[wp-trac] Re: [WordPress Trac] #7423: in WP_Query,
 sanitization breaks usage of multiple post_status values
    WordPress Trac 
    wp-trac at lists.automattic.com
       
    Mon Jul 28 21:50:34 GMT 2008
    
    
  
#7423: in WP_Query, sanitization breaks usage of multiple post_status values
-------------------------+--------------------------------------------------
 Reporter:  markjaquith  |        Owner:  anonymous
     Type:  defect       |       Status:  new      
 Priority:  high         |    Milestone:  2.7      
Component:  General      |      Version:  2.6      
 Severity:  normal       |   Resolution:           
 Keywords:               |  
-------------------------+--------------------------------------------------
Changes (by markjaquith):
  * summary:  in WP_Query, sanitization breaks usage of multiple post_type
              or post_status values => in WP_Query,
              sanitization breaks usage of multiple
              post_status values
Old description:
> I was trying to get WP_Query to give me all draft OR future posts by
> other authors, but found that it would not accept comma-separated
> post_status values.  Turns out we're using {{{sanitize_user()}}} on the
> query values of post_type and post_status which breaks that
> functionality.  We need to allow commas so that WP_Query can process
> {{{post_status=draft,future}}}
>
> Switching that {{{sanitize_user()}}} line to a {{{[^a-z0-9,_-]
> preg_replace()}}} sanitization line allowed my WP_Query call to work as
> intended.
New description:
 I was trying to get WP_Query to give me all draft OR future posts by other
 authors, but found that it would not accept comma-separated post_status
 values.  Turns out we're using {{{sanitize_user()}}} on the query values
 of post_status which breaks that functionality.  We need to allow commas
 so that WP_Query can process {{{post_status=draft,future}}}
 Switching that {{{sanitize_user()}}} line to a {{{[^a-z0-9,_-]
 preg_replace()}}} sanitization line allowed my WP_Query call to work as
 intended.
 We're also doing that sanitization on post_type, but it doesn't look like
 the functionality to accept multiple post_type values is there (and it's
 certainly less useful than accepting multiple post_statuses).
-- 
Ticket URL: <http://trac.wordpress.org/ticket/7423#comment:1>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
    
    
More information about the wp-trac
mailing list