X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/9c40b4d36daed9e28e48a5fe9205c32557195a4b..1c09677af04c9e37714e09b73eb9dbc5b2e3eb13:/wp-includes/query.php

diff --git a/wp-includes/query.php b/wp-includes/query.php
index 663133ff..88440cba 100644
--- a/wp-includes/query.php
+++ b/wp-includes/query.php
@@ -86,22 +86,6 @@ function wp_reset_query() {
  * Query type checks.
  */
 
-/**
- * Whether the current request is in WordPress admin Panel
- *
- * Does not inform on whether the user is an admin! Use capability checks to
- * tell if the user should be accessing a section or not.
- *
- * @since 1.5.1
- *
- * @return bool True if inside WordPress administration pages.
- */
-function is_admin () {
-	if ( defined('WP_ADMIN') )
-		return WP_ADMIN;
-	return false;
-}
-
 /**
  * Is query requesting an archive page.
  *
@@ -254,14 +238,7 @@ function is_tax( $slug = '' ) {
 	if ( empty($slug) )
 		return true;
 
-	$term = $wp_query->get_queried_object();
-
-	$slug = (array) $slug;
-
-	if ( in_array( $term->slug, $slug ) )
-		return true;
-
-	return false;
+	return in_array( get_query_var('taxonomy'), (array) $slug );
 }
 
 /**
@@ -1234,6 +1211,7 @@ class WP_Query {
 		$qv['day'] = absint($qv['day']);
 		$qv['w'] = absint($qv['w']);
 		$qv['m'] = absint($qv['m']);
+		$qv['paged'] = absint($qv['paged']);
 		$qv['cat'] = preg_replace( '|[^0-9,-]|', '', $qv['cat'] ); // comma separated list of positive or negative integers
 		$qv['pagename'] = trim( $qv['pagename'] );
 		$qv['name'] = trim( $qv['name'] );
@@ -1430,7 +1408,7 @@ class WP_Query {
 		if ( '' != $qv['tb'] )
 			$this->is_trackback = true;
 
-		if ( '' != $qv['paged'] )
+		if ( '' != $qv['paged'] && ( intval($qv['paged']) > 1 ) )
 			$this->is_paged = true;
 
 		if ( '' != $qv['comments_popup'] )
@@ -1485,8 +1463,12 @@ class WP_Query {
 			}
 		}
 
-		if ( !empty($qv['post_type']) )
-			$qv['post_type'] = sanitize_user($qv['post_type'], true);
+		if ( !empty($qv['post_type']) )	{
+			if(is_array($qv['post_type']))
+				$qv['post_type'] = array_map('sanitize_user', $qv['post_type'], array(true));
+			else
+				$qv['post_type'] = sanitize_user($qv['post_type'], true);
+		}
 
 		if ( !empty($qv['post_status']) )
 			$qv['post_status'] = preg_replace('|[^a-z0-9_,-]|', '', $qv['post_status']);
@@ -1595,7 +1577,7 @@ class WP_Query {
 			if ( $this->is_search )
 				$q['post_type'] = 'any';
 			else
-				$q['post_type'] = 'post';
+				$q['post_type'] = '';
 		}
 		$post_type = $q['post_type'];
 		if ( !isset($q['posts_per_page']) || $q['posts_per_page'] == 0 )
@@ -1746,7 +1728,7 @@ class WP_Query {
 				$q['search_terms'] = array($q['s']);
 			} else {
 				preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $q['s'], $matches);
-				$q['search_terms'] = array_map(create_function('$a', 'return trim($a, "\\"\'\\n\\r ");'), $matches[0]);
+				$q['search_terms'] = array_map('_search_terms_tidy', $matches[0]);
 			}
 			$n = !empty($q['exact']) ? '' : '%';
 			$searchand = '';
@@ -1755,7 +1737,7 @@ class WP_Query {
 				$search .= "{$searchand}(($wpdb->posts.post_title LIKE '{$n}{$term}{$n}') OR ($wpdb->posts.post_content LIKE '{$n}{$term}{$n}'))";
 				$searchand = ' AND ';
 			}
-			$term = $wpdb->escape($q['s']);
+			$term = esc_sql($q['s']);
 			if (empty($q['sentence']) && count($q['search_terms']) > 1 && $q['search_terms'][0] != $q['s'] )
 				$search .= " OR ($wpdb->posts.post_title LIKE '{$n}{$term}{$n}') OR ($wpdb->posts.post_content LIKE '{$n}{$term}{$n}')";
 
