From e15de47ed7c0546856c14e4ee5ad2a9f997b61cd Mon Sep 17 00:00:00 2001
From: azaozz <azaozz@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Wed, 5 Aug 2009 05:56:00 +0000
Subject: [PATCH] Sanitize $include and $exclude in the gallery shortcode

git-svn-id: http://svn.automattic.com/wordpress/trunk@11776 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/media.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/wp-includes/media.php b/wp-includes/media.php
index 911f4e913..7456945e2 100644
--- a/wp-includes/media.php
+++ b/wp-includes/media.php
@@ -671,6 +671,7 @@ function gallery_shortcode($attr) {
 		$orderby = 'none';
 
 	if ( !empty($include) ) {
+		$include = preg_replace( '/[^0-9,]+/', '', $include );
 		$_attachments = get_posts( array('include' => $include, 'post_status' => 'inherit', 'post_type' => 'attachment', 'post_mime_type' => 'image', 'order' => $order, 'orderby' => $orderby) );
 
 		$attachments = array();
@@ -678,6 +679,7 @@ function gallery_shortcode($attr) {
 			$attachments[$val->ID] = $_attachments[$key];
 		}
 	} elseif ( !empty($exclude) ) {
+		$exclude = preg_replace( '/[^0-9,]+/', '', $exclude );
 		$attachments = get_children( array('post_parent' => $id, 'exclude' => $exclude, 'post_status' => 'inherit', 'post_type' => 'attachment', 'post_mime_type' => 'image', 'order' => $order, 'orderby' => $orderby) );
 	} else {
 		$attachments = get_children( array('post_parent' => $id, 'post_status' => 'inherit', 'post_type' => 'attachment', 'post_mime_type' => 'image', 'order' => $order, 'orderby' => $orderby) );