Sanitize order and orderby in get_bookmarks()
git-svn-id: http://svn.automattic.com/wordpress/trunk@18345 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan
parent
581402ae2f
commit
2010842d10
|
|
@ -213,22 +213,32 @@ function get_bookmarks($args = '') {
|
||||||
|
|
||||||
$orderby = strtolower($orderby);
|
$orderby = strtolower($orderby);
|
||||||
$length = '';
|
$length = '';
|
||||||
switch ($orderby) {
|
switch ( $orderby ) {
|
||||||
case 'length':
|
case 'length':
|
||||||
$length = ", CHAR_LENGTH(link_name) AS length";
|
$length = ", CHAR_LENGTH(link_name) AS length";
|
||||||
break;
|
break;
|
||||||
case 'rand':
|
case 'rand':
|
||||||
$orderby = 'rand()';
|
$orderby = 'rand()';
|
||||||
break;
|
break;
|
||||||
|
case 'link_id':
|
||||||
|
$orderby = "$wpdb->links.link_id";
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
$orderparams = array();
|
$orderparams = array();
|
||||||
foreach ( explode(',', $orderby) as $ordparam )
|
foreach ( explode(',', $orderby) as $ordparam ) {
|
||||||
$orderparams[] = 'link_' . trim($ordparam);
|
$ordparam = trim($ordparam);
|
||||||
|
if ( in_array( $ordparam, array( 'name', 'url', 'visible', 'rating', 'owner', 'updated' ) ) )
|
||||||
|
$orderparams[] = 'link_' . $ordparam;
|
||||||
|
}
|
||||||
$orderby = implode(',', $orderparams);
|
$orderby = implode(',', $orderparams);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( 'link_id' == $orderby )
|
if ( empty( $orderby ) )
|
||||||
$orderby = "$wpdb->links.link_id";
|
$orderby = 'link_name';
|
||||||
|
|
||||||
|
$order = strtoupper( $order );
|
||||||
|
if ( '' !== $order && !in_array( $order, array( 'ASC', 'DESC' ) ) )
|
||||||
|
$order = 'ASC';
|
||||||
|
|
||||||
$visible = '';
|
$visible = '';
|
||||||
if ( $hide_invisible )
|
if ( $hide_invisible )
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue