Skip to:
Content

BuddyPress.org

Ticket #4989: 4898.4.patch

File 4898.4.patch, 15.4 KB (added by johnjamesjacoby, 11 years ago)

Without the new like_escape() method, and with proper order of esc_sql() and like_escape()

  • bp-core/bp-core-classes.php

     
    318318                // To avoid global joins, do a separate query
    319319                // @todo remove need for bp_is_active() check
    320320                if ( false !== $search_terms && bp_is_active( 'xprofile' ) ) {
    321                         $found_user_ids = $wpdb->get_col( $wpdb->prepare( "SELECT user_id FROM {$bp->profile->table_name_data} WHERE value LIKE %s", '%%' . like_escape( $search_terms ) . '%%' ) );
     321                        $found_user_ids = $wpdb->get_col( $wpdb->prepare( "SELECT user_id FROM {$bp->profile->table_name_data} WHERE value LIKE %s", '%%' . esc_sql( like_escape( trim( $search_terms ) ) ) . '%%' ) );
    322322
    323323                        if ( ! empty( $found_user_ids ) ) {
    324324                                $sql['where'][] = "u.{$this->uid_name} IN (" . implode( ',', wp_parse_id_list( $found_user_ids ) ) . ")";
     
    836836                }
    837837
    838838                if ( !empty( $search_terms ) && bp_is_active( 'xprofile' ) ) {
    839                         $search_terms             = like_escape( $wpdb->escape( $search_terms ) );
     839                        $search_terms             = esc_sql( like_escape( trim( $search_terms ) ) );
    840840                        $sql['where_searchterms'] = "AND spd.value LIKE '%%$search_terms%%'";
    841841                }
    842842
     
    953953                        }
    954954                }
    955955
    956                 $letter     = like_escape( $wpdb->escape( $letter ) );
     956                $letter     = esc_sql( like_escape( trim( $letter ) ) );
    957957                $status_sql = bp_core_get_status_sql( 'u.' );
    958958
    959                 $exclude_sql = ( !empty( $exclude ) ) ? " AND u.ID NOT IN ({$exclude})" : "";
     959                if ( !empty( $exclude ) ) {
     960                        $exclude     = wp_parse_id_list( $r['exclude'] );
     961                        $exclude     = $wpdb->escape( implode( ',', $exclude ) );
     962                        $exclude_sql = " AND u.id NOT IN ({$exclude})";
     963                } else {
     964                        $exclude_sql = '';
     965                }
    960966
    961967                $total_users_sql = apply_filters( 'bp_core_users_by_letter_count_sql', $wpdb->prepare( "SELECT COUNT(DISTINCT u.ID) FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id LEFT JOIN {$bp->profile->table_name_fields} pf ON pd.field_id = pf.id WHERE {$status_sql} AND pf.name = %s {$exclude_sql} AND pd.value LIKE '{$letter}%%'  ORDER BY pd.value ASC", bp_xprofile_fullname_field_name() ) );
    962968                $paged_users_sql = apply_filters( 'bp_core_users_by_letter_sql',       $wpdb->prepare( "SELECT DISTINCT u.ID as id, u.user_registered, u.user_nicename, u.user_login, u.user_email FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id LEFT JOIN {$bp->profile->table_name_fields} pf ON pd.field_id = pf.id WHERE {$status_sql} AND pf.name = %s {$exclude_sql} AND pd.value LIKE '{$letter}%%' ORDER BY pd.value ASC{$pag_sql}", bp_xprofile_fullname_field_name() ) );
     
    10451051                $user_ids = array();
    10461052                $pag_sql  = $limit && $page ? $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * intval( $limit ) ), intval( $limit ) ) : '';
    10471053
    1048                 $search_terms = like_escape( $wpdb->escape( $search_terms ) );
     1054                $search_terms = esc_sql( like_escape( trim( $search_terms ) ) );
    10491055                $status_sql   = bp_core_get_status_sql( 'u.' );
    10501056
    10511057                $total_users_sql = apply_filters( 'bp_core_search_users_count_sql', "SELECT COUNT(DISTINCT u.ID) as id FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id WHERE {$status_sql} AND pd.value LIKE '%%{$search_terms}%%' ORDER BY pd.value ASC", $search_terms );
  • bp-groups/bp-groups-classes.php

