Ticket #6772: 6772-absint.diff

File 6772-absint.diff, 6.5 kB (added by mdawaffe, 4 months ago)

wp-includes/query.php

old	new
515	515	if ( ! empty($qv['robots']) )
516	516	$this->is_robots = true;
517	517
518		$qv['p'] = ~~(int) $qv['p']~~;
519		$qv['page_id'] = ~~(int) $qv['page_id']~~;
520		$qv['year'] = ~~(int) $qv['year']~~;
521		$qv['monthnum'] = ~~(int) $qv['monthnum']~~;
522		$qv['day'] = ~~(int) $qv['day']~~;
523		$qv['w'] = ~~(int) $qv['w']~~;
524		$qv['m'] = ~~(int) $qv['m']~~;
	518	$qv['p'] = absint($qv['p']);
	519	$qv['page_id'] = absint($qv['page_id']);
	520	$qv['year'] = absint($qv['year']);
	521	$qv['monthnum'] = absint($qv['monthnum']);
	522	$qv['day'] = absint($qv['day']);
	523	$qv['w'] = absint($qv['w']);
	524	$qv['m'] = absint($qv['m']);
525	525	$qv['cat'] = preg_replace( '\|[^0-9,-]\|', '', $qv['cat'] ); // comma separated list of positive or negative integers
526		if ( '' !== $qv['hour'] ) $qv['hour'] = ~~(int) $qv['hour']~~;
527		if ( '' !== $qv['minute'] ) $qv['minute'] = ~~(int) $qv['minute']~~;
528		if ( '' !== $qv['second'] ) $qv['second'] = ~~(int) $qv['second']~~;
	526	if ( '' !== $qv['hour'] ) $qv['hour'] = absint($qv['hour']);
	527	if ( '' !== $qv['minute'] ) $qv['minute'] = absint($qv['minute']);
	528	if ( '' !== $qv['second'] ) $qv['second'] = absint($qv['second']);
529	529
530	530	// Compat. Map subpost to attachment.
531	531	if ( '' != $qv['subpost'] )
…	…
533	533	if ( '' != $qv['subpost_id'] )
534	534	$qv['attachment_id'] = $qv['subpost_id'];
535	535
536		$qv['attachment_id'] = ~~(int) $qv['attachment_id']~~;
	536	$qv['attachment_id'] = absint($qv['attachment_id']);
537	537
538	538	if ( ('' != $qv['attachment']) \|\| !empty($qv['attachment_id']) ) {
539	539	$this->is_single = true;
…	…
624	624	if ( !is_array($qv['category__in']) \|\| empty($qv['category__in']) ) {
625	625	$qv['category__in'] = array();
626	626	} else {
627		$qv['category__in'] = array_map('~~intval~~', $qv['category__in']);
	627	$qv['category__in'] = array_map('absint', $qv['category__in']);
628	628	$this->is_category = true;
629	629	}
630	630
631	631	if ( !is_array($qv['category__not_in']) \|\| empty($qv['category__not_in']) ) {
632	632	$qv['category__not_in'] = array();
633	633	} else {
634		$qv['category__not_in'] = array_map('~~intval~~', $qv['category__not_in']);
	634	$qv['category__not_in'] = array_map('absint', $qv['category__not_in']);
635	635	}
636	636
637	637	if ( !is_array($qv['category__and']) \|\| empty($qv['category__and']) ) {
638	638	$qv['category__and'] = array();
639	639	} else {
640		$qv['category__and'] = array_map('~~intval~~', $qv['category__and']);
	640	$qv['category__and'] = array_map('absint', $qv['category__and']);
641	641	$this->is_category = true;
642	642	}
643	643
644	644	if ( '' != $qv['tag'] )
645	645	$this->is_tag = true;
646	646
647		$qv['tag_id'] = ~~(int) $qv['tag_id']~~;
	647	$qv['tag_id'] = absint($qv['tag_id']);
648	648	if ( !empty($qv['tag_id']) )
649	649	$this->is_tag = true;
650	650
651	651	if ( !is_array($qv['tag__in']) \|\| empty($qv['tag__in']) ) {
652	652	$qv['tag__in'] = array();
653	653	} else {
654		$qv['tag__in'] = array_map('~~intval~~', $qv['tag__in']);
	654	$qv['tag__in'] = array_map('absint', $qv['tag__in']);
655	655	$this->is_tag = true;
656	656	}
657	657
658	658	if ( !is_array($qv['tag__not_in']) \|\| empty($qv['tag__not_in']) ) {
659	659	$qv['tag__not_in'] = array();
660	660	} else {
661		$qv['tag__not_in'] = array_map('~~intval~~', $qv['tag__not_in']);
	661	$qv['tag__not_in'] = array_map('absint', $qv['tag__not_in']);
662	662	}
663	663
664	664	if ( !is_array($qv['tag__and']) \|\| empty($qv['tag__and']) ) {
