Ticket #4989: 4898.5.patch
| File 4898.5.patch, 15.3 KB (added by , 11 years ago) |
|---|
-
bp-core/bp-core-classes.php
318 318 // To avoid global joins, do a separate query 319 319 // @todo remove need for bp_is_active() check 320 320 if ( false !== $search_terms && bp_is_active( 'xprofile' ) ) { 321 $found_user_ids = $wpdb->get_col( $wpdb->prepare( "SELECT user_id FROM {$bp->profile->table_name_data} WHERE value LIKE %s", '%%' . like_escape( $search_terms) . '%%' ) );321 $found_user_ids = $wpdb->get_col( $wpdb->prepare( "SELECT user_id FROM {$bp->profile->table_name_data} WHERE value LIKE %s", '%%' . esc_sql( like_escape( $search_terms ) ) . '%%' ) ); 322 322 323 323 if ( ! empty( $found_user_ids ) ) { 324 324 $sql['where'][] = "u.{$this->uid_name} IN (" . implode( ',', wp_parse_id_list( $found_user_ids ) ) . ")"; … … 836 836 } 837 837 838 838 if ( !empty( $search_terms ) && bp_is_active( 'xprofile' ) ) { 839 $search_terms = like_escape( $wpdb->escape( $search_terms ) );839 $search_terms = esc_sql( like_escape( $search_terms ) ); 840 840 $sql['where_searchterms'] = "AND spd.value LIKE '%%$search_terms%%'"; 841 841 } 842 842 … … 953 953 } 954 954 } 955 955 956 $letter = like_escape( $wpdb->escape( $letter ) );956 $letter = esc_sql( like_escape( $letter ) ); 957 957 $status_sql = bp_core_get_status_sql( 'u.' ); 958 958 959 $exclude_sql = ( !empty( $exclude ) ) ? " AND u.ID NOT IN ({$exclude})" : ""; 959 if ( !empty( $exclude ) ) { 960 $exclude = wp_parse_id_list( $r['exclude'] ); 961 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 962 $exclude_sql = " AND u.id NOT IN ({$exclude})"; 963 } else { 964 $exclude_sql = ''; 965 } 960 966 961 967 $total_users_sql = apply_filters( 'bp_core_users_by_letter_count_sql', $wpdb->prepare( "SELECT COUNT(DISTINCT u.ID) FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id LEFT JOIN {$bp->profile->table_name_fields} pf ON pd.field_id = pf.id WHERE {$status_sql} AND pf.name = %s {$exclude_sql} AND pd.value LIKE '{$letter}%%' ORDER BY pd.value ASC", bp_xprofile_fullname_field_name() ) ); 962 968 $paged_users_sql = apply_filters( 'bp_core_users_by_letter_sql', $wpdb->prepare( "SELECT DISTINCT u.ID as id, u.user_registered, u.user_nicename, u.user_login, u.user_email FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id LEFT JOIN {$bp->profile->table_name_fields} pf ON pd.field_id = pf.id WHERE {$status_sql} AND pf.name = %s {$exclude_sql} AND pd.value LIKE '{$letter}%%' ORDER BY pd.value ASC{$pag_sql}", bp_xprofile_fullname_field_name() ) ); … … 1045 1051 $user_ids = array(); 1046 1052 $pag_sql = $limit && $page ? $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * intval( $limit ) ), intval( $limit ) ) : ''; 1047 1053 1048 $search_terms = like_escape( $wpdb->escape( $search_terms ) );1054 $search_terms = esc_sql( like_escape( $search_terms ) ); 1049 1055 $status_sql = bp_core_get_status_sql( 'u.' ); 1050 1056 1051 1057 $total_users_sql = apply_filters( 'bp_core_search_users_count_sql', "SELECT COUNT(DISTINCT u.ID) as id FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id WHERE {$status_sql} AND pd.value LIKE '%%{$search_terms}%%' ORDER BY pd.value ASC", $search_terms ); -
bp-groups/bp-groups-classes.php
