Clean up some edge cases in `sanitize_sql_orderby()`. Merge of [32164] to the 3.9 branch.
Props vortfu, dd32. Built from https://develop.svn.wordpress.org/branches/3.9@32190 git-svn-id: http://core.svn.wordpress.org/branches/3.9@32163 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
ff692384e0
commit
27c4e15959
|
@ -1178,21 +1178,23 @@ function sanitize_title_with_dashes( $title, $raw_title = '', $context = 'displa
|
|||
}
|
||||
|
||||
/**
|
||||
* Ensures a string is a valid SQL order by clause.
|
||||
* Ensures a string is a valid SQL 'order by' clause.
|
||||
*
|
||||
* Accepts one or more columns, with or without ASC/DESC, and also accepts
|
||||
* RAND().
|
||||
* Accepts one or more columns, with or without a sort order (ASC / DESC).
|
||||
* e.g. 'column_1', 'column_1, column_2', 'column_1 ASC, column_2 DESC' etc.
|
||||
*
|
||||
* Also accepts 'RAND()'.
|
||||
*
|
||||
* @since 2.5.1
|
||||
*
|
||||
* @param string $orderby Order by string to be checked.
|
||||
* @return string|bool Returns the order by clause if it is a match, false otherwise.
|
||||
* @param string $orderby Order by clause to be validated.
|
||||
* @return string|bool Returns $orderby if valid, false otherwise.
|
||||
*/
|
||||
function sanitize_sql_orderby( $orderby ){
|
||||
preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);
|
||||
if ( !$obmatches )
|
||||
return false;
|
||||
function sanitize_sql_orderby( $orderby ) {
|
||||
if ( preg_match( '/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby ) || preg_match( '/^\s*RAND\(\s*\)\s*$/i', $orderby ) ) {
|
||||
return $orderby;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in New Issue