这个答案可能会帮助那些真正想定制过滤器的人。通过PhpStorm和断点,我可以了解meta_query 在获取帖子之前构造。流中没有让开发人员完成这一任务的挂钩点;我使用了SQL注入技巧来实现过滤器。
// Do advanced SQL editing for filtering the days of the week
add_filter( \'posts_where_request\', array( &$this, \'processSQLDelMarkers\' ), 99, 2 );
/**
* Manipulate the pre-flight SQL query to filter on the day of the week.
* Remove any ##DEL## marker as well as the next character after it
* @param $where
* @return mixed
*/
public function processSQLDelMarkers($where, \\WP_Query &$query)
{
// Special gate
if (stripos($where, \'##DEL##\') === false) {
return $where;
}
// ... security checks omitted for brevity ...
/**
* Sample where clause before adjustment:
* ... AND ihs_postmeta.meta_value != \'##DEL##\\\' AND WEEKDAY(FROM_UNIXTIME(ihs_postmeta.meta_value)) = 4##DEL##\' ) ...
* becomes
* ... AND ihs_postmeta.meta_value != \'\' AND WEEKDAY(FROM_UNIXTIME(ihs_postmeta.meta_value)) = 4 ) ...
*/
return preg_replace( \'(##DEL##.?)\', \'\', $where );
}
然后使用精心构造的元
value 和假人
compare 这样(参见原始问题中的代码)我就可以实现SQL注入:
$qv[\'meta_query\'][] = array(
\'key\' => \'##DEL##\\\' AND WEEKDAY(FROM_UNIXTIME(ihs_postmeta.meta_value)) = 4##DEL##\',
\'value\' => $day,
\'compare\' => \'!=\'
);
Note: 通过正确的安全检查,应该不可能注入不需要的SQL字符串。
