From f32bbeeb95ed17b0cf0d2692e83737bbffaac60c Mon Sep 17 00:00:00 2001 From: Gary Pendergast Date: Mon, 20 Apr 2015 05:42:25 +0000 Subject: [PATCH] Clean up some edge cases in `sanitize_sql_orderby()`. Props vortfu, dd32. Built from https://develop.svn.wordpress.org/trunk@32164 git-svn-id: http://core.svn.wordpress.org/trunk@32139 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/formatting.php | 22 ++++++++++++---------- wp-includes/version.php | 2 +- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index c37755515e..04cb5aa755 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -1362,21 +1362,23 @@ function sanitize_title_with_dashes( $title, $raw_title = '', $context = 'displa } /** - * Ensures a string is a valid SQL order by clause. + * Ensures a string is a valid SQL 'order by' clause. * - * Accepts one or more columns, with or without ASC/DESC, and also accepts - * RAND(). + * Accepts one or more columns, with or without a sort order (ASC / DESC). + * e.g. 'column_1', 'column_1, column_2', 'column_1 ASC, column_2 DESC' etc. + * + * Also accepts 'RAND()'. * * @since 2.5.1 * - * @param string $orderby Order by string to be checked. - * @return false|string Returns the order by clause if it is a match, false otherwise. + * @param string $orderby Order by clause to be validated. + * @return string|bool Returns $orderby if valid, false otherwise. */ -function sanitize_sql_orderby( $orderby ){ - preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches); - if ( !$obmatches ) - return false; - return $orderby; +function sanitize_sql_orderby( $orderby ) { + if ( preg_match( '/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby ) || preg_match( '/^\s*RAND\(\s*\)\s*$/i', $orderby ) ) { + return $orderby; + } + return false; } /** diff --git a/wp-includes/version.php b/wp-includes/version.php index b4ea6adb5c..6a3780e317 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.2-RC1-32162'; +$wp_version = '4.2-RC1-32164'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.