enmi-conf.org: comparison wp/wp-includes/class-wp-date-query.php

equal deleted inserted replaced

-:7b1b88e27a20
+:48c4eec2b7e6
 *
 * @link https://developer.wordpress.org/reference/classes/wp_query/
 *
 * @since 3.7.0
 */
+#[AllowDynamicProperties]
 class WP_Date_Query {
 	/**
 	 * Array of date queries.
 	 *
 	 * See WP_Date_Query::__construct() for information on date query arguments.
 	public function __construct( $date_query, $default_column = 'post_date' ) {
 		if ( empty( $date_query ) || ! is_array( $date_query ) ) {
 			return;
 		}
-		if ( isset( $date_query['relation'] ) && 'OR' === strtoupper( $date_query['relation'] ) ) {
+		if ( isset( $date_query['relation'] ) ) {
-			$this->relation = 'OR';
+			$this->relation = $this->sanitize_relation( $date_query['relation'] );
 		} else {
 			$this->relation = 'AND';
 		}
 		// Support for passing time-based keys in the top level of the $date_query array.
 		// Validate the dates passed in the query.
 		if ( $this->is_first_order_clause( $queries ) ) {
 			$this->validate_date_values( $queries );
 		}
+		// Sanitize the relation parameter.
+		$queries['relation'] = $this->sanitize_relation( $queries['relation'] );
 		foreach ( $queries as $key => $q ) {
 			if ( ! is_array( $q ) || in_array( $key, $this->time_keys, true ) ) {
 				// This is a first-order query. Trust the values and sanitize when building SQL.
 				$cleaned_query[ $key ] = $q;
 		return $cleaned_query;
 	}
 	/**
-	 * Determine whether this is a first-order clause.
+	 * Determines whether this is a first-order clause.
 	 *
 	 * Checks to see if the current clause has any time-related keys.
 	 * If so, it's first-order.
 	 *
 	 * @since 4.1.0
 	 * This method only generates debug notices for these cases.
 	 *
 	 * @since 4.1.0
 	 *
 	 * @param array $date_query The date_query array.
-	 * @return bool  True if all values in the query are valid, false if one or more fail.
+	 * @return bool True if all values in the query are valid, false if one or more fail.
 	 */
 	public function validate_date_values( $date_query = array() ) {
 		if ( empty( $date_query ) ) {
 			return false;
 		}
 	 * prepended. Prefixed column names (such as 'wp_posts.post_date') bypass this allowed
 	 * check, and are only sanitized to remove illegal characters.
 	 *
 	 * @since 3.7.0
 	 *
+	 * @global wpdb $wpdb WordPress database abstraction object.
+	 *
 	 * @param string $column The user-supplied column name.
 	 * @return string A validated column name value.
 	 */
 	public function validate_column( $column ) {
 		global $wpdb;
 			'registered',
 			'last_updated',
 		);
 		// Attempt to detect a table prefix.
-		if ( false === strpos( $column, '.' ) ) {
+		if ( ! str_contains( $column, '.' ) ) {
 			/**
 			 * Filters the list of valid date query columns.
 			 *
 			 * @since 3.7.0
 			 * @since 4.1.0 Added 'user_registered' to the default recognized columns.
 		// Remove unsafe characters.
 		return preg_replace( '/[^a-zA-Z0-9_$\.]/', '', $column );
 	}
 	/**
-	 * Generate WHERE clause to be appended to a main query.
+	 * Generates WHERE clause to be appended to a main query.
 	 *
 	 * @since 3.7.0
 	 *
 	 * @return string MySQL WHERE clause.
 	 */
 		 */
 		return apply_filters( 'get_date_sql', $where, $this );
 	}
 	/**
-	 * Generate SQL clauses to be appended to a main query.
+	 * Generates SQL clauses to be appended to a main query.
 	 *
 	 * Called by the public WP_Date_Query::get_sql(), this method is abstracted
 	 * out to maintain parity with the other Query classes.
 	 *
 	 * @since 4.1.0
 		return $sql;
 	}
 	/**
-	 * Generate SQL clauses for a single query array.
+	 * Generates SQL clauses for a single query array.
 	 *
 	 * If nested subqueries are found, this method recurses the tree to
 	 * produce the properly nested SQL.
