[wp-trac] [WordPress Trac] #32937: $wp_query->parse_orderby() allows incorrect keys to go through(edge case)

WordPress Trac noreply at wordpress.org
Sat Sep 12 21:05:16 UTC 2015


#32937: $wp_query->parse_orderby() allows incorrect keys to go through(edge case)
--------------------------+---------------------------
 Reporter:  nikolov.tmw   |       Owner:  boonebgorges
     Type:  defect (bug)  |      Status:  closed
 Priority:  normal        |   Milestone:  4.4
Component:  Query         |     Version:
 Severity:  normal        |  Resolution:  fixed
 Keywords:                |     Focuses:
--------------------------+---------------------------
Changes (by boonebgorges):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 In [changeset:"34090"]:
 {{{
 #!CommitTicketReference repository="" revision="34090"
 Use stricter sanitization for meta query clause keys.

 By forcing all clause keys to be strings, we make it possible to use
 strict
 comparison when validating values of 'orderby' as passed to `WP_Query`.
 This
 eliminates situations where the presence of numeric clause keys could
 result
 in an improperly validated 'orderby' value.

 Props nikolov.tmw.
 Fixes #32937.
 }}}

--
Ticket URL: <https://core.trac.wordpress.org/ticket/32937#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list