WP_Date_Query {
return $wpdb->prepare( "DATE_FORMAT( $column, %s ) $compare %f", $format, $time );
}
/**
* Sanitizes a 'relation' operator.
*
* @since 6.0.3
*
* @param string $relation Raw relation key from the query argument.
* @return string Sanitized relation ('AND' or 'OR').
*/
public function sanitize_relation( $relation ) {
if ( 'OR' === strtoupper( $relation ) ) {
return 'OR';
} else {
return 'AND';
}
}
}