Use sanitize_key() for theme search tags/features. sanitize_title_with_dashes() is overkill. see #19815.

git-svn-id: http://svn.automattic.com/wordpress/trunk@20096 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
nacin 2012-03-02 22:26:58 +00:00
parent 234d355ef7
commit 4805a38f7d
1 changed files with 35 additions and 38 deletions

View File

@ -7,30 +7,25 @@
* @since 3.1.0 * @since 3.1.0
* @access private * @access private
*/ */
class WP_Theme_Install_List_Table extends WP_Themes_List_Table { class WP_Theme_Install_List_Table extends WP_List_Table {
var $features = array(); function __construct() {
parent::__construct( array(
'ajax' => true,
) );
}
function ajax_user_can() { function ajax_user_can() {
return current_user_can( 'install_themes' ); return current_user_can('install_themes');
} }
function prepare_items() { function prepare_items() {
include( ABSPATH . 'wp-admin/includes/theme-install.php' ); include( ABSPATH . 'wp-admin/includes/theme-install.php' );
global $tabs, $tab, $paged, $type, $theme_field_defaults; global $tabs, $tab, $paged, $type, $term, $theme_field_defaults;
wp_reset_vars( array( 'tab' ) ); wp_reset_vars( array( 'tab' ) );
$search_terms = array();
$search_string = '';
if ( ! empty( $_REQUEST['s'] ) ){
$search_string = strtolower( stripslashes( $_REQUEST['s'] ) );
$search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', $search_string ) ) ) );
}
if ( ! empty( $_REQUEST['features'] ) )
$this->features = $_REQUEST['features'];
$paged = $this->get_pagenum(); $paged = $this->get_pagenum();
$per_page = 36; $per_page = 36;
@ -60,21 +55,29 @@ class WP_Theme_Install_List_Table extends WP_Themes_List_Table {
switch ( $tab ) { switch ( $tab ) {
case 'search': case 'search':
$type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : ''; $type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : '';
$term = isset( $_REQUEST['s'] ) ? stripslashes( $_REQUEST['s'] ) : '';
switch ( $type ) { switch ( $type ) {
case 'tag': case 'tag':
$args['tag'] = array_map( 'sanitize_title_with_dashes', $search_terms ); $terms = explode( ',', $term );
$terms = array_map( 'trim', $terms );
$terms = array_map( 'sanitize_key', $terms );
$args['tag'] = $terms;
break; break;
case 'term': case 'term':
$args['search'] = $search_string; $args['search'] = $term;
break; break;
case 'author': case 'author':
$args['author'] = $search_string; $args['author'] = $term;
break; break;
} }
if ( ! empty( $this->features ) ) { if ( !empty( $_REQUEST['features'] ) ) {
$args['tag'] = $this->features; $terms = $_REQUEST['features'];
$_REQUEST['s'] = implode( ',', $this->features ); $terms = array_map( 'trim', $terms );
$terms = array_map( 'sanitize_key', $terms );
$args['tag'] = $terms;
$_REQUEST['s'] = implode( ',', $terms );
$_REQUEST['type'] = 'tag'; $_REQUEST['type'] = 'tag';
} }
@ -92,7 +95,7 @@ class WP_Theme_Install_List_Table extends WP_Themes_List_Table {
$args = false; $args = false;
} }
if ( ! $args ) if ( !$args )
return; return;
$api = themes_api( 'query_themes', $args ); $api = themes_api( 'query_themes', $args );
@ -105,7 +108,6 @@ class WP_Theme_Install_List_Table extends WP_Themes_List_Table {
$this->set_pagination_args( array( $this->set_pagination_args( array(
'total_items' => $api->info['results'], 'total_items' => $api->info['results'],
'per_page' => $per_page, 'per_page' => $per_page,
'infinite_scroll' => true,
) ); ) );
} }
@ -126,7 +128,12 @@ class WP_Theme_Install_List_Table extends WP_Themes_List_Table {
return $display_tabs; return $display_tabs;
} }
function get_columns() {
return array();
}
function display() { function display() {
wp_nonce_field( "fetch-list-" . get_class( $this ), '_ajax_fetch_list_nonce' ); wp_nonce_field( "fetch-list-" . get_class( $this ), '_ajax_fetch_list_nonce' );
?> ?>
<div class="tablenav top themes"> <div class="tablenav top themes">
@ -142,8 +149,12 @@ class WP_Theme_Install_List_Table extends WP_Themes_List_Table {
<?php $this->display_rows_or_placeholder(); ?> <?php $this->display_rows_or_placeholder(); ?>
</div> </div>
<?php <div class="tablenav bottom themes">
parent::tablenav( 'bottom' ); <?php $this->pagination( 'bottom' ); ?>
<img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" class="ajax-loading list-ajax-loading" alt="" />
<br class="clear" />
</div>
<?php
} }
function display_rows() { function display_rows() {
@ -159,18 +170,4 @@ class WP_Theme_Install_List_Table extends WP_Themes_List_Table {
?></div> ?></div>
<?php } // end foreach $theme_names <?php } // end foreach $theme_names
} }
/**
* Send required variables to JavaScript land
*
* @since 3.4
* @access private
*
* @uses $tab Global; current tab within Themes->Install screen
* @uses $type Global; type of search.
*/
function _js_vars() {
global $tab, $type;
parent::_js_vars( compact( $tab, $type ) );
}
} }