Sanitize sort_column and sort_order in get_pages(). Escape search_term in WP_User_Search. Cast blog_id to int in get_blog_prefix(). Props duck_

git-svn-id: http://svn.automattic.com/wordpress/trunk@18350 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2011-06-27 20:47:04 +00:00
parent 06fd2002c5
commit 08b6aa116e
3 changed files with 41 additions and 3 deletions

View File

@ -454,7 +454,7 @@ class WP_User_Search {
function WP_User_Search ($search_term = '', $page = '', $role = '') { function WP_User_Search ($search_term = '', $page = '', $role = '') {
_deprecated_function( __FUNCTION__, '3.1', 'WP_User_Query' ); _deprecated_function( __FUNCTION__, '3.1', 'WP_User_Query' );
$this->search_term = $search_term; $this->search_term = stripslashes( $search_term );
$this->raw_page = ( '' == $page ) ? false : (int) $page; $this->raw_page = ( '' == $page ) ? false : (int) $page;
$this->page = (int) ( '' == $page ) ? 1 : $page; $this->page = (int) ( '' == $page ) ? 1 : $page;
$this->role = $role; $this->role = $role;
@ -485,7 +485,7 @@ class WP_User_Search {
$searches = array(); $searches = array();
$search_sql = 'AND ('; $search_sql = 'AND (';
foreach ( array('user_login', 'user_nicename', 'user_email', 'user_url', 'display_name') as $col ) foreach ( array('user_login', 'user_nicename', 'user_email', 'user_url', 'display_name') as $col )
$searches[] = $col . " LIKE '%$this->search_term%'"; $searches[] = $wpdb->prepare( $col . ' LIKE %s', '%' . like_escape($this->search_term) . '%' );
$search_sql .= implode(' OR ', $searches); $search_sql .= implode(' OR ', $searches);
$search_sql .= ')'; $search_sql .= ')';
} }
@ -700,4 +700,4 @@ function get_others_pending($user_id) {
function wp_dashboard_quick_press_output() { function wp_dashboard_quick_press_output() {
_deprecated_function( __FUNCTION__, '3.2', 'wp_dashboard_quick_press()' ); _deprecated_function( __FUNCTION__, '3.2', 'wp_dashboard_quick_press()' );
wp_dashboard_quick_press(); wp_dashboard_quick_press();
} }

View File

@ -3448,6 +3448,43 @@ function &get_pages($args = '') {
$where_post_type = $wpdb->prepare( "post_type = %s AND post_status IN ('$post_status')", $post_type ); $where_post_type = $wpdb->prepare( "post_type = %s AND post_status IN ('$post_status')", $post_type );
} }
$orderby_array = array();
$allowed_keys = array('author', 'post_author', 'date', 'post_date', 'title', 'post_title', 'modified',
'post_modified', 'modified_gmt', 'post_modified_gmt', 'menu_order', 'parent', 'post_parent',
'ID', 'rand', 'comment_count');
foreach ( explode( ',', $sort_column ) as $orderby ) {
$orderby = trim( $orderby );
if ( !in_array( $orderby, $allowed_keys ) )
continue;
switch ( $orderby ) {
case 'menu_order':
break;
case 'ID':
$orderby = "$wpdb->posts.ID";
break;
case 'rand':
$orderby = 'RAND()';
break;
case 'comment_count':
$orderby = "$wpdb->posts.comment_count";
break;
default:
if ( 0 === strpos( $orderby, 'post_' ) )
$orderby = "$wpdb->posts." . $orderby;
else
$orderby = "$wpdb->posts.post_" . $orderby;
}
$orderby_array[] = $orderby;
}
$sort_column = ! empty( $orderby_array ) ? implode( ',', $orderby_array ) : "$wpdb->posts.post_title";
$sort_order = strtoupper( $sort_order );
if ( '' !== $sort_order && !in_array( $sort_order, array( 'ASC', 'DESC' ) ) )
$sort_order = 'ASC';
$query = "SELECT * FROM $wpdb->posts $join WHERE ($where_post_type) $where "; $query = "SELECT * FROM $wpdb->posts $join WHERE ($where_post_type) $where ";
$query .= $author_query; $query .= $author_query;
$query .= " ORDER BY " . $sort_column . " " . $sort_order ; $query .= " ORDER BY " . $sort_column . " " . $sort_order ;

View File

@ -626,6 +626,7 @@ class wpdb {
if ( is_multisite() ) { if ( is_multisite() ) {
if ( null === $blog_id ) if ( null === $blog_id )
$blog_id = $this->blogid; $blog_id = $this->blogid;
$blog_id = (int) $blog_id;
if ( defined( 'MULTISITE' ) && ( 0 == $blog_id || 1 == $blog_id ) ) if ( defined( 'MULTISITE' ) && ( 0 == $blog_id || 1 == $blog_id ) )
return $this->base_prefix; return $this->base_prefix;
else else