221 221 if ( empty( $user_id ) ) 222 222 $user_id = bp_displayed_user_id(); 223 223 224 $filter = like_escape( $wpdb->escape( $filter ) );224 $filter = esc_sql( like_escape( $filter ) ); 225 225 226 226 if ( !empty( $limit ) && !empty( $page ) ) 227 227 $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) ); … … 243 243 function search_groups( $filter, $limit = null, $page = null, $sort_by = false, $order = false ) { 244 244 global $wpdb, $bp; 245 245 246 $filter = like_escape( $wpdb->escape( $filter ) );246 $filter = esc_sql( like_escape( $filter ) ); 247 247 248 248 if ( !empty( $limit ) && !empty( $page ) ) 249 249 $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) ); 250 250 251 251 if ( !empty( $sort_by ) && !empty( $order ) ) { 252 $sort_by = $wpdb->escape( $sort_by);253 $order = $wpdb->escape( $order);254 $order_sql = "ORDER BY $sort_by $order";252 $sort_by = esc_sql( like_escape( trim( $sort_by ) ) ); 253 $order = esc_sql( like_escape( trim( $order ) ) ); 254 $order_sql = "ORDER BY {$sort_by} {$order}"; 255 255 } 256 256 257 257 if ( !bp_current_user_can( 'bp_moderate' ) ) … … 363 363 $sql['hidden'] = " AND g.status != 'hidden'"; 364 364 365 365 if ( !empty( $search_terms ) ) { 366 $search_terms = like_escape( $wpdb->escape( $search_terms ) );366 $search_terms = esc_sql( like_escape( $search_terms ) ); 367 367 $sql['search'] = " AND ( g.name LIKE '%%{$search_terms}%%' OR g.description LIKE '%%{$search_terms}%%' )"; 368 368 } 369 369 … … 371 371 $sql['user'] = $wpdb->prepare( " AND m.user_id = %d AND m.is_confirmed = 1 AND m.is_banned = 0", $user_id ); 372 372 373 373 if ( !empty( $include ) ) { 374 if ( is_array( $include ) ) 375 $include = implode( ',', $include ); 376 377 $include = $wpdb->escape( $include ); 374 $include = wp_parse_id_list( $r['include'] ); 375 $include = $wpdb->escape( implode( ',', $include ) ); 378 376 $sql['include'] = " AND g.id IN ({$include})"; 379 377 } 380 378 381 379 if ( !empty( $exclude ) ) { 382 if ( is_array( $exclude ) ) 383 $exclude = implode( ',', $exclude ); 384 385 $exclude = $wpdb->escape( $exclude ); 380 $exclude = wp_parse_id_list( $r['exclude'] ); 381 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 386 382 $sql['exclude'] = " AND g.id NOT IN ({$exclude})"; 387 383 } 388 384 … … 479 475 $hidden_sql = " AND g.status != 'hidden'"; 480 476 481 477 if ( !empty( $search_terms ) ) { 482 $search_terms = like_escape( $wpdb->escape( $search_terms ) );478 $search_terms = esc_sql( like_escape( $search_terms ) ); 483 479 $search_sql = " AND ( g.name LIKE '%%{$search_terms}%%' OR g.description LIKE '%%{$search_terms}%%' )"; 484 480 } 485 481 486 482 if ( !empty( $exclude ) ) { 487 $exclude = $wpdb->escape( $exclude ); 483 $exclude = wp_parse_id_list( $exclude ); 484 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 488 485 $exclude_sql = " AND g.id NOT IN ({$exclude})"; 489 486 } 490 487 491 488 if ( !empty( $user_id ) ) { 492 $user_id = $wpdb->escape( $user_id);489 $user_id = absint( $wpdb->escape( $user_id ) ); 493 490 $paged_groups = $wpdb->get_results( "SELECT DISTINCT g.*, gm1.meta_value as total_member_count, gm2.meta_value as last_activity FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_groupmeta} gm3, {$bp->groups->table_name_members} m, {$bbdb->forums} f, {$bp->groups->table_name} g WHERE g.id = m.group_id AND g.id = gm1.group_id AND g.id = gm2.group_id AND g.id = gm3.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND (gm3.meta_key = 'forum_id' AND gm3.meta_value = f.forum_id) AND f.topics > 0 {$hidden_sql} {$search_sql} AND m.user_id = {$user_id} AND m.is_confirmed = 1 AND m.is_banned = 0 {$exclude_sql} ORDER BY f.topics DESC {$pag_sql}" ); 494 491 $total_groups = $wpdb->get_var( "SELECT COUNT(DISTINCT g.id) FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_groupmeta} gm3, {$bbdb->forums} f, {$bp->groups->table_name} g WHERE g.id = gm1.group_id AND g.id = gm2.group_id AND g.id = gm3.