From dd4f9603cb7d8724b1db6e24cfbc699c506318d6 Mon Sep 17 00:00:00 2001
From: Andrew Ozz <azaozz@git.wordpress.org>
Date: Wed, 5 Aug 2009 05:56:00 +0000
Subject: [PATCH] Sanitize $include and $exclude in the gallery shortcode

git-svn-id: https://develop.svn.wordpress.org/trunk@11776 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-includes/media.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/wp-includes/media.php b/wp-includes/media.php
index 911f4e913a..7456945e20 100644
--- a/wp-includes/media.php
+++ b/wp-includes/media.php
@@ -671,6 +671,7 @@ function gallery_shortcode($attr) {
 		$orderby = 'none';
 
 	if ( !empty($include) ) {
+		$include = preg_replace( '/[^0-9,]+/', '', $include );
 		$_attachments = get_posts( array('include' => $include, 'post_status' => 'inherit', 'post_type' => 'attachment', 'post_mime_type' => 'image', 'order' => $order, 'orderby' => $orderby) );
 
 		$attachments = array();
@@ -678,6 +679,7 @@ function gallery_shortcode($attr) {
 			$attachments[$val->ID] = $_attachments[$key];
 		}
 	} elseif ( !empty($exclude) ) {
+		$exclude = preg_replace( '/[^0-9,]+/', '', $exclude );
 		$attachments = get_children( array('post_parent' => $id, 'exclude' => $exclude, 'post_status' => 'inherit', 'post_type' => 'attachment', 'post_mime_type' => 'image', 'order' => $order, 'orderby' => $orderby) );
 	} else {
 		$attachments = get_children( array('post_parent' => $id, 'post_status' => 'inherit', 'post_type' => 'attachment', 'post_mime_type' => 'image', 'order' => $order, 'orderby' => $orderby) );