Ticket #4989: 4898.3.patch
| File 4898.3.patch, 12.7 KB (added by , 11 years ago) |
|---|
-
bp-groups/bp-groups-classes.php
221 221 if ( empty( $user_id ) ) 222 222 $user_id = bp_displayed_user_id(); 223 223 224 $filter = like_escape( $wpdb->escape( $filter ));224 $filter = self::like_escape( $filter ); 225 225 226 226 if ( !empty( $limit ) && !empty( $page ) ) 227 227 $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) ); … … 243 243 function search_groups( $filter, $limit = null, $page = null, $sort_by = false, $order = false ) { 244 244 global $wpdb, $bp; 245 245 246 $filter = like_escape( $wpdb->escape( $filter ));246 $filter = self::like_escape( $filter ); 247 247 248 248 if ( !empty( $limit ) && !empty( $page ) ) 249 249 $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) ); 250 250 251 251 if ( !empty( $sort_by ) && !empty( $order ) ) { 252 $sort_by = $wpdb->escape( $sort_by );253 $order = $wpdb->escape( $order);254 $order_sql = "ORDER BY $sort_by $order";252 $sort_by = self::like_escape( $sort_by ); 253 $order = self::like_escape( $order ); 254 $order_sql = $wpdb->prepare( "ORDER BY %s %s", $sort_by, $order ); 255 255 } 256 256 257 257 if ( !bp_current_user_can( 'bp_moderate' ) ) … … 363 363 $sql['hidden'] = " AND g.status != 'hidden'"; 364 364 365 365 if ( !empty( $search_terms ) ) { 366 $search_terms = like_escape( $wpdb->escape( $search_terms ));366 $search_terms = self::like_escape( $search_terms ); 367 367 $sql['search'] = " AND ( g.name LIKE '%%{$search_terms}%%' OR g.description LIKE '%%{$search_terms}%%' )"; 368 368 } 369 369 … … 371 371 $sql['user'] = $wpdb->prepare( " AND m.user_id = %d AND m.is_confirmed = 1 AND m.is_banned = 0", $user_id ); 372 372 373 373 if ( !empty( $include ) ) { 374 if ( is_array( $include ) ) 375 $include = implode( ',', $include ); 376 377 $include = $wpdb->escape( $include ); 374 $include = wp_parse_id_list( $r['include'] ); 375 $include = $wpdb->escape( implode( ',', $include ) ); 378 376 $sql['include'] = " AND g.id IN ({$include})"; 379 377 } 380 378 381 379 if ( !empty( $exclude ) ) { 382 if ( is_array( $exclude ) ) 383 $exclude = implode( ',', $exclude ); 384 385 $exclude = $wpdb->escape( $exclude ); 380 $exclude = wp_parse_id_list( $r['exclude'] ); 381 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 386 382 $sql['exclude'] = " AND g.id NOT IN ({$exclude})"; 387 383 } 388 384 … … 479 475 $hidden_sql = " AND g.status != 'hidden'"; 480 476 481 477 if ( !empty( $search_terms ) ) { 482 $search_terms = like_escape( $wpdb->escape( $search_terms ));478 $search_terms = self::like_escape( $search_terms ); 483 479 $search_sql = " AND ( g.name LIKE '%%{$search_terms}%%' OR g.description LIKE '%%{$search_terms}%%' )"; 484 480 } 485 481 486 482 if ( !empty( $exclude ) ) { 487 $exclude = $wpdb->escape( $exclude ); 483 $exclude = wp_parse_id_list( $exclude ); 484 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 488 485 $exclude_sql = " AND g.id NOT IN ({$exclude})"; 489 486 } 490 487 491 488 if ( !empty( $user_id ) ) { 492 $user_id = $wpdb->escape( $user_id);489 $user_id = absint( $wpdb->escape( $user_id ) ); 493 490 $paged_groups = $wpdb->get_results( "SELECT DISTINCT g.*, gm1.meta_value as total_member_count, gm2.meta_value as last_activity FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_groupmeta} gm3, {$bp->groups->table_name_members} m, {$bbdb->forums} f, {$bp->groups->table_name} g WHERE g.id = m.group_id AND g.id = gm1.group_id AND g.id = gm2.group_id AND g.id = gm3.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND (gm3.meta_key = 'forum_id' AND gm3.meta_value = f.forum_id) AND f.topics > 0 {$hidden_sql} {$search_sql} AND m.user_id = {$user_id} AND m.is_confirmed = 1 AND m.is_banned = 0 {$exclude_sql} ORDER BY f.topics DESC {$pag_sql}" ); 494 491 $total_groups = $wpdb->get_var( "SELECT COUNT(DISTINCT g.id) FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_groupmeta} gm3, {$bbdb->forums} f, {$bp->groups->table_name} g WHERE g.id = gm1.group_id AND g.id = gm2.group_id AND g.id = gm3.