[wp-trac] [WordPress Trac] #18052: 'category__and' does not filter invalid input by itself

WordPress Trac wp-trac at lists.automattic.com
Sun Jul 10 01:50:55 UTC 2011


#18052: 'category__and' does not filter invalid input by itself
--------------------------+--------------------
 Reporter:  drale2k       |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  3.2.1
Component:  Query         |     Version:  3.2
 Severity:  normal        |  Resolution:
 Keywords:  needs-patch   |
--------------------------+--------------------
Changes (by dd32):

 * milestone:  Awaiting Review => 3.2.1


Old description:

> '''Since WP 3.2'''
> 'category__and' does not filter invalid input when array given while
> using variables which may be valid integers or just anything depending on
> user input. E.g. a dropdown with categories to filter results. (what if
> no category or 'all' was selected?)
>
> consequence: loop breaks, no results returned
>
> '''example code'''
>
> I`m pretty sure this worked prior to WP 3.2
>
> {{{
> $media_type = ( isset($_GET['media_type'])) ?
> get_category_by_slug($_GET['media_type']) : '';
> $country = ( isset($_GET['country'])) ?
> get_category_by_slug($_GET['country']) : '';
>
> $args = array(
>       'category__and' => array($media_type->term_id,$country->term_id),
>         'category__in' => array(8),
>         'paged' => $paged,
>         'monthnum' => $release_month,
>         'year'=> $release_year
> );
>
> query_posts($args);
> }}}
>
> If get_category_by_slug() cannot return an ID, it will return FALSE. So
> $media_type and $country are set to FALSE.
>
> This will break the loop and return no result.
>
> '''Fix'''
>

> {{{
> $media_type = ( isset($_GET['media_type'])) ?
> get_category_by_slug($_GET['media_type']) : '';
> $country = ( isset($_GET['country'])) ?
> get_category_by_slug($_GET['country']) : '';
>
> $paged = (get_query_var('paged')) ? get_query_var('paged') : 1;
>
> $filter = array(
>         $media_type->term_id,
>         $country->term_id
> );
>
> // remove false, null and empty values (category__and needs clean values)
> $filter = array_filter($filter);
>
> $args = array(
>         'category__and' => $filter,
>         'category__in' => array(8),
>         'paged' => $paged,
>         'monthnum' => $release_months,
>         'year'=> $release_years
> );
>
> query_posts($args);
> }}}
>

> If you run the values through array_filter() first, which will remove
> false, empty '' or 0 values, it will work.
>
> '''My Opinion'''
>
> I think 'category__and' should take care of filtering the values instead
> of the developer having to wrap his head about this.
>
> This has cost me 1,5 days headache because the change is nowhere
> documentated :(

New description:

 '''Since WP 3.2'''
 `'category__and'` does not filter invalid input when array given while
 using variables which may be valid integers or just anything depending on
 user input. E.g. a dropdown with categories to filter results. (what if no
 category or 'all' was selected?)

 consequence: loop breaks, no results returned

 '''example code'''

 I`m pretty sure this worked prior to WP 3.2

 {{{
 $media_type = ( isset($_GET['media_type'])) ?
 get_category_by_slug($_GET['media_type']) : '';
 $country = ( isset($_GET['country'])) ?
 get_category_by_slug($_GET['country']) : '';

 $args = array(
       'category__and' => array($media_type->term_id,$country->term_id),
         'category__in' => array(8),
         'paged' => $paged,
         'monthnum' => $release_month,
         'year'=> $release_year
 );

 query_posts($args);
 }}}

 If get_category_by_slug() cannot return an ID, it will return FALSE. So
 $media_type and $country are set to FALSE.

 This will break the loop and return no result.

 '''Fix'''


 {{{
 $media_type = ( isset($_GET['media_type'])) ?
 get_category_by_slug($_GET['media_type']) : '';
 $country = ( isset($_GET['country'])) ?
 get_category_by_slug($_GET['country']) : '';

 $paged = (get_query_var('paged')) ? get_query_var('paged') : 1;

 $filter = array(
         $media_type->term_id,
         $country->term_id
 );

 // remove false, null and empty values (category__and needs clean values)
 $filter = array_filter($filter);

 $args = array(
         'category__and' => $filter,
         'category__in' => array(8),
         'paged' => $paged,
         'monthnum' => $release_months,
         'year'=> $release_years
 );

 query_posts($args);
 }}}


 If you run the values through array_filter() first, which will remove
 false, empty '' or 0 values, it will work.

 '''My Opinion'''

 I think `'category__and'` should take care of filtering the values instead
 of the developer having to wrap his head about this.

 This has cost me 1,5 days headache because the change is nowhere
 documentated :(

--

Comment:

 Just moving this to 3.2.1 for review, WP_Tax_Query was introduced in 3.1,
 so checking to see if this is a 3.0 or a 3.1 regression would be helpful.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/18052#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list