     
    221221                if ( empty( $user_id ) )
    222222                        $user_id = bp_displayed_user_id();
    223223
    224                 $filter = like_escape( $wpdb->escape( $filter ) );
     224                $filter = esc_sql( like_escape( trim( $filter ) ) );
    225225
    226226                if ( !empty( $limit ) && !empty( $page ) )
    227227                        $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
     
    243243        function search_groups( $filter, $limit = null, $page = null, $sort_by = false, $order = false ) {
    244244                global $wpdb, $bp;
    245245
    246                 $filter = like_escape( $wpdb->escape( $filter ) );
     246                $filter = esc_sql( like_escape( trim( $filter ) ) );
    247247
    248248                if ( !empty( $limit ) && !empty( $page ) )
    249249                        $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
    250250
    251251                if ( !empty( $sort_by ) && !empty( $order ) ) {
    252                         $sort_by   = $wpdb->escape( $sort_by );
    253                         $order     = $wpdb->escape( $order );
    254                         $order_sql = "ORDER BY $sort_by $order";
     252                        $sort_by   = esc_sql( like_escape( trim( $sort_by ) ) );
     253                        $order     = esc_sql( like_escape( trim( $order   ) ) );
     254                        $order_sql = "ORDER BY {$sort_by} {$order}";
    255255                }
    256256
    257257                if ( !bp_current_user_can( 'bp_moderate' ) )
     
    363363                        $sql['hidden'] = " AND g.status != 'hidden'";
    364364
    365365                if ( !empty( $search_terms ) ) {
    366                         $search_terms = like_escape( $wpdb->escape( $search_terms ) );
     366                        $search_terms = esc_sql( like_escape( trim( $search_terms ) ) );
    367367                        $sql['search'] = " AND ( g.name LIKE '%%{$search_terms}%%' OR g.description LIKE '%%{$search_terms}%%' )";
    368368                }
    369369
     
    371371                        $sql['user'] = $wpdb->prepare( " AND m.user_id = %d AND m.is_confirmed = 1 AND m.is_banned = 0", $user_id );
    372372
    373373                if ( !empty( $include ) ) {
    374                         if ( is_array( $include ) )
    375                                 $include = implode( ',', $include );
    376 
    377                         $include = $wpdb->escape( $include );
     374                        $include        = wp_parse_id_list( $r['include'] );
     375                        $include        = $wpdb->escape( implode( ',', $include ) );
    378376                        $sql['include'] = " AND g.id IN ({$include})";
    379377                }
    380378
    381379                if ( !empty( $exclude ) ) {
    382                         if ( is_array( $exclude ) )
    383                                 $exclude = implode( ',', $exclude );
    384 
    385                         $exclude = $wpdb->escape( $exclude );
     380                        $exclude        = wp_parse_id_list( $r['exclude'] );
     381                        $exclude        = $wpdb->escape( implode( ',', $exclude ) );
    386382                        $sql['exclude'] = " AND g.id NOT IN ({$exclude})";
    387383                }
    388384
     
