[wp-trac] [WordPress Trac] #18052: 'category__and' does not filter invalid input by itself

WordPress Trac wp-trac at lists.automattic.com
Sat Jul 9 15:22:18 UTC 2011 

#18052: 'category__and' does not filter invalid input by itself
--------------------------+-----------------------------
 Reporter:  drale2k       |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Query         |    Version:  3.2
 Severity:  normal        |   Keywords:  needs-patch
--------------------------+-----------------------------
 '''Since WP 3.2'''
 'category__and' does not filter invalid input when array given while using
 variables which may be valid integers or just anything depending on user
 input. E.g. a dropdown with categories to filter results. (what if no
 category or 'all' was selected?)

 consequence: loop breaks, no results returned

 '''example code'''

 I`m pretty sure this worked prior to WP 3.2

 {{{
 $media_type = ( isset($_GET['media_type'])) ?
 get_category_by_slug($_GET['media_type']) : '';
 $country = ( isset($_GET['country'])) ?
 get_category_by_slug($_GET['country']) : '';

 $args = array(
       'category__and' => array($media_type->term_id,$country->term_id),
         'category__in' => array(8),
         'paged' => $paged,
         'monthnum' => $release_month,
         'year'=> $release_year
 );

 query_posts($args);
 }}}

 If get_category_by_slug() cannot return an ID, it will return FALSE. So
 $media_type and $country are set to FALSE.

 This will break the loop and return no result.

 '''Fix'''


 {{{
 $media_type = ( isset($_GET['media_type'])) ?
 get_category_by_slug($_GET['media_type']) : '';
 $country = ( isset($_GET['country'])) ?
 get_category_by_slug($_GET['country']) : '';

 $paged = (get_query_var('paged')) ? get_query_var('paged') : 1;

 $filter = array(
         $media_type->term_id,
         $country->term_id
 );

 // remove false, null and empty values (category__and needs clean values)
 $filter = array_filter($filter);

 $args = array(
         'category__and' => $filter,
         'category__in' => array(8),
         'paged' => $paged,
         'monthnum' => $release_months,
         'year'=> $release_years
 );

 query_posts($args);
 }}}


 If you run the values through array_filter() first, which will remove
 false, empty '' or 0 values, it will work.

 '''My Opinion'''

 I think 'category__and' should take care of filtering the values instead
 of the developer having to wrap his head about this.

 This has cost me 1,5 days headache because the change is nowhere
 documentated :(

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/18052>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list