438 | | if ( !empty( $filter_array['user_id'] ) ) { |
439 | | $user_filter = explode( ',', $filter_array['user_id'] ); |
440 | | $user_sql = ' ( a.user_id IN ( ' . $filter_array['user_id'] . ' ) )'; |
441 | | $filter_sql[] = $user_sql; |
| 438 | // split items at the comma |
| 439 | $items_dirty = explode( ',', $items ); |
| 440 | |
| 441 | // array of prepared integers or quoted strings |
| 442 | $items_prepared = array(); |
| 443 | |
| 444 | // clean up and format each item |
| 445 | foreach ( $items_dirty as $item ) { |
| 446 | // clean up the string |
| 447 | $item = trim( $item ); |
| 448 | // pass everything through prepare for security and to safely quote strings |
| 449 | $items_prepared[] = ( is_numeric( $item ) ) ? $wpdb->prepare( '%d', $item ) : $wpdb->prepare( '%s', $item ); |
463 | | $action_filter = explode( ',', $filter_array['action'] ); |
464 | | $action_sql = ' ( '; |
465 | | |
466 | | $counter = 1; |
467 | | foreach( (array) $action_filter as $action ) { |
468 | | $action_sql .= $wpdb->prepare( "a.type = %s", trim( $action ) ); |
469 | | |
470 | | if ( $counter != count( $action_filter ) ) |
471 | | $action_sql .= ' || '; |
472 | | |
473 | | $counter++; |
474 | | } |
475 | | |
476 | | $action_sql .= ' )'; |
477 | | $filter_sql[] = $action_sql; |
| 475 | $action_sql = BP_Activity_Activity::get_in_operator_sql( 'a.type', $filter_array['action'] ); |
| 476 | if ( !empty( $action_sql ) ) |
| 477 | $filter_sql[] = $action_sql; |
481 | | $pid_filter = explode( ',', $filter_array['primary_id'] ); |
482 | | $pid_sql = ' ( '; |
483 | | |
484 | | $counter = 1; |
485 | | foreach( (array) $pid_filter as $pid ) { |
486 | | $pid_sql .= $wpdb->prepare( "a.item_id = %s", trim( $pid ) ); |
487 | | |
488 | | if ( $counter != count( $pid_filter ) ) |
489 | | $pid_sql .= ' || '; |
490 | | |
491 | | $counter++; |
492 | | } |
493 | | |
494 | | $pid_sql .= ' )'; |
495 | | $filter_sql[] = $pid_sql; |
| 481 | $pid_sql = BP_Activity_Activity::get_in_operator_sql( 'a.item_id', $filter_array['primary_id'] ); |
| 482 | if ( !empty( $pid_sql ) ) |
| 483 | $filter_sql[] = $pid_sql; |
499 | | $sid_filter = explode( ',', $filter_array['secondary_id'] ); |
500 | | $sid_sql = ' ( '; |
501 | | |
502 | | $counter = 1; |
503 | | foreach( (array) $sid_filter as $sid ) { |
504 | | $sid_sql .= $wpdb->prepare( "a.secondary_item_id = %s", trim( $sid ) ); |
505 | | |
506 | | if ( $counter != count( $sid_filter ) ) |
507 | | $sid_sql .= ' || '; |
508 | | |
509 | | $counter++; |
510 | | } |
511 | | |
512 | | $sid_sql .= ' )'; |
513 | | $filter_sql[] = $sid_sql; |
| 487 | $sid_sql = BP_Activity_Activity::get_in_operator_sql( 'a.secondary_item_id', $filter_array['secondary_id'] ); |
| 488 | if ( !empty( $sid_sql ) ) |
| 489 | $filter_sql[] = $sid_sql; |