Skip to content

Commit c09ccfb

Browse files
committed
Query: Improve sanitization within WP_Meta_Query.
Merges [52455] to the 5.8 branch. Props vortfu, xknown, dd32. git-svn-id: https://develop.svn.wordpress.org/branches/5.8@52461 602fd350-edb4-49c9-b593-d223f7449a82
1 parent 17efac8 commit c09ccfb

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

Diff for: src/wp-includes/class-wp-meta-query.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -812,7 +812,7 @@ protected function find_compatible_table_alias( $clause, $parent_query ) {
812812
$clause_compare = strtoupper( $clause['compare'] );
813813
$sibling_compare = strtoupper( $sibling['compare'] );
814814
if ( in_array( $clause_compare, $compatible_compares, true ) && in_array( $sibling_compare, $compatible_compares, true ) ) {
815-
$alias = $sibling['alias'];
815+
$alias = preg_replace( '/\W/', '_', $sibling['alias'] );
816816
break;
817817
}
818818
}

Diff for: src/wp-includes/class-wp-tax-query.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -527,7 +527,7 @@ protected function find_compatible_table_alias( $clause, $parent_query ) {
527527

528528
// The sibling must both have compatible operator to share its alias.
529529
if ( in_array( strtoupper( $sibling['operator'] ), $compatible_operators, true ) ) {
530-
$alias = $sibling['alias'];
530+
$alias = preg_replace( '/\W/', '_', $sibling['alias'] );
531531
break;
532532
}
533533
}

0 commit comments

Comments
 (0)