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND (gm3.meta_key = 'forum_id' AND gm3.meta_value = f.forum_id) AND f.topics > 0 {$hidden_sql} {$search_sql} AND m.user_id = {$user_id} AND m.is_confirmed = 1 AND m.is_banned = 0 {$exclude_sql}" ); 495 492 } else { … … 520 517 $hidden_sql = " AND g.status != 'hidden'"; 521 518 522 519 if ( !empty( $search_terms ) ) { 523 $search_terms = like_escape( $wpdb->escape( $search_terms ));520 $search_terms = self::like_escape( $search_terms ); 524 521 $search_sql = " AND ( g.name LIKE '%%{$search_terms}%%' OR g.description LIKE '%%{$search_terms}%%' )"; 525 522 } 526 523 527 524 if ( !empty( $exclude ) ) { 528 $exclude = $wpdb->escape( $exclude ); 525 $exclude = wp_parse_id_list( $exclude ); 526 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 529 527 $exclude_sql = " AND g.id NOT IN ({$exclude})"; 530 528 } 531 529 … … 562 560 } 563 561 564 562 if ( !empty( $exclude ) ) { 565 $exclude = $wpdb->escape( $exclude ); 563 $exclude = wp_parse_id_list( $exclude ); 564 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 566 565 $exclude_sql = " AND g.id NOT IN ({$exclude})"; 567 566 } 568 567 569 568 if ( !bp_current_user_can( 'bp_moderate' ) ) 570 569 $hidden_sql = " AND status != 'hidden'"; 571 570 572 $letter = like_escape( $wpdb->escape( $letter ));571 $letter = self::like_escape( $letter ); 573 572 574 573 if ( !empty( $limit ) && !empty( $page ) ) { 575 574 $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) ); … … 601 600 $hidden_sql = "AND g.status != 'hidden'"; 602 601 603 602 if ( !empty( $search_terms ) ) { 604 $search_terms = like_escape( $wpdb->escape( $search_terms ));603 $search_terms = self::like_escape( $search_terms ); 605 604 $search_sql = " AND ( g.name LIKE '%%{$search_terms}%%' OR g.description LIKE '%%{$search_terms}%%' )"; 606 605 } 607 606 608 607 if ( !empty( $exclude ) ) { 609 $exclude = $wpdb->escape( $exclude ); 608 $exclude = wp_parse_id_list( $exclude ); 609 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 610 610 $exclude_sql = " AND g.id NOT IN ({$exclude})"; 611 611 } 612 612 … … 634 634 if ( empty( $group_ids ) ) 635 635 return $paged_groups; 636 636 637 // Sanitize group IDs 638 $group_ids = wp_parse_id_list( $group_ids ); 639 $group_ids = implode( ',', $group_ids ); 640 637 641 // Fetch the logged in users status within each group 638 642 $user_status = $wpdb->get_col( $wpdb->prepare( "SELECT group_id FROM {$bp->groups->table_name_members} WHERE user_id = %d AND group_id IN ( {$group_ids} ) AND is_confirmed = 1 AND is_banned = 0", bp_loggedin_user_id() ) ); 639 643 for ( $i = 0, $count = count( $paged_groups ); $i < $count; ++$i ) { … … 736 740 $sql['where'] = "WHERE gm.meta_key = 'forum_id' {$status_sql} AND t.topic_status = '0' AND t.topic_sticky != '2'"; 737 741 738 742 if ( $search_terms ) { 739 $st = like_escape( $search_terms );743 $st = self::like_escape( $search_terms ); 740 744 $sql['where'] .= " AND ( t.topic_title LIKE '%{$st}%' )"; 741 745 } 742 746 … … 765 769 766 770 return $ids; 767 771 } 772 773 /** 774 * Escape search terms and filters for direct usage in database queries 775 * 776 * @since BuddyPress 1.7.2 777 * @param string $search_terms 778 * @return string 779 */ 780 private static function like_escape( $search_terms = '' ) { 781 return esc_sql( like_escape( stripslashes_deep( trim( $search_terms ) ) ) ); 782 } 768 783 } 769 784 770 785 class BP_Groups_Member { … … 997 1012 $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) ); 998 1013 999 1014 if ( !empty( $filter ) ) { 1000 $filter = like_escape( $wpdb->escape( $filter ));1015 $filter = self::like_escape( $filter ); 1001 1016 $filter_sql = " AND ( g.name LIKE '%%{$filter}%%' OR g.description LIKE '%%{$filter}%%' )"; 1002 1017 } 1003 1018 … … 1019 1034 $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) ); 1020 1035 1021 1036 if ( !empty( $filter ) ) { 1022 $filter = like_escape( $wpdb->escape( $filter ));1037 $filter = self::like_escape( $filter ); 1023 1038 $filter_sql = " AND ( g.name LIKE '%%{$filter}%%' OR g.description LIKE '%%{$filter}%%' )"; 1024 1039 } 1025 1040 … … 1041 1056 $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) ); 1042 1057 1043 1058 if ( !empty( $filter ) ) { 1044 $filter = like_escape( $wpdb->escape( $filter ));1059 $filter = self::like_escape( $filter ); 1045 1060 $filter_sql = " AND ( g.name LIKE '%%{$filter}%%' OR g.description LIKE '%%{$filter}%%' )"; 1046 1061 } 1047 1062 … … 1072 1087 1073 1088 $pag_sql = ( !empty( $limit ) && !empty( $page ) ) ? $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) ) : ''; 1074 1089 1075 $exclude_sql = !empty( $exclude ) ? $wpdb->prepare( " AND g.id NOT IN (%s)", $exclude ) : ''; 1090 if ( !empty( $exclude ) ) { 1091 $exclude = wp_parse_id_list( $exclude ); 1092 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 1093 $exclude_sql = " AND g.id NOT IN ({$exclude})"; 1094 } else { 1095 $exclude_sql = ''; 1096 } 1076 1097 1077 1098 $paged_groups = $wpdb->get_results( $wpdb->prepare( "SELECT g.