golem
/
twentyGOLEM
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added sanity checking to several query parameters 

git-svn-id: http://svn.automattic.com/wordpress/trunk@401 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
emc3 2003-10-01 14:35:49 +00:00
parent 27aa1836c7
commit ad7545eff1
1 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
blog.header.php
View File

@ -130,15 +130,15 @@ if ((empty($cat)) || ($cat == 'all') || ($cat == '0')) {
$eq = '!=';
$andor = 'AND';
$cat = explode('-',$cat);
$cat = $cat[1];
$cat = intval($cat[1]);
} else {
$eq = '=';
$andor = 'OR';
}
$cat_array = explode(' ',$cat);
$whichcat .= ' AND (post_category '.$eq.' '.$cat_array[0];
$whichcat .= ' AND (post_category '.$eq.' '.intval($cat_array[0]);
for ($i = 1; $i < (count($cat_array)); $i = $i + 1) {
$whichcat .= ' '.$andor.' post_category '.$eq.' '.$cat_array[$i];
$whichcat .= ' '.$andor.' post_category '.$eq.' '.intval($cat_array[$i]);
}
$whichcat .= ')';
}
@ -151,15 +151,15 @@ if ((empty($author)) || ($author == 'all') || ($cat == '0')) {
$eq = '!=';
$andor = 'AND';
$author = explode('-', $author);
$author = $author[1];
$author = ''.intval($author[1]);
} else {
$eq = '=';
$andor = 'OR';
}
$author_array = explode(' ', $author);
$whichauthor .= ' AND post_author '.$eq.' '.$author_array[0];
$whichauthor .= ' AND post_author '.$eq.' '.intval($author_array[0]);
for ($i = 1; $i < (count($author_array)); $i = $i + 1) {
$whichauthor .= ' '.$andor.' post_author '.$eq.' '.$author_array[$i];
$whichauthor .= ' '.$andor.' post_author '.$eq.' '.intval($author_array[$i]);
}
}
@ -173,13 +173,21 @@ if ((empty($order)) || ((strtoupper($order) != 'ASC') && (strtoupper($order) !=
if (empty($orderby)) {
$orderby='date '.$order;
} else {
// used to filter values
$allowed_keys = array('author','date','category','title');
$orderby = urldecode($orderby);
$orderby = addslashes_gpc($orderby);
$orderby_array = explode(' ',$orderby);
if (!in_array($orderby_array[0],$allowed_keys) {
$orderby_array[0] = 'date';
}
$orderby = $orderby_array[0].' '.$order;
if (count($orderby_array)>1) {
for ($i = 1; $i < (count($orderby_array)); $i = $i + 1) {
$orderby .= ',post_'.$orderby_array[$i].' '.$order;
// Only allow certain values for safety
if (in_array($orderby_array[$i],$allowed_keys) {
$orderby .= ',post_'.$orderby_array[$i].' '.$order;
}
}
}
}