    479475                        $hidden_sql = " AND g.status != 'hidden'";
    480476
    481477                if ( !empty( $search_terms ) ) {
    482                         $search_terms = like_escape( $wpdb->escape( $search_terms ) );
     478                        $search_terms = esc_sql( like_escape( trim( $search_terms ) ) );
    483479                        $search_sql = " AND ( g.name LIKE '%%{$search_terms}%%' OR g.description LIKE '%%{$search_terms}%%' )";
    484480                }
    485481
    486482                if ( !empty( $exclude ) ) {
    487                         $exclude = $wpdb->escape( $exclude );
     483                        $exclude     = wp_parse_id_list( $exclude );
     484                        $exclude     = $wpdb->escape( implode( ',', $exclude ) );
    488485                        $exclude_sql = " AND g.id NOT IN ({$exclude})";
    489486                }
    490487
    491488                if ( !empty( $user_id ) ) {
    492                         $user_id = $wpdb->escape( $user_id );
     489                        $user_id      = absint( $wpdb->escape( $user_id ) );
    493490                        $paged_groups = $wpdb->get_results( "SELECT DISTINCT g.*, gm1.meta_value as total_member_count, gm2.meta_value as last_activity FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_groupmeta} gm3, {$bp->groups->table_name_members} m, {$bbdb->forums} f, {$bp->groups->table_name} g WHERE g.id = m.group_id AND g.id = gm1.group_id AND g.id = gm2.group_id AND g.id = gm3.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND (gm3.meta_key = 'forum_id' AND gm3.meta_value = f.forum_id) AND f.topics > 0 {$hidden_sql} {$search_sql} AND m.user_id = {$user_id} AND m.is_confirmed = 1 AND m.is_banned = 0 {$exclude_sql} ORDER BY f.topics DESC {$pag_sql}" );
    494491                        $total_groups = $wpdb->get_var( "SELECT COUNT(DISTINCT g.id) FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_groupmeta} gm3, {$bbdb->forums} f, {$bp->groups->table_name} g WHERE g.id = gm1.group_id AND g.id = gm2.group_id AND g.id = gm3.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND (gm3.meta_key = 'forum_id' AND gm3.meta_value = f.forum_id) AND f.topics > 0 {$hidden_sql} {$search_sql} AND m.user_id = {$user_id} AND m.is_confirmed = 1 AND m.is_banned = 0 {$exclude_sql}" );
    495492                } else {
     
    520517                        $hidden_sql = " AND g.status != 'hidden'";
    521518
    522519                if ( !empty( $search_terms ) ) {
    523                         $search_terms = like_escape( $wpdb->escape( $search_terms ) );
     520                        $search_terms = esc_sql( like_escape( trim( $search_terms ) ) );
    524521                        $search_sql = " AND ( g.name LIKE '%%{$search_terms}%%' OR g.description LIKE '%%{$search_terms}%%' )";
    525522                }
    526523
    527524                if ( !empty( $exclude ) ) {
    528                         $exclude = $wpdb->escape( $exclude );
     525                        $exclude     = wp_parse_id_list( $exclude );
     526                        $exclude     = $wpdb->escape( implode( ',', $exclude ) );
    529527                        $exclude_sql = " AND g.id NOT IN ({$exclude})";
    530528                }
    531529
     
    562560                }
    563561
    564562                if ( !empty( $exclude ) ) {
    565                         $exclude = $wpdb->escape( $exclude );
     563                        $exclude     = wp_parse_id_list( $exclude );
     564                        $exclude     = $wpdb->escape( implode( ',', $exclude ) );
    566565                        $exclude_sql = " AND g.id NOT IN ({$exclude})";
    567566                }
    568567
    569568                if ( !bp_current_user_can( 'bp_moderate' ) )
    570569                        $hidden_sql = " AND status != 'hidden'";
    571570
    572                 $letter = like_escape( $wpdb->escape( $letter ) );
     571                $letter = esc_sql( like_escape( $letter ) );
    573572
    574573                if ( !empty( $limit ) && !empty( $page ) ) {
    575574                        $pag_sql      = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
     
