From deb8828381cd7e3a6766f52e030f008dca99cf47 Mon Sep 17 00:00:00 2001 From: dd32 Date: Sun, 26 Sep 2010 10:56:36 +0000 Subject: [PATCH] Partially revert [15642]. Fixes Bulk deletion of non-media items. As a bonus, exit on redirects & check the post status is valid before querying it. See #14579 git-svn-id: http://svn.automattic.com/wordpress/trunk@15667 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/edit.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/wp-admin/edit.php b/wp-admin/edit.php index 215805e7c5..fb622fe76c 100644 --- a/wp-admin/edit.php +++ b/wp-admin/edit.php @@ -31,16 +31,21 @@ if ( $doaction ) { $sendback = admin_url($post_new_file); if ( 'delete_all' == $doaction ) { - $post_ids = $wpdb->get_col( "SELECT ID FROM $wpdb->posts WHERE post_type='attachment' AND post_status = 'trash'" ); + $post_status = preg_replace('/[^a-z0-9_-]+/i', '', $_REQUEST['post_status']); + if ( get_post_status_object($post_status) ) // Check the post status exists first + $post_ids = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_type=%s AND post_status = %s", $post_type, $post_status ) ); $doaction = 'delete'; } elseif ( isset( $_REQUEST['media'] ) ) { $post_ids = $_REQUEST['media']; } elseif ( isset( $_REQUEST['ids'] ) ) { $post_ids = explode( ',', $_REQUEST['ids'] ); + } elseif ( !empty( $_REQUEST['post'] ) ) { + $post_ids = array_map('intval', $_REQUEST['post']); } if ( !isset( $post_ids ) ) { wp_redirect( admin_url("edit.php?post_type=$post_type") ); + exit; } switch ( $doaction ) {