From 7a9c81cdb109e0aafff77d2194e5867bfc412d57 Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Mon, 27 Jun 2011 15:46:11 +0000
Subject: [PATCH] Sanitize order and orderby in get_bookmarks()

git-svn-id: https://develop.svn.wordpress.org/trunk@18345 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-includes/bookmark.php | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/wp-includes/bookmark.php b/wp-includes/bookmark.php
index 8b0fe48747..e1184231c4 100644
--- a/wp-includes/bookmark.php
+++ b/wp-includes/bookmark.php
@@ -213,22 +213,32 @@ function get_bookmarks($args = '') {
 
 	$orderby = strtolower($orderby);
 	$length = '';
-	switch ($orderby) {
+	switch ( $orderby ) {
 		case 'length':
 			$length = ", CHAR_LENGTH(link_name) AS length";
 			break;
 		case 'rand':
 			$orderby = 'rand()';
 			break;
+		case 'link_id':
+			$orderby = "$wpdb->links.link_id";
+			break;
 		default:
 			$orderparams = array();
-			foreach ( explode(',', $orderby) as $ordparam )
-				$orderparams[] = 'link_' . trim($ordparam);
+			foreach ( explode(',', $orderby) as $ordparam ) {
+				$ordparam = trim($ordparam);
+				if ( in_array( $ordparam, array( 'name', 'url', 'visible', 'rating', 'owner', 'updated' ) ) )
+					$orderparams[] = 'link_' . $ordparam;
+			}
 			$orderby = implode(',', $orderparams);
 	}
 
-	if ( 'link_id' == $orderby )
-		$orderby = "$wpdb->links.link_id";
+	if ( empty( $orderby ) )
+		$orderby = 'link_name';
+
+	$order = strtoupper( $order );
+	if ( '' !== $order && !in_array( $order, array( 'ASC', 'DESC' ) ) )
+		$order = 'ASC';
 
 	$visible = '';
 	if ( $hide_invisible )