Query: Validate relation in `WP_Date_Query`.

Props dd32, johnjamesjacoby, martinkrcho, ehtis, paulkevan, peterwilsoncc.

Built from https://develop.svn.wordpress.org/trunk@54530


git-svn-id: http://core.svn.wordpress.org/trunk@54085 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-includes/class-wp-date-query.php

@@ -150,8 +150,8 @@ class WP_Date_Query {
 			return;
 		}
 
-		if ( isset( $date_query['relation'] ) && 'OR' === strtoupper( $date_query['relation'] ) ) {
-			$this->relation = 'OR';
+		if ( isset( $date_query['relation'] ) ) {
+			$this->relation = $this->sanitize_relation( $date_query['relation'] );
 		} else {
 			$this->relation = 'AND';
 		}
@@ -220,6 +220,9 @@ class WP_Date_Query {
 			$this->validate_date_values( $queries );
 		}
 
+		// Sanitize the relation parameter.
+		$queries['relation'] = $this->sanitize_relation( $queries['relation'] );
+
 		foreach ( $queries as $key => $q ) {
 			if ( ! is_array( $q ) || in_array( $key, $this->time_keys, true ) ) {
 				// This is a first-order query. Trust the values and sanitize when building SQL.
@@ -1041,4 +1044,20 @@ class WP_Date_Query {
 
 		return $wpdb->prepare( "DATE_FORMAT( $column, %s ) $compare %f", $format, $time );
 	}
+
+	/**
+	 * Sanitizes a 'relation' operator.
+	 *
+	 * @since 6.0.3
+	 *
+	 * @param string $relation Raw relation key from the query argument.
+	 * @return string Sanitized relation ('AND' or 'OR').
+	 */
+	public function sanitize_relation( $relation ) {
+		if ( 'OR' === strtoupper( $relation ) ) {
+			return 'OR';
+		} else {
+			return 'AND';
+		}
+	}
 }

wp-includes/version.php

@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '6.1-RC1-54529';
+$wp_version = '6.1-RC1-54530';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.