    601600                        $hidden_sql = "AND g.status != 'hidden'";
    602601
    603602                if ( !empty( $search_terms ) ) {
    604                         $search_terms = like_escape( $wpdb->escape( $search_terms ) );
     603                        $search_terms = esc_sql( like_escape( trim( $search_terms ) ) );
    605604                        $search_sql = " AND ( g.name LIKE '%%{$search_terms}%%' OR g.description LIKE '%%{$search_terms}%%' )";
    606605                }
    607606
    608607                if ( !empty( $exclude ) ) {
    609                         $exclude = $wpdb->escape( $exclude );
     608                        $exclude     = wp_parse_id_list( $exclude );
     609                        $exclude     = $wpdb->escape( implode( ',', $exclude ) );
    610610                        $exclude_sql = " AND g.id NOT IN ({$exclude})";
    611611                }
    612612
     
    634634                if ( empty( $group_ids ) )
    635635                        return $paged_groups;
    636636
     637                // Sanitize group IDs
     638                $group_ids = wp_parse_id_list( $group_ids );
     639                $group_ids = implode( ',', $group_ids );
     640
    637641                // Fetch the logged in users status within each group
    638642                $user_status = $wpdb->get_col( $wpdb->prepare( "SELECT group_id FROM {$bp->groups->table_name_members} WHERE user_id = %d AND group_id IN ( {$group_ids} ) AND is_confirmed = 1 AND is_banned = 0", bp_loggedin_user_id() ) );
    639643                for ( $i = 0, $count = count( $paged_groups ); $i < $count; ++$i ) {
     
    735739                $sql['from']   = "FROM {$bbdb->topics} AS t INNER JOIN {$bp->groups->table_name_groupmeta} AS gm ON t.forum_id = gm.meta_value INNER JOIN {$bp->groups->table_name} AS g ON gm.group_id = g.id";
    736740                $sql['where']  = "WHERE gm.meta_key = 'forum_id' {$status_sql} AND t.topic_status = '0' AND t.topic_sticky != '2'";
    737741
    738                 if ( $search_terms ) {
    739                         $st = like_escape( $search_terms );
     742                if ( !empty( $search_terms ) ) {
     743                        $st = esc_sql( like_escape( trim( $search_terms ) ) );
    740744                        $sql['where'] .= " AND (  t.topic_title LIKE '%{$st}%' )";
    741745                }
    742746
     
    9971001                        $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
    9981002
    9991003                if ( !empty( $filter ) ) {
    1000                         $filter = like_escape( $wpdb->escape( $filter ) );
     1004                        $filter     = esc_sql( like_escape( trim( $filter ) ) );
    10011005                        $filter_sql = " AND ( g.name LIKE '%%{$filter}%%' OR g.description LIKE '%%{$filter}%%' )";
    10021006                }
    10031007
     
    10191023                        $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
    10201024
    10211025                if ( !empty( $filter ) ) {
    1022                         $filter = like_escape( $wpdb->escape( $filter ) );
     1026                        $filter     = esc_sql( like_escape( trim( $filter ) ) );
    10231027                        $filter_sql = " AND ( g.name LIKE '%%{$filter}%%' OR g.description LIKE '%%{$filter}%%' )";
    10241028                }
    10251029
     
    10411045                        $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
    10421046
    10431047                if ( !empty( $filter ) ) {
    1044                         $filter = like_escape( $wpdb->escape( $filter ) );
     1048                        $filter     = esc_sql( like_escape( trim( $filter ) ) );
    10451049                        $filter_sql = " AND ( g.name LIKE '%%{$filter}%%' OR g.description LIKE '%%{$filter}%%' )";
    10461050                }
    10471051
     
