Use stricter sanitization for meta query clause keys.

By forcing all clause keys to be strings, we make it possible to use strict
comparison when validating values of 'orderby' as passed to `WP_Query`. This
eliminates situations where the presence of numeric clause keys could result
in an improperly validated 'orderby' value.

Props nikolov.tmw.
Fixes #32937.
Built from https://develop.svn.wordpress.org/trunk@34090


git-svn-id: http://core.svn.wordpress.org/trunk@34058 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-includes/class-wp-meta-query.php

@@ -548,8 +548,8 @@ class WP_Meta_Query {
 		$meta_type  = $this->get_cast_for_type( $_meta_type );
 		$clause['cast'] = $meta_type;
 
-		// Fallback for clause keys is the table alias.
-		if ( ! $clause_key ) {
+		// Fallback for clause keys is the table alias. Key must be a string.
+		if ( is_int( $clause_key ) || ! $clause_key ) {
 			$clause_key = $clause['alias'];
 		}
 

wp-includes/query.php

@@ -2280,7 +2280,7 @@ class WP_Query {
 			$allowed_keys   = array_merge( $allowed_keys, array_keys( $meta_clauses ) );
 		}
 
-		if ( ! in_array( $orderby, $allowed_keys ) ) {
+		if ( ! in_array( $orderby, $allowed_keys, true ) ) {
 			return false;
 		}
 

wp-includes/version.php

@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.4-alpha-34089';
+$wp_version = '4.4-alpha-34090';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.