@@ -1802,14 +1784,8 @@ class WP_Query {
 		}
 
 		if ( !empty($q['category__not_in']) ) {
-			if ( $wpdb->has_cap( 'subqueries' ) ) {
-				$cat_string = "'" . implode("', '", $q['category__not_in']) . "'";
-				$whichcat .= " AND $wpdb->posts.ID NOT IN ( SELECT tr.object_id FROM $wpdb->term_relationships AS tr INNER JOIN $wpdb->term_taxonomy AS tt ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy = 'category' AND tt.term_id IN ($cat_string) )";
-			} else {
-				$ids = get_objects_in_term($q['category__not_in'], 'category');
-				if ( !is_wp_error($ids) && is_array($ids) && count($ids) > 0 )
-					$whichcat .= " AND $wpdb->posts.ID NOT IN ('" . implode("', '", $ids) . "')";
-			}
+			$cat_string = "'" . implode("', '", $q['category__not_in']) . "'";
+			$whichcat .= " AND $wpdb->posts.ID NOT IN ( SELECT tr.object_id FROM $wpdb->term_relationships AS tr INNER JOIN $wpdb->term_taxonomy AS tt ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy = 'category' AND tt.term_id IN ($cat_string) )";
 		}
 
 		// Category stuff for nice URLs
@@ -1892,14 +1868,8 @@ class WP_Query {
 		}
 
 		if ( !empty($q['tag__not_in']) ) {
-			if ( $wpdb->has_cap( 'subqueries' ) ) {
-				$tag_string = "'" . implode("', '", $q['tag__not_in']) . "'";
-				$whichcat .= " AND $wpdb->posts.ID NOT IN ( SELECT tr.object_id FROM $wpdb->term_relationships AS tr INNER JOIN $wpdb->term_taxonomy AS tt ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy = 'post_tag' AND tt.term_id IN ($tag_string) )";
-			} else {
-				$ids = get_objects_in_term($q['tag__not_in'], 'post_tag');
-				if ( !is_wp_error($ids) && is_array($ids) && count($ids) > 0 )
-					$whichcat .= " AND $wpdb->posts.ID NOT IN ('" . implode("', '", $ids) . "')";
-			}
+			$tag_string = "'" . implode("', '", $q['tag__not_in']) . "'";
+			$whichcat .= " AND $wpdb->posts.ID NOT IN ( SELECT tr.object_id FROM $wpdb->term_relationships AS tr INNER JOIN $wpdb->term_taxonomy AS tt ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy = 'post_tag' AND tt.term_id IN ($tag_string) )";
 		}
 
 		// Tag and slug intersections.
@@ -2028,7 +1998,7 @@ class WP_Query {
 			$q['orderby'] = '';
 		} else {
 			// Used to filter values
-			$allowed_keys = array('author', 'date', 'title', 'modified', 'menu_order', 'parent', 'ID', 'rand');
+			$allowed_keys = array('author', 'date', 'title', 'modified', 'menu_order', 'parent', 'ID', 'rand', 'comment_count');
 			if ( !empty($q['meta_key']) ) {
 				$allowed_keys[] = $q['meta_key'];
 				$allowed_keys[] = 'meta_value';
@@ -2055,6 +2025,9 @@ class WP_Query {
 					case 'meta_value':
 						$orderby = "$wpdb->postmeta.meta_value";
 						break;
+					case 'comment_count':
+						$orderby = "$wpdb->posts.comment_count";
+						break;
 					default:
 						$orderby = "$wpdb->posts.post_" . $orderby;
 				}
@@ -2069,16 +2042,30 @@ class WP_Query {
 				$q['orderby'] = "$wpdb->posts.post_date ".$q['order'];
 		}
 