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND (gm3.meta_key = 'forum_id' AND gm3.meta_value = f.forum_id) AND f.topics > 0 {$hidden_sql} {$search_sql} AND m.user_id = {$user_id} AND m.is_confirmed = 1 AND m.is_banned = 0 {$exclude_sql}" ); 495 492 } else { … … 520 517 $hidden_sql = " AND g.status != 'hidden'"; 521 518 522 519 if ( !empty( $search_terms ) ) { 523 $search_terms = like_escape( $wpdb->escape( $search_terms ) );520 $search_terms = esc_sql( like_escape( $search_terms ) ); 524 521 $search_sql = " AND ( g.name LIKE '%%{$search_terms}%%' OR g.description LIKE '%%{$search_terms}%%' )"; 525 522 } 526 523 527 524 if ( !empty( $exclude ) ) { 528 $exclude = $wpdb->escape( $exclude ); 525 $exclude = wp_parse_id_list( $exclude ); 526 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 529 527 $exclude_sql = " AND g.id NOT IN ({$exclude})"; 530 528 } 531 529 … … 562 560 } 563 561 564 562 if ( !empty( $exclude ) ) { 565 $exclude = $wpdb->escape( $exclude ); 563 $exclude = wp_parse_id_list( $exclude ); 564 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 566 565 $exclude_sql = " AND g.id NOT IN ({$exclude})"; 567 566 } 568 567 569 568 if ( !bp_current_user_can( 'bp_moderate' ) ) 570 569 $hidden_sql = " AND status != 'hidden'"; 571 570 572 $letter = like_escape( $wpdb->escape( $letter ) );571 $letter = esc_sql( like_escape( $letter ) ); 573 572 574 573 if ( !empty( $limit ) && !empty( $page ) ) { 575 574 $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) ); … … 601 600 $hidden_sql = "AND g.status != 'hidden'"; 602 601 603 602 if ( !empty( $search_terms ) ) { 604 $search_terms = like_escape( $wpdb->escape( $search_terms ) );603 $search_terms = esc_sql( like_escape( $search_terms ) ); 605 604 $search_sql = " AND ( g.name LIKE '%%{$search_terms}%%' OR g.description LIKE '%%{$search_terms}%%' )"; 606 605 } 607 606 608 607 if ( !empty( $exclude ) ) { 609 $exclude = $wpdb->escape( $exclude ); 608 $exclude = wp_parse_id_list( $exclude ); 609 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 610 610 $exclude_sql = " AND g.id NOT IN ({$exclude})"; 611 611 } 612 612 … … 634 634 if ( empty( $group_ids ) ) 635 635 return $paged_groups; 636 636 637 // Sanitize group IDs 638 $group_ids = wp_parse_id_list( $group_ids ); 639 $group_ids = implode( ',', $group_ids ); 640 637 641 // Fetch the logged in users status within each group 638 642 $user_status = $wpdb->get_col( $wpdb->prepare( "SELECT group_id FROM {$bp->groups->table_name_members} WHERE user_id = %d AND group_id IN ( {$group_ids} ) AND is_confirmed = 1 AND is_banned = 0", bp_loggedin_user_id() ) ); 639 643 for ( $i = 0, $count = count( $paged_groups ); $i < $count; ++$i ) { … … 735 739 $sql['from'] = "FROM {$bbdb->topics} AS t INNER JOIN {$bp->groups->table_name_groupmeta} AS gm ON t.forum_id = gm.meta_value INNER JOIN {$bp->groups->table_name} AS g ON gm.group_id = g.id"; 736 740 $sql['where'] = "WHERE gm.meta_key = 'forum_id' {$status_sql} AND t.topic_status = '0' AND t.topic_sticky != '2'"; 737 741 738 if ( $search_terms) {739 $st = like_escape( $search_terms);742 if ( !empty( $search_terms ) ) { 743 $st = esc_sql( like_escape( $search_terms ) ); 740 744 $sql['where'] .