    10721076
    10731077                $pag_sql = ( !empty( $limit ) && !empty( $page ) ) ? $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) ) : '';
    10741078
    1075                 $exclude_sql = !empty( $exclude ) ? $wpdb->prepare( " AND g.id NOT IN (%s)", $exclude ) : '';
     1079                if ( !empty( $exclude ) ) {
     1080                        $exclude     = wp_parse_id_list( $exclude );
     1081                        $exclude     = $wpdb->escape( implode( ',', $exclude ) );
     1082                        $exclude_sql = " AND g.id NOT IN ({$exclude})";
     1083                } else {
     1084                        $exclude_sql = '';
     1085                }
    10761086
    10771087                $paged_groups = $wpdb->get_results( $wpdb->prepare( "SELECT g.*, gm1.meta_value as total_member_count, gm2.meta_value as last_activity FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE g.id = m.group_id AND g.id = gm1.group_id AND g.id = gm2.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND m.is_confirmed = 0 AND m.inviter_id != 0 AND m.invite_sent = 1 AND m.user_id = %d {$exclude_sql} ORDER BY m.date_modified ASC {$pag_sql}", $user_id ) );
    10781088                $total_groups = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(DISTINCT m.group_id) FROM {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE m.group_id = g.id AND m.is_confirmed = 0 AND m.inviter_id != 0 AND m.invite_sent = 1 AND m.user_id = %d {$exclude_sql} ORDER BY date_modified ASC", $user_id ) );
     
    11751185                return $wpdb->query( $wpdb->prepare( "SELECT id FROM {$bp->groups->table_name_members} WHERE user_id = %d AND group_id = %d AND is_confirmed = 0 AND is_banned = 0 AND inviter_id = 0", $user_id, $group_id ) );
    11761186        }
    11771187
    1178         function get_random_groups( $user_id, $total_groups = 5 ) {
     1188        function get_random_groups( $user_id = 0, $total_groups = 5 ) {
    11791189                global $wpdb, $bp;
    11801190
    11811191                // If the user is logged in and viewing their random groups, we can show hidden and private groups
    11821192                if ( bp_is_my_profile() ) {
    1183                         return $wpdb->get_col( $wpdb->prepare( "SELECT DISTINCT group_id FROM {$bp->groups->table_name_members} WHERE user_id = %d AND is_confirmed = 1 AND is_banned = 0 ORDER BY rand() LIMIT $total_groups", $user_id ) );
     1193                        return $wpdb->get_col( $wpdb->prepare( "SELECT DISTINCT group_id FROM {$bp->groups->table_name_members} WHERE user_id = %d AND is_confirmed = 1 AND is_banned = 0 ORDER BY rand() LIMIT %d", $user_id, $total_groups ) );
    11841194                } else {
    1185                         return $wpdb->get_col( $wpdb->prepare( "SELECT DISTINCT m.group_id FROM {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE m.group_id = g.id AND g.status != 'hidden' AND m.user_id = %d AND m.is_confirmed = 1 AND m.is_banned = 0 ORDER BY rand() LIMIT $total_groups", $user_id ) );
     1195                        return $wpdb->get_col( $wpdb->prepare( "SELECT DISTINCT m.group_id FROM {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE m.group_id = g.id AND g.status != 'hidden' AND m.user_id = %d AND m.is_confirmed = 1 AND m.is_banned = 0 ORDER BY rand() LIMIT %d", $user_id, $total_groups ) );
    11861196                }
    11871197        }
    11881198
     
    12271237
    12281238                $exclude_sql = '';
    12291239                if ( !empty( $exclude ) ) {
    1230                         $exclude = implode( ',', wp_parse_id_list( $exclude ) );
     1240                        $exclude     = wp_parse_id_list( $exclude );
     1241                        $exclude     = $wpdb->escape( implode( ',', $exclude ) );
    12311242                        $exclude_sql = " AND m.user_id NOT IN ({$exclude})";
    12321243                }
    12331244
  • bp-themes/bp-default/_inc/ajax.php

     
    124124
    125125        // If page and search_terms have been passed via the AJAX post request, use those.
    126126        if ( ! empty( $_POST['page'] ) && '-1' != $_POST['page'] )
    127                 $qs[] = 'page=' . $_POST['page'];
     127                $qs[] = 'page=' . absint( $_POST['page'] );
    128128
    129129        $object_search_text = bp_get_search_default_text( $object );
    130130        if ( ! empty( $_POST['search_terms'] ) && $object_search_text != $_POST['search_terms'] && 'false' != $_POST['search_terms'] && 'undefined' != $_POST['search_terms'] )