*, gm1.meta_value as total_member_count, gm2.meta_value as last_activity FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE g.id = m.group_id AND g.id = gm1.group_id AND g.id = gm2.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND m.is_confirmed = 0 AND m.inviter_id != 0 AND m.invite_sent = 1 AND m.user_id = %d {$exclude_sql} ORDER BY m.date_modified ASC {$pag_sql}", $user_id ) ); 1078 1099 $total_groups = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(DISTINCT m.group_id) FROM {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE m.group_id = g.id AND m.is_confirmed = 0 AND m.inviter_id != 0 AND m.invite_sent = 1 AND m.user_id = %d {$exclude_sql} ORDER BY date_modified ASC", $user_id ) ); … … 1175 1196 return $wpdb->query( $wpdb->prepare( "SELECT id FROM {$bp->groups->table_name_members} WHERE user_id = %d AND group_id = %d AND is_confirmed = 0 AND is_banned = 0 AND inviter_id = 0", $user_id, $group_id ) ); 1176 1197 } 1177 1198 1178 function get_random_groups( $user_id , $total_groups = 5 ) {1199 function get_random_groups( $user_id = 0, $total_groups = 5 ) { 1179 1200 global $wpdb, $bp; 1180 1201 1181 1202 // If the user is logged in and viewing their random groups, we can show hidden and private groups 1182 1203 if ( bp_is_my_profile() ) { 1183 return $wpdb->get_col( $wpdb->prepare( "SELECT DISTINCT group_id FROM {$bp->groups->table_name_members} WHERE user_id = %d AND is_confirmed = 1 AND is_banned = 0 ORDER BY rand() LIMIT $total_groups", $user_id) );1204 return $wpdb->get_col( $wpdb->prepare( "SELECT DISTINCT group_id FROM {$bp->groups->table_name_members} WHERE user_id = %d AND is_confirmed = 1 AND is_banned = 0 ORDER BY rand() LIMIT %d", $user_id, $total_groups ) ); 1184 1205 } else { 1185 return $wpdb->get_col( $wpdb->prepare( "SELECT DISTINCT m.group_id FROM {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE m.group_id = g.id AND g.status != 'hidden' AND m.user_id = %d AND m.is_confirmed = 1 AND m.is_banned = 0 ORDER BY rand() LIMIT $total_groups", $user_id) );1206 return $wpdb->get_col( $wpdb->prepare( "SELECT DISTINCT m.group_id FROM {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE m.group_id = g.id AND g.status != 'hidden' AND m.user_id = %d AND m.is_confirmed = 1 AND m.is_banned = 0 ORDER BY rand() LIMIT %d", $user_id, $total_groups ) ); 1186 1207 } 1187 1208 } 1188 1209 … … 1227 1248 1228 1249 $exclude_sql = ''; 1229 1250 if ( !empty( $exclude ) ) { 1230 $exclude = implode( ',', wp_parse_id_list( $exclude ) ); 1251 $exclude = wp_parse_id_list( $exclude ); 1252 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 1231 1253 $exclude_sql = " AND m.user_id NOT IN ({$exclude})"; 1232 1254 } 1233 1255 … … 1297 1319 1298 1320 return $wpdb->query( $wpdb->prepare( "DELETE FROM {$bp->groups->table_name_members} WHERE user_id = %d", $user_id ) ); 1299 1321 } 1322 1323 /** 1324 * Escape search terms and filters for direct usage in database queries 1325 * 1326 * @since BuddyPress 1.7.2 1327 * @param string $search_terms 1328 * @return string 1329 */ 1330 private static function like_escape( $search_terms = '' ) { 1331 return esc_sql( like_escape( stripslashes_deep( trim( $search_terms ) ) ) ); 1332 } 1300 1333 } 1301 1334 1302 1335 /** -
bp-themes/bp-default/_inc/ajax.php
124 124 125 125 // If page and search_terms have been passed via the AJAX post request, use those. 126 126 if ( ! empty( $_POST['page'] ) && '-1' != $_POST['page'] ) 127 $qs[] = 'page=' . $_POST['page'];127 $qs[] = 'page=' . absint( $_POST['page'] ); 128 128 129 129 $object_search_text = bp_get_search_default_text( $object ); 130 130 if ( ! empty( $_POST['search_terms'] ) && $object_search_text != $_POST['search_terms'] && 'false' != $_POST['search_terms'] && 'undefined' != $_POST['search_terms'] )