Don't pollute orderby query var. Props scribu. fixes #16844

git-svn-id: http://svn.automattic.com/wordpress/trunk@17653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2011-04-18 21:27:13 +00:00
parent 746bb77bf3
commit 2053dcca12
1 changed files with 10 additions and 14 deletions

View File

@ -2291,9 +2291,9 @@ class WP_Query {
// Order by // Order by
if ( empty($q['orderby']) ) { if ( empty($q['orderby']) ) {
$q['orderby'] = "$wpdb->posts.post_date " . $q['order']; $orderby = "$wpdb->posts.post_date " . $q['order'];
} elseif ( 'none' == $q['orderby'] ) { } elseif ( 'none' == $q['orderby'] ) {
$q['orderby'] = ''; $orderby = '';
} else { } else {
// Used to filter values // Used to filter values
$allowed_keys = array('author', 'date', 'title', 'modified', 'menu_order', 'parent', 'ID', 'rand', 'comment_count'); $allowed_keys = array('author', 'date', 'title', 'modified', 'menu_order', 'parent', 'ID', 'rand', 'comment_count');
@ -2304,10 +2304,9 @@ class WP_Query {
} }
$q['orderby'] = urldecode($q['orderby']); $q['orderby'] = urldecode($q['orderby']);
$q['orderby'] = addslashes_gpc($q['orderby']); $q['orderby'] = addslashes_gpc($q['orderby']);
$orderby_array = explode(' ', $q['orderby']);
$q['orderby'] = '';
foreach ( $orderby_array as $i => $orderby ) { $orderby_array = array();
foreach ( explode( ' ', $q['orderby'] ) as $i => $orderby ) {
// Only allow certain values for safety // Only allow certain values for safety
if ( ! in_array($orderby, $allowed_keys) ) if ( ! in_array($orderby, $allowed_keys) )
continue; continue;
@ -2335,15 +2334,14 @@ class WP_Query {
$orderby = "$wpdb->posts.post_" . $orderby; $orderby = "$wpdb->posts.post_" . $orderby;
} }
$q['orderby'] .= (($i == 0) ? '' : ',') . $orderby; $orderby_array[] = $orderby;
} }
$orderby = implode( ',', $orderby_array );
// append ASC or DESC at the end if ( empty( $orderby ) )
if ( !empty($q['orderby'])) $orderby = "$wpdb->posts.post_date ".$q['order'];
$q['orderby'] .= " {$q['order']}"; else
$orderby .= " {$q['order']}";
if ( empty($q['orderby']) )
$q['orderby'] = "$wpdb->posts.post_date ".$q['order'];
} }
if ( is_array( $post_type ) ) { if ( is_array( $post_type ) ) {
@ -2542,8 +2540,6 @@ class WP_Query {
$where = "AND 0"; $where = "AND 0";
} }
$orderby = $q['orderby'];
$pieces = array( 'where', 'groupby', 'join', 'orderby', 'distinct', 'fields', 'limits' ); $pieces = array( 'where', 'groupby', 'join', 'orderby', 'distinct', 'fields', 'limits' );
// Apply post-paging filters on where and join. Only plugins that // Apply post-paging filters on where and join. Only plugins that