Sanitize order and orderby in get_bookmarks()
git-svn-id: https://develop.svn.wordpress.org/trunk@18345 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren
parent
bb7af108f5
commit
7a9c81cdb1
|
|
@ -213,22 +213,32 @@ function get_bookmarks($args = '') {
|
||||||
|
|
||||||
$orderby = strtolower($orderby);
|
$orderby = strtolower($orderby);
|
||||||
$length = '';
|
$length = '';
|
||||||
switch ($orderby) {
|
switch ( $orderby ) {
|
||||||
case 'length':
|
case 'length':
|
||||||
$length = ", CHAR_LENGTH(link_name) AS length";
|
$length = ", CHAR_LENGTH(link_name) AS length";
|
||||||
break;
|
break;
|
||||||
case 'rand':
|
case 'rand':
|
||||||
$orderby = 'rand()';
|
$orderby = 'rand()';
|
||||||
break;
|
break;
|
||||||
|
case 'link_id':
|
||||||
|
$orderby = "$wpdb->links.link_id";
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
$orderparams = array();
|
$orderparams = array();
|
||||||
foreach ( explode(',', $orderby) as $ordparam )
|
foreach ( explode(',', $orderby) as $ordparam ) {
|
||||||
$orderparams[] = 'link_' . trim($ordparam);
|
$ordparam = trim($ordparam);
|
||||||
|
if ( in_array( $ordparam, array( 'name', 'url', 'visible', 'rating', 'owner', 'updated' ) ) )
|
||||||
|
$orderparams[] = 'link_' . $ordparam;
|
||||||
|
}
|
||||||
$orderby = implode(',', $orderparams);
|
$orderby = implode(',', $orderparams);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( 'link_id' == $orderby )
|
if ( empty( $orderby ) )
|
||||||
$orderby = "$wpdb->links.link_id";
|
$orderby = 'link_name';
|
||||||
|
|
||||||
|
$order = strtoupper( $order );
|
||||||
|
if ( '' !== $order && !in_array( $order, array( 'ASC', 'DESC' ) ) )
|
||||||
|
$order = 'ASC';
|
||||||
|
|
||||||
$visible = '';
|
$visible = '';
|
||||||
if ( $hide_invisible )
|
if ( $hide_invisible )
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue