Theposts_request
过滤通过WP_Query
我们对此感兴趣:
if ( !$q[\'suppress_filters\'] ) {
/**
* Filter the completed SQL query before sending.
*
* @since 2.0.0
*
* @param array $request The complete SQL query.
* @param WP_Query &$this The WP_Query instance (passed by reference).
*/
$this->request = apply_filters_ref_array( \'posts_request\',
array( $this->request, &$this ) );
}
if ( \'ids\' == $q[\'fields\'] ) {
$this->posts = $wpdb->get_col( $this->request );
$this->posts = array_map( \'intval\', $this->posts );
$this->post_count = count( $this->posts );
$this->set_found_posts( $q, $limits );
return $this->posts;
}
我们可以通过
posts_request
滤器下面是一个示例:
add_filter( \'posts_request\', function( $request, \\WP_Query $q )
{
// Target main home query
if ( $q->is_home() && $q->is_main_query() )
{
// Our early exit
$q->set( \'fields\', \'ids\' );
// No request
$request = \'\';
}
return $request;
}, PHP_INT_MAX, 2 );
我们强迫
\'fields\' => \'ids\'
提前退出。
Theposts_pre_query
过滤器(WP 4.6+)
我们也可以使用新的
posts_pre_query
src过滤器+add_filter( \'posts_pre_query\', function( $posts, \\WP_Query $q )
{
if( $q->is_home() && $q->is_main_query() )
{
$posts = [];
$q->found_posts = 0;
}
return $posts;
}, 10, 2 );
此过滤器可以跳过通常的数据库查询来实现自定义POST注入。我刚刚测试了这个,注意到这不会阻止粘贴帖子,与posts_request
方法
检查车票#36687 有关更多信息和example there 作者@BoonebGrages。