Sanitize $include and $exclude in the gallery shortcode
git-svn-id: http://svn.automattic.com/wordpress/trunk@11776 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
32f63b12b7
commit
e15de47ed7
|
@ -671,6 +671,7 @@ function gallery_shortcode($attr) {
|
||||||
$orderby = 'none';
|
$orderby = 'none';
|
||||||
|
|
||||||
if ( !empty($include) ) {
|
if ( !empty($include) ) {
|
||||||
|
$include = preg_replace( '/[^0-9,]+/', '', $include );
|
||||||
$_attachments = get_posts( array('include' => $include, 'post_status' => 'inherit', 'post_type' => 'attachment', 'post_mime_type' => 'image', 'order' => $order, 'orderby' => $orderby) );
|
$_attachments = get_posts( array('include' => $include, 'post_status' => 'inherit', 'post_type' => 'attachment', 'post_mime_type' => 'image', 'order' => $order, 'orderby' => $orderby) );
|
||||||
|
|
||||||
$attachments = array();
|
$attachments = array();
|
||||||
|
@ -678,6 +679,7 @@ function gallery_shortcode($attr) {
|
||||||
$attachments[$val->ID] = $_attachments[$key];
|
$attachments[$val->ID] = $_attachments[$key];
|
||||||
}
|
}
|
||||||
} elseif ( !empty($exclude) ) {
|
} elseif ( !empty($exclude) ) {
|
||||||
|
$exclude = preg_replace( '/[^0-9,]+/', '', $exclude );
|
||||||
$attachments = get_children( array('post_parent' => $id, 'exclude' => $exclude, 'post_status' => 'inherit', 'post_type' => 'attachment', 'post_mime_type' => 'image', 'order' => $order, 'orderby' => $orderby) );
|
$attachments = get_children( array('post_parent' => $id, 'exclude' => $exclude, 'post_status' => 'inherit', 'post_type' => 'attachment', 'post_mime_type' => 'image', 'order' => $order, 'orderby' => $orderby) );
|
||||||
} else {
|
} else {
|
||||||
$attachments = get_children( array('post_parent' => $id, 'post_status' => 'inherit', 'post_type' => 'attachment', 'post_mime_type' => 'image', 'order' => $order, 'orderby' => $orderby) );
|
$attachments = get_children( array('post_parent' => $id, 'post_status' => 'inherit', 'post_type' => 'attachment', 'post_mime_type' => 'image', 'order' => $order, 'orderby' => $orderby) );
|
||||||
|
|
Loading…
Reference in New Issue