From 581402ae2f631cbbb3f2ee61ef13593b76667da3 Mon Sep 17 00:00:00 2001 From: ryan Date: Mon, 27 Jun 2011 15:45:12 +0000 Subject: [PATCH] Sanitize order and orderby in get_terms() git-svn-id: http://svn.automattic.com/wordpress/trunk@18344 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/taxonomy.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/wp-includes/taxonomy.php b/wp-includes/taxonomy.php index 9cda49581e..dee7af8b64 100644 --- a/wp-includes/taxonomy.php +++ b/wp-includes/taxonomy.php @@ -1229,6 +1229,8 @@ function &get_terms($taxonomies, $args = '') { $orderby = ''; elseif ( empty($_orderby) || 'id' == $_orderby ) $orderby = 't.term_id'; + else + $orderby = 't.name'; $orderby = apply_filters( 'get_terms_orderby', $orderby, $args ); @@ -1237,6 +1239,10 @@ function &get_terms($taxonomies, $args = '') { else $order = ''; + $order = strtoupper( $order ); + if ( '' !== $order && !in_array( $order, array( 'ASC', 'DESC' ) ) ) + $order = 'ASC'; + $where = "tt.taxonomy IN ('" . implode("', '", $taxonomies) . "')"; $inclusions = ''; if ( !empty($include) ) {