 	 *
 	 * @since 4.1.0
 	 * compatibility while retaining the naming convention across Query classes.
 	 *
 	 * @since 3.7.0
 	 *
 	 * @param array $query Date query arguments.
-	 * @return string[] {
+	 * @return array {
 	 *     Array containing JOIN and WHERE SQL clauses to append to the main query.
 	 *
-	 *     @type string $join  SQL fragment to append to the main JOIN clause.
+	 *     @type string[] $join  Array of SQL fragments to append to the main JOIN clause.
-	 *     @type string $where SQL fragment to append to the main WHERE clause.
+	 *     @type string[] $where Array of SQL fragments to append to the main WHERE clause.
 	 * }
 	 */
 	protected function get_sql_for_subquery( $query ) {
 		return $this->get_sql_for_clause( $query, '' );
 	}
 	/**
 	 * Turns a first-order date query into SQL for a WHERE clause.
 	 *
 	 * @since 4.1.0
 	 *
+	 * @global wpdb $wpdb WordPress database abstraction object.
+	 *
 	 * @param array $query        Date query clause.
 	 * @param array $parent_query Parent query of the current date query.
-	 * @return string[] {
+	 * @return array {
 	 *     Array containing JOIN and WHERE SQL clauses to append to the main query.
 	 *
-	 *     @type string $join  SQL fragment to append to the main JOIN clause.
+	 *     @type string[] $join  Array of SQL fragments to append to the main JOIN clause.
-	 *     @type string $where SQL fragment to append to the main WHERE clause.
+	 *     @type string[] $where Array of SQL fragments to append to the main WHERE clause.
 	 * }
 	 */
 	protected function get_sql_for_clause( $query, $parent_query ) {
 		global $wpdb;
 	 * either the maximum or minimum values (controlled by the $default_to parameter). Alternatively you can
 	 * pass a string that will be passed to date_create().
 	 *
 	 * @since 3.7.0
 	 *
-	 * @param string|array $datetime       An array of parameters or a strotime() string
+	 * @param string|array $datetime       An array of parameters or a strtotime() string.
 	 * @param bool         $default_to_max Whether to round up incomplete dates. Supported by values
 	 *                                     of $datetime that are arrays, or string values that are a
 	 *                                     subset of MySQL date format ('Y', 'Y-m', 'Y-m-d', 'Y-m-d H:i').
 	 *                                     Default: false.
-	 * @return string|false A MySQL format date/time or false on failure
+	 * @return string|false A MySQL format date/time or false on failure.
 	 */
 	public function build_mysql_datetime( $datetime, $default_to_max = false ) {
 		if ( ! is_array( $datetime ) ) {
 			/*
 	 * However if multiple values are passed, a pseudo-decimal time will be created
 	 * in order to be able to accurately compare against.
 	 *
 	 * @since 3.7.0
 	 *
+	 * @global wpdb $wpdb WordPress database abstraction object.
+	 *
 	 * @param string   $column  The column to query against. Needs to be pre-validated!
 	 * @param string   $compare The comparison operator. Needs to be pre-validated!
 	 * @param int|null $hour    Optional. An hour value (0-23).
 	 * @param int|null $minute  Optional. A minute value (0-59).
 	 * @param int|null $second  Optional. A second value (0-59).
 			$time   .= sprintf( '%02d', $second );
 		}
 		return $wpdb->prepare( "DATE_FORMAT( $column, %s ) $compare %f", $format, $time );
 	}
+	/**
+	 * Sanitizes a 'relation' operator.
+	 *
+	 * @since 6.0.3
+	 *
+	 * @param string $relation Raw relation key from the query argument.
+	 * @return string Sanitized relation. Either 'AND' or 'OR'.
+	 */
+	public function sanitize_relation( $relation ) {
+		if ( 'OR' === strtoupper( $relation ) ) {
+			return 'OR';
+		} else {
+			return 'AND';
+		}
+	}
 }

changeset 21	48c4eec2b7e6
parent 19	3d72ae0968f4
child 22	8c2e4d02f4ef