Skip to:
Content

BuddyPress.org

Ticket #4933: bp-core-classes.php.patch

File bp-core-classes.php.patch, 909 bytes (added by dontdream, 13 years ago)

  • bp-core/bp-core-classes.php

     
    317317                // To avoid global joins, do a separate query
    318318                // @todo remove need for bp_is_active() check
    319319                if ( false !== $search_terms && bp_is_active( 'xprofile' ) ) {
    320                         $found_user_ids = $wpdb->get_col( $wpdb->prepare( "SELECT user_id FROM {$bp->profile->table_name_data} WHERE value LIKE %s", '%%' . like_escape( $search_terms ) . '%%' ) );
     320                        $found_user_ids = $wpdb->get_col( $wpdb->prepare( "SELECT user_id FROM {$bp->profile->table_name_data} WHERE value LIKE %s", '%' . like_escape( $wpdb->escape( $search_terms ) ) . '%' ) );
    321321
    322322                        if ( ! empty( $found_user_ids ) ) {
    323323                                $sql['where'][] = "u.{$this->uid_name} IN (" . implode( ',', wp_parse_id_list( $found_user_ids ) ) . ")";