IntenseWebs/WordPress
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix gallery shortcode orderby param for all SQL setups. Sanitize orderby. fixes #6476 for trunk

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@7592 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith
2008-04-03 03:05:49 +00:00
parent 9a15c3a960
commit 6a41b549d0
3 changed files with 23 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
wp-includes/formatting.php
View File

@@ -366,6 +366,15 @@ function sanitize_title_with_dashes($title) {
return $title;
}
// ensures a string is a valid SQL order by clause like: post_name ASC, ID DESC
// accepts one or more columns, with or without ASC/DESC, and also accepts RAND()
function sanitize_sql_orderby( $orderby ){
preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);
if ( !$obmatches )
return false;
return $orderby;
}
function convert_chars($content, $deprecated = '') {
// Translation of invalid Unicode references range to valid range
$wp_htmltranswinuni = array(