= " AND ( t.topic_title LIKE '%{$st}%' )"; 741 745 } 742 746 … … 997 1001 $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) ); 998 1002 999 1003 if ( !empty( $filter ) ) { 1000 $filter = like_escape( $wpdb->escape( $filter ) );1004 $filter = esc_sql( like_escape( $filter ) ); 1001 1005 $filter_sql = " AND ( g.name LIKE '%%{$filter}%%' OR g.description LIKE '%%{$filter}%%' )"; 1002 1006 } 1003 1007 … … 1019 1023 $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) ); 1020 1024 1021 1025 if ( !empty( $filter ) ) { 1022 $filter = like_escape( $wpdb->escape( $filter ) );1026 $filter = esc_sql( like_escape( $filter ) ); 1023 1027 $filter_sql = " AND ( g.name LIKE '%%{$filter}%%' OR g.description LIKE '%%{$filter}%%' )"; 1024 1028 } 1025 1029 … … 1041 1045 $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) ); 1042 1046 1043 1047 if ( !empty( $filter ) ) { 1044 $filter = like_escape( $wpdb->escape( $filter ) );1048 $filter = esc_sql( like_escape( $filter ) ); 1045 1049 $filter_sql = " AND ( g.name LIKE '%%{$filter}%%' OR g.description LIKE '%%{$filter}%%' )"; 1046 1050 } 1047 1051 … … 1072 1076 1073 1077 $pag_sql = ( !empty( $limit ) && !empty( $page ) ) ? $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) ) : ''; 1074 1078 1075 $exclude_sql = !empty( $exclude ) ? $wpdb->prepare( " AND g.id NOT IN (%s)", $exclude ) : ''; 1079 if ( !empty( $exclude ) ) { 1080 $exclude = wp_parse_id_list( $exclude ); 1081 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 1082 $exclude_sql = " AND g.id NOT IN ({$exclude})"; 1083 } else { 1084 $exclude_sql = ''; 1085 } 1076 1086 1077 1087 $paged_groups = $wpdb->get_results( $wpdb->prepare( "SELECT g.*, gm1.meta_value as total_member_count, gm2.meta_value as last_activity FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE g.id = m.group_id AND g.id = gm1.group_id AND g.id = gm2.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND m.is_confirmed = 0 AND m.inviter_id != 0 AND m.invite_sent = 1 AND m.user_id = %d {$exclude_sql} ORDER BY m.date_modified ASC {$pag_sql}", $user_id ) ); 1078 1088 $total_groups = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(DISTINCT m.group_id) FROM {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE m.group_id = g.id AND m.is_confirmed = 0 AND m.inviter_id != 0 AND m.invite_sent = 1 AND m.user_id = %d {$exclude_sql} ORDER BY date_modified ASC", $user_id ) ); … … 1175 1185 return $wpdb->query( $wpdb->prepare( "SELECT id FROM {$bp->groups->table_name_members} WHERE user_id = %d AND group_id = %d AND is_confirmed = 0 AND is_banned = 0 AND inviter_id = 0", $user_id, $group_id ) ); 1176 1186 } 1177 1187 1178 function get_random_groups( $user_id , $total_groups = 5 ) {1188 function get_random_groups( $user_id = 0, $total_groups = 5 ) { 1179 1189 global $wpdb, $bp; 1180 1190 1181 1191 // If the user is logged in and viewing their random groups, we can show hidden and private groups 1182 1192 if ( bp_is_my_profile() ) { 1183 return $wpdb->get_col( $wpdb->prepare( "SELECT DISTINCT group_id FROM {$bp->groups->table_name_members} WHERE user_id = %d AND is_confirmed = 1 AND is_banned = 0 ORDER BY rand() LIMIT $total_groups", $user_id) );1193 return $wpdb->get_col( $wpdb->prepare( "SELECT DISTINCT group_id FROM {$bp->groups->table_name_members} WHERE user_id = %d AND is_confirmed = 1 AND is_banned = 0 ORDER BY rand() LIMIT %d", $user_id, $total_groups ) ); 1184 1194 } else { 1185 return $wpdb->get_col( $wpdb->prepare( "SELECT DISTINCT m.group_id FROM {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE m.group_id = g.id AND g.status != 'hidden' AND m.user_id = %d AND m.is_confirmed = 1 AND m.is_banned = 