[wp-trac] Re: [WordPress Trac] #7423: in WP_Query,
sanitization breaks usage of multiple post_status values
WordPress Trac
wp-trac at lists.automattic.com
Tue Jul 29 01:29:44 GMT 2008
#7423: in WP_Query, sanitization breaks usage of multiple post_status values
-------------------------+--------------------------------------------------
Reporter: markjaquith | Owner: markjaquith
Type: defect | Status: assigned
Priority: high | Milestone: 2.7
Component: General | Version: 2.6
Severity: normal | Resolution:
Keywords: |
-------------------------+--------------------------------------------------
Comment (by azaozz):
Looks good, just one question: post_status can be published, draft,
pending, future, etc. and post_type can be post, page or attachment.
Shouldn't we sanitize with
{{{
preg_replace('|[^a-z,]|', '', $qv['post_status']);
}}}
That may affect some plugins, but don't think plugins are allowed to
change these. Otherwise will have to use exactly the same regexp as
sanitize_user
{{{
preg_replace('|[^a-z0-9 _.\-@]|i', '', $username);
}}}
so nothing breaks.
--
Ticket URL: <http://trac.wordpress.org/ticket/7423#comment:3>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list