From c9c4dabcc1c920fc43ee6f7331011abd029d4f9f Mon Sep 17 00:00:00 2001 From: desrosj Date: Thu, 6 Jan 2022 17:05:02 +0000 Subject: [PATCH] Query: Improve sanitization within `WP_Meta_Query`. Props vortfu, xknown, dd32. Built from https://develop.svn.wordpress.org/trunk@52455 git-svn-id: http://core.svn.wordpress.org/trunk@52047 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/class-wp-meta-query.php | 2 +- wp-includes/class-wp-tax-query.php | 2 +- wp-includes/version.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/wp-includes/class-wp-meta-query.php b/wp-includes/class-wp-meta-query.php index 2c2ac84d34..ac1da7d1f6 100644 --- a/wp-includes/class-wp-meta-query.php +++ b/wp-includes/class-wp-meta-query.php @@ -848,7 +848,7 @@ class WP_Meta_Query { $clause_compare = strtoupper( $clause['compare'] ); $sibling_compare = strtoupper( $sibling['compare'] ); if ( in_array( $clause_compare, $compatible_compares, true ) && in_array( $sibling_compare, $compatible_compares, true ) ) { - $alias = $sibling['alias']; + $alias = preg_replace( '/\W/', '_', $sibling['alias'] ); break; } } diff --git a/wp-includes/class-wp-tax-query.php b/wp-includes/class-wp-tax-query.php index a7a40cf21f..eb4b7849e2 100644 --- a/wp-includes/class-wp-tax-query.php +++ b/wp-includes/class-wp-tax-query.php @@ -527,7 +527,7 @@ class WP_Tax_Query { // The sibling must both have compatible operator to share its alias. if ( in_array( strtoupper( $sibling['operator'] ), $compatible_operators, true ) ) { - $alias = $sibling['alias']; + $alias = preg_replace( '/\W/', '_', $sibling['alias'] ); break; } } diff --git a/wp-includes/version.php b/wp-includes/version.php index 5e9b1f0e50..a9ca645130 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -16,7 +16,7 @@ * * @global string $wp_version */ -$wp_version = '6.0-alpha-52454'; +$wp_version = '6.0-alpha-52455'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.