[wp-trac] [WordPress Trac] #18068: wp_list_bookmarks orderby broke in WP 3.1.4 (submiting per Per Andrew Nacin)

WordPress Trac wp-trac at lists.automattic.com
Mon Aug 8 05:25:55 UTC 2011 

#18068: wp_list_bookmarks orderby broke in WP 3.1.4 (submiting per Per Andrew
Nacin)
-----------------------------+------------------------------
 Reporter:  theideamechanic  |       Owner:
     Type:  defect (bug)     |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  Template         |     Version:  3.1.4
 Severity:  major            |  Resolution:
 Keywords:  needs-patch      |
-----------------------------+------------------------------
Changes (by apurdam):

 * cc: apurdam (added)


Comment:

 Just wondering if this bug is going to get attention?[[BR]]

 It seems several users have been using links notes for arbitrary sorting
 of links when displaying, and that got broken in 3.1.4, perhaps in
 response to the security issue mentioned by Doug.
 The mod was in '''get_bookmarks''' and effectively filters out notes from
 a small list of allowed sort options. Unfortunately this removes the
 ability for arbitrary sorting.
 I see three options, but I'm not a WP boffin, so don't know all the ins
 and outs of the suggestions:[[BR]]
 1) restore the use of notes for orderby in get_bookmarks, maybe with some
 smarts to improve the security. This could be as simple as adding notes to
 the list of allowed fields when processing the orderby argument in
 get_bookmarks[[BR]]
 2) add new (numeric) sorting attribute to links and add some new
 functionality to get_bookmarks to allow sorting by this new attribute.
 (requires update of database version)[[BR]]
 3) expand the number of levels in link_rating (drop down list would no
 longer be practical).[[BR]]

 There are no real workarounds apart from using link_id, which makes
 arbitrary sorting tedious to the extreme, and is just as bad a double-use
 of a field as using link_notes.[[BR]]
 Doug, a quick and dirty fix (unofficial stab at option 1) is suggested by
 me at http://wordpress.org/support/topic/wp-32-wp_list_bookmarks-
 orderbyid-not-working , but I haven't fully considered the security issue
 that you mentioned.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/18068#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list