Parse and sanitize ‘orderby’ keys passed to the comment query.
Parameters
$orderby
stringrequired- Alias for the field to order by.
Source
protected function parse_orderby( $orderby ) {
global $wpdb;
$allowed_keys = array(
'comment_agent',
'comment_approved',
'comment_author',
'comment_author_email',
'comment_author_IP',
'comment_author_url',
'comment_content',
'comment_date',
'comment_date_gmt',
'comment_ID',
'comment_karma',
'comment_parent',
'comment_post_ID',
'comment_type',
'user_id',
);
if ( ! empty( $this->query_vars['meta_key'] ) ) {
$allowed_keys[] = $this->query_vars['meta_key'];
$allowed_keys[] = 'meta_value';
$allowed_keys[] = 'meta_value_num';
}
$meta_query_clauses = $this->meta_query->get_clauses();
if ( $meta_query_clauses ) {
$allowed_keys = array_merge( $allowed_keys, array_keys( $meta_query_clauses ) );
}
$parsed = false;
if ( $this->query_vars['meta_key'] === $orderby || 'meta_value' === $orderby ) {
$parsed = "$wpdb->commentmeta.meta_value";
} elseif ( 'meta_value_num' === $orderby ) {
$parsed = "$wpdb->commentmeta.meta_value+0";
} elseif ( 'comment__in' === $orderby ) {
$comment__in = implode( ',', array_map( 'absint', $this->query_vars['comment__in'] ) );
$parsed = "FIELD( {$wpdb->comments}.comment_ID, $comment__in )";
} elseif ( in_array( $orderby, $allowed_keys, true ) ) {
if ( isset( $meta_query_clauses[ $orderby ] ) ) {
$meta_clause = $meta_query_clauses[ $orderby ];
$parsed = sprintf( 'CAST(%s.meta_value AS %s)', esc_sql( $meta_clause['alias'] ), esc_sql( $meta_clause['cast'] ) );
} else {
$parsed = "$wpdb->comments.$orderby";
}
}
return $parsed;
}
Changelog
Version | Description |
---|---|
4.2.0 | Introduced. |
User Contributed Notes
You must log in before being able to contribute a note or feedback.