+		if ( is_array($post_type) )
+			$post_type_cap = 'multiple_post_type';
+		else
+			$post_type_cap = $post_type;
+
+		$exclude_post_types = '';
+		foreach ( get_post_types( array('exclude_from_search' => true) ) as $_wp_post_type )
+			$exclude_post_types .= $wpdb->prepare(" AND $wpdb->posts.post_type != %s", $_wp_post_type);
+
 		if ( 'any' == $post_type ) {
-			$where .= " AND $wpdb->posts.post_type != 'revision'";
+			$where .= $exclude_post_types;
+		} elseif ( !empty( $post_type ) && is_array( $post_type ) ) {
+			$where .= " AND $wpdb->posts.post_type IN ('" . join("', '", $post_type) . "')"; 
+		} elseif ( ! empty( $post_type ) ) {
+			$where .= " AND $wpdb->posts.post_type = '$post_type'";
 		} elseif ( $this->is_attachment ) {
 			$where .= " AND $wpdb->posts.post_type = 'attachment'";
+			$post_type_cap = 'post';
 		} elseif ($this->is_page) {
 			$where .= " AND $wpdb->posts.post_type = 'page'";
-		} elseif ($this->is_single) {
-			$where .= " AND $wpdb->posts.post_type = 'post'";
+			$post_type_cap = 'page';
 		} else {
-			$where .= " AND $wpdb->posts.post_type = '$post_type'";
+			$where .= " AND $wpdb->posts.post_type = 'post'";
+			$post_type_cap = 'post';
 		}
 
 		if ( isset($q['post_status']) && '' != $q['post_status'] ) {
@@ -2086,18 +2073,25 @@ class WP_Query {
 			$q_status = explode(',', $q['post_status']);
 			$r_status = array();
 			$p_status = array();
-			if ( in_array( 'draft'  , $q_status ) )
-				$r_status[] = "$wpdb->posts.post_status = 'draft'";
-			if ( in_array( 'pending', $q_status ) )
-				$r_status[] = "$wpdb->posts.post_status = 'pending'";
-			if ( in_array( 'future' , $q_status ) )
-				$r_status[] = "$wpdb->posts.post_status = 'future'";
-			if ( in_array( 'inherit' , $q_status ) )
-				$r_status[] = "$wpdb->posts.post_status = 'inherit'";
-			if ( in_array( 'private', $q_status ) )
-				$p_status[] = "$wpdb->posts.post_status = 'private'";
-			if ( in_array( 'publish', $q_status ) )
-				$r_status[] = "$wpdb->posts.post_status = 'publish'";
+			if ( $q['post_status'] == 'any' ) {
+				// @todo Use register_post_status() data to determine which states should be excluded.
+				$r_status[] = "$wpdb->posts.post_status <> 'trash'";
+			} else {
+				if ( in_array( 'draft'  , $q_status ) )
+					$r_status[] = "$wpdb->posts.post_status = 'draft'";
+				if ( in_array( 'pending', $q_status ) )
+					$r_status[] = "$wpdb->posts.post_status = 'pending'";
+				if ( in_array( 'future' , $q_status ) )
+					$r_status[] = "$wpdb->posts.post_status = 'future'";
+				if ( in_array( 'inherit' , $q_status ) )
+					$r_status[] = "$wpdb->posts.post_status = 'inherit'";
+				if ( in_array( 'private', $q_status ) )
+					$p_status[] = "$wpdb->posts.post_status = 'private'";
+				if ( in_array( 'publish', $q_status ) )
+					$r_status[] = "$wpdb->posts.post_status = 'publish'";
+				if ( in_array( 'trash', $q_status ) )
+					$r_status[] = "$wpdb->posts.post_status = 'trash'";
+			}
 
 			if ( empty($q['perm'] ) || 'readable' != $q['perm'] ) {
 				$r_status = array_merge($r_status, $p_status);
@@ -2105,13 +2099,13 @@ class WP_Query {
 			}
 
 			if ( !empty($r_status) ) {
-				if ( !empty($q['perm'] ) && 'editable' == $q['perm'] && !current_user_can("edit_others_{$post_type}s") )
+				if ( !empty($q['perm'] ) && 'editable' == $q['perm'] && !current_user_can("edit_others_{$post_type_cap}s") )
 					$statuswheres[] = "($wpdb->posts.post_author = $user_ID " .  "AND (" . join( ' OR ', $r_status ) . "))";
 				else
 					$statuswheres[] = "(" . join( ' OR ', $r_status ) . ")";
 			}
 			if ( !empty($p_status) ) {
-				if ( !empty($q['perm'] ) && 'readable' == $q['perm'] && !current_user_can("read_private_{$post_type}s") )
+				if ( !empty($q['perm'] ) && 'readable' == $q['perm'] && !current_user_can("read_private_{$post_type_cap}s") )
 					$statuswheres[] = "($wpdb->posts.post_author = $user_ID " .  "AND (" . join( ' OR ', $p_status ) . "))";
 				else
 					$statuswheres[] = "(" . join( ' OR ', $p_status ) . ")";
@@ -2130,7 +2124,7 @@ class WP_Query {
 				$where .= " OR $wpdb->posts.post_status = 'future' OR $wpdb->posts.post_status = 'draft' OR $wpdb->posts.post_status = 'pending'";
 
