Don't pollute orderby query var. Props scribu. fixes #16844
git-svn-id: http://svn.automattic.com/wordpress/trunk@17653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
746bb77bf3
commit
2053dcca12
|
@ -2291,9 +2291,9 @@ class WP_Query {
|
||||||
|
|
||||||
// Order by
|
// Order by
|
||||||
if ( empty($q['orderby']) ) {
|
if ( empty($q['orderby']) ) {
|
||||||
$q['orderby'] = "$wpdb->posts.post_date " . $q['order'];
|
$orderby = "$wpdb->posts.post_date " . $q['order'];
|
||||||
} elseif ( 'none' == $q['orderby'] ) {
|
} elseif ( 'none' == $q['orderby'] ) {
|
||||||
$q['orderby'] = '';
|
$orderby = '';
|
||||||
} else {
|
} else {
|
||||||
// Used to filter values
|
// Used to filter values
|
||||||
$allowed_keys = array('author', 'date', 'title', 'modified', 'menu_order', 'parent', 'ID', 'rand', 'comment_count');
|
$allowed_keys = array('author', 'date', 'title', 'modified', 'menu_order', 'parent', 'ID', 'rand', 'comment_count');
|
||||||
|
@ -2304,10 +2304,9 @@ class WP_Query {
|
||||||
}
|
}
|
||||||
$q['orderby'] = urldecode($q['orderby']);
|
$q['orderby'] = urldecode($q['orderby']);
|
||||||
$q['orderby'] = addslashes_gpc($q['orderby']);
|
$q['orderby'] = addslashes_gpc($q['orderby']);
|
||||||
$orderby_array = explode(' ', $q['orderby']);
|
|
||||||
$q['orderby'] = '';
|
|
||||||
|
|
||||||
foreach ( $orderby_array as $i => $orderby ) {
|
$orderby_array = array();
|
||||||
|
foreach ( explode( ' ', $q['orderby'] ) as $i => $orderby ) {
|
||||||
// Only allow certain values for safety
|
// Only allow certain values for safety
|
||||||
if ( ! in_array($orderby, $allowed_keys) )
|
if ( ! in_array($orderby, $allowed_keys) )
|
||||||
continue;
|
continue;
|
||||||
|
@ -2335,15 +2334,14 @@ class WP_Query {
|
||||||
$orderby = "$wpdb->posts.post_" . $orderby;
|
$orderby = "$wpdb->posts.post_" . $orderby;
|
||||||
}
|
}
|
||||||
|
|
||||||
$q['orderby'] .= (($i == 0) ? '' : ',') . $orderby;
|
$orderby_array[] = $orderby;
|
||||||
}
|
}
|
||||||
|
$orderby = implode( ',', $orderby_array );
|
||||||
|
|
||||||
// append ASC or DESC at the end
|
if ( empty( $orderby ) )
|
||||||
if ( !empty($q['orderby']))
|
$orderby = "$wpdb->posts.post_date ".$q['order'];
|
||||||
$q['orderby'] .= " {$q['order']}";
|
else
|
||||||
|
$orderby .= " {$q['order']}";
|
||||||
if ( empty($q['orderby']) )
|
|
||||||
$q['orderby'] = "$wpdb->posts.post_date ".$q['order'];
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( is_array( $post_type ) ) {
|
if ( is_array( $post_type ) ) {
|
||||||
|
@ -2542,8 +2540,6 @@ class WP_Query {
|
||||||
$where = "AND 0";
|
$where = "AND 0";
|
||||||
}
|
}
|
||||||
|
|
||||||
$orderby = $q['orderby'];
|
|
||||||
|
|
||||||
$pieces = array( 'where', 'groupby', 'join', 'orderby', 'distinct', 'fields', 'limits' );
|
$pieces = array( 'where', 'groupby', 'join', 'orderby', 'distinct', 'fields', 'limits' );
|
||||||
|
|
||||||
// Apply post-paging filters on where and join. Only plugins that
|
// Apply post-paging filters on where and join. Only plugins that
|
||||||
|
|
Loading…
Reference in New Issue