The `gallery` shortcode used to accept a SQL chunk for the value of the `orderby` attribute. The reason? `get_posts()` used to be called in the shortcode handler with a query-string blob of arguments passed to it. To mitigate breakage, `sanitize_sql_orderby()` was created in [7592].
`sanitize_sql_orderby()` expects a comma to be present when multiple `orderby` values were passed. The correct syntax for multiple fields is space-delimited. Since [29027], comma-separated values would never be parsed correctly when passed to `WP_Query->parse_orderby()`. `sanitize_sql_orderby()` is used nowhere else in core, save for the `playlist` shortcode - I only added it there because I was mimic'ing the `gallery` logic. The function call can be removed from both shortcode handlers. See #6476. Fixes #23873. Built from https://develop.svn.wordpress.org/trunk@30068 git-svn-id: http://core.svn.wordpress.org/trunk@30068 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
e4289bb37e
commit
5d17d2bd28
|
@ -938,14 +938,6 @@ function gallery_shortcode( $attr ) {
|
||||||
return $output;
|
return $output;
|
||||||
}
|
}
|
||||||
|
|
||||||
// We're trusting author input, so let's at least make sure it looks like a valid orderby statement
|
|
||||||
if ( isset( $attr['orderby'] ) ) {
|
|
||||||
$attr['orderby'] = sanitize_sql_orderby( $attr['orderby'] );
|
|
||||||
if ( ! $attr['orderby'] ) {
|
|
||||||
unset( $attr['orderby'] );
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$html5 = current_theme_supports( 'html5', 'gallery' );
|
$html5 = current_theme_supports( 'html5', 'gallery' );
|
||||||
$atts = shortcode_atts( array(
|
$atts = shortcode_atts( array(
|
||||||
'order' => 'ASC',
|
'order' => 'ASC',
|
||||||
|
@ -1220,16 +1212,6 @@ function wp_playlist_shortcode( $attr ) {
|
||||||
return $output;
|
return $output;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
* We're trusting author input, so let's at least make sure it looks
|
|
||||||
* like a valid orderby statement.
|
|
||||||
*/
|
|
||||||
if ( isset( $attr['orderby'] ) ) {
|
|
||||||
$attr['orderby'] = sanitize_sql_orderby( $attr['orderby'] );
|
|
||||||
if ( ! $attr['orderby'] )
|
|
||||||
unset( $attr['orderby'] );
|
|
||||||
}
|
|
||||||
|
|
||||||
$atts = shortcode_atts( array(
|
$atts = shortcode_atts( array(
|
||||||
'type' => 'audio',
|
'type' => 'audio',
|
||||||
'order' => 'ASC',
|
'order' => 'ASC',
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '4.1-alpha-30067';
|
$wp_version = '4.1-alpha-30068';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
|
Loading…
Reference in New Issue