Use stricter sanitization for meta query clause keys.

By forcing all clause keys to be strings, we make it possible to use strict comparison when validating values of 'orderby' as passed to `WP_Query`. This eliminates situations where the presence of numeric clause keys could result in an improperly validated 'orderby' value. Props nikolov.tmw. Fixes #32937. git-svn-id: https://develop.svn.wordpress.org/trunk@34090 602fd350-edb4-49c9-b593-d223f7449a82
2015-09-12 21:05:14 +00:00 · 2015-09-12 21:05:14 +00:00 · 4fdfdb6078
commit 4fdfdb6078
parent dcbd8c6c3d
2 changed files with 3 additions and 3 deletions
--- a/src/wp-includes/class-wp-meta-query.php
+++ b/src/wp-includes/class-wp-meta-query.php
@ -548,8 +548,8 @@ class WP_Meta_Query {
 		$meta_type  = $this->get_cast_for_type( $_meta_type );
 		$clause['cast'] = $meta_type;

-		// Fallback for clause keys is the table alias.
-		if ( ! $clause_key ) {
+		// Fallback for clause keys is the table alias. Key must be a string.
+		if ( is_int( $clause_key ) || ! $clause_key ) {
 			$clause_key = $clause['alias'];
 		}

--- a/src/wp-includes/query.php
+++ b/src/wp-includes/query.php
@ -2280,7 +2280,7 @@ class WP_Query {
 			$allowed_keys   = array_merge( $allowed_keys, array_keys( $meta_clauses ) );
 		}

-		if ( ! in_array( $orderby, $allowed_keys ) ) {
+		if ( ! in_array( $orderby, $allowed_keys, true ) ) {
 			return false;
 		}