665	665	$qv['tag__and'] = array();
666	666	} else {
667		$qv['tag__and'] = array_map('~~intval~~', $qv['tag__and']);
	667	$qv['tag__and'] = array_map('absint', $qv['tag__and']);
668	668	$this->is_category = true;
669	669	}
670	670
…	…
871	871
872	872	if (isset($q['page'])) {
873	873	$q['page'] = trim($q['page'], '/');
874		$q['page'] = (int) $q['page'];
875		$q['page'] = abs($q['page']);
	874	$q['page'] = absint($q['page']);
876	875	}
877	876
878	877	// If a month is specified in the querystring, load that month
…	…
949	948	$where .= " AND WEEK($wpdb->posts.post_date, 1)='" . $q['w'] . "'";
950	949
951	950	if ( intval($q['comments_popup']) )
952		$q['p'] = ~~intval~~($q['comments_popup']);
	951	$q['p'] = absint($q['comments_popup']);
953	952
954	953	// If an attachment is requested by number, let it supercede any post number.
955	954	if ( $q['attachment_id'] )
956		$q['p'] = ~~$q['attachment_id']~~;
	955	$q['p'] = absint($q['attachment_id']);
957	956
958	957	// If a post number is specified, load that post
959	958	if ( $q['p'] )
960	959	$where = " AND {$wpdb->posts}.ID = " . $q['p'];
961	960	elseif ( $q['post_parent'] )
962		$where = $wpdb->prepare("AND $wpdb->posts.post_parent = %d ", $q['post_parent']);
	961	$where = $wpdb->prepare(" AND $wpdb->posts.post_parent = %d ", $q['post_parent']);
963	962	elseif ( $q['post__in'] ) {
964		$post__in = "'" . implode("', '", ~~$q['post__in']~~) . "'";
	963	$post__in = "'" . implode("', '", array_map( 'absint', $q['post__in'] )) . "'";
965	964	$where = " AND {$wpdb->posts}.ID IN ($post__in)";
966	965	} elseif ( $q['post__not_in'] ) {
967		$post__not_in = "'" . implode("', '", ~~$q['post__not_in']~~) . "'";
	966	$post__not_in = "'" . implode("', '", array_map( 'absint', $q['post__not_in'] )) . "'";
968	967	$where = " AND {$wpdb->posts}.ID NOT IN ($post__not_in)";
969	968	}
970	969
…	…
1207	1206	$eq = '!=';
1208	1207	$andor = 'AND';
1209	1208	$q['author'] = explode('-', $q['author']);
1210		$q['author'] = ''~~.intval~~($q['author'][1]);
	1209	$q['author'] = '' . absint($q['author'][1]);
1211	1210	} else {
1212	1211	$eq = '=';
1213	1212	$andor = 'OR';
1214	1213	}
1215	1214	$author_array = preg_split('/[,\s]+/', $q['author']);
1216		$whichauthor .= " AND ($wpdb->posts.post_author ".$eq.' '.~~intval~~($author_array[0]);
	1215	$whichauthor .= " AND ($wpdb->posts.post_author ".$eq.' '.absint($author_array[0]);
1217	1216	for ($i = 1; $i < (count($author_array)); $i = $i + 1) {
1218		$whichauthor .= ' '.$andor." $wpdb->posts.post_author ".$eq.' '.~~intval~~($author_array[$i]);
	1217	$whichauthor .= ' '.$andor." $wpdb->posts.post_author ".$eq.' '.absint($author_array[$i]);
1219	1218	}
1220	1219	$whichauthor .= ')';
1221	1220	}
…	…
1233	1232	}
1234	1233	$q['author_name'] = sanitize_title($q['author_name']);
1235	1234	$q['author'] = $wpdb->get_var("SELECT ID FROM $wpdb->users WHERE user_nicename='".$q['author_name']."'");
1236		$whichauthor .= " AND ($wpdb->posts.post_author = ".~~intval~~($q['author']).')';
	1235	$whichauthor .= " AND ($wpdb->posts.post_author = ".absint($q['author']).')';
1237	1236	}
1238	1237
1239	1238	// MIME-Type stuff for attachment browsing
…	…
1373	1372
1374	1373	if ( empty($q['offset']) ) {
1375	1374	$pgstrt = '';
1376		$pgstrt = (~~intval($page) -~~1) * $q['posts_per_page'] . ', ';
	1375	$pgstrt = ($page - 1) * $q['posts_per_page'] . ', ';
1377	1376	$limits = 'LIMIT '.$pgstrt.$q['posts_per_page'];
1378	1377	} else { // we're ignoring $page and using 'offset'
1379	1378	$q['offset'] = absint($q['offset']);

Download in other formats:

Original Format