 			if ( is_user_logged_in() ) {
-				$where .= current_user_can( "read_private_{$post_type}s" ) ? " OR $wpdb->posts.post_status = 'private'" : " OR $wpdb->posts.post_author = $user_ID AND $wpdb->posts.post_status = 'private'";
+				$where .= current_user_can( "read_private_{$post_type_cap}s" ) ? " OR $wpdb->posts.post_status = 'private'" : " OR $wpdb->posts.post_author = $user_ID AND $wpdb->posts.post_status = 'private'";
 			}
 
 			$where .= ')';
@@ -2288,7 +2282,7 @@ class WP_Query {
 				} else {
 					if  (in_array($status, array('draft', 'pending')) ) {
 						// User must have edit permissions on the draft to preview.
-						if (! current_user_can('edit_post', $this->posts[0]->ID)) {
+						if (! current_user_can("edit_$post_type_cap", $this->posts[0]->ID)) {
 							$this->posts = array();
 						} else {
 							$this->is_preview = true;
@@ -2296,17 +2290,17 @@ class WP_Query {
 						}
 					}  else if ('future' == $status) {
 						$this->is_preview = true;
-						if (!current_user_can('edit_post', $this->posts[0]->ID)) {
+						if (!current_user_can("edit_$post_type_cap", $this->posts[0]->ID)) {
 							$this->posts = array ( );
 						}
 					} else {
-						if (! current_user_can('read_post', $this->posts[0]->ID))
+						if (! current_user_can("read_$post_type_cap", $this->posts[0]->ID))
 							$this->posts = array();
 					}
 				}
 			}
 
-			if ( $this->is_preview && current_user_can( "edit_{$post_type}", $this->posts[0]->ID ) )
+			if ( $this->is_preview && current_user_can( "edit_{$post_type_cap}", $this->posts[0]->ID ) )
 				$this->posts[0] = apply_filters('the_preview', $this->posts[0]);
 		}
 
@@ -2334,7 +2328,17 @@ class WP_Query {
 			// Fetch sticky posts that weren't in the query results
 			if ( !empty($sticky_posts) ) {
 				$stickies__in = implode(',', array_map( 'absint', $sticky_posts ));
-				$stickies = $wpdb->get_results( "SELECT * FROM $wpdb->posts WHERE $wpdb->posts.ID IN ($stickies__in)" );
+				// honor post type(s) if not set to any
+				$stickies_where = '';
+				if ( 'any' != $post_type && '' != $post_type ) {
+					if ( is_array( $post_type ) ) {
+						$post_types = join( "', '", $post_type );
+					} else {
+						$post_types = $post_type;
+					}
+					$stickies_where = "AND $wpdb->posts.post_type IN ('" . $post_types . "')";
+				}
+				$stickies = $wpdb->get_results( "SELECT * FROM $wpdb->posts WHERE $wpdb->posts.ID IN ($stickies__in) $stickies_where" );
 				/** @todo Make sure post is published or viewable by the current user */
 				foreach ( $stickies as $sticky_post ) {
 					if ( 'publish' != $sticky_post->post_status )
@@ -2348,9 +2352,15 @@ class WP_Query {
 		if ( !$q['suppress_filters'] )
 			$this->posts = apply_filters('the_posts', $this->posts);
 
+		$this->post_count = count($this->posts);
+
+		// Sanitize before caching so it'll only get done once
+		for ($i = 0; $i < $this->post_count; $i++) {
+			$this->posts[$i] = sanitize_post($this->posts[$i], 'raw');
+		}
+
 		update_post_caches($this->posts);
 
-		$this->post_count = count($this->posts);
 		if ($this->post_count > 0) {
 			$this->post = $this->posts[0];
 		}
@@ -2693,7 +2703,7 @@ function setup_postdata($post) {
 	}
 
 	do_action_ref_array('the_post', array(&$post));
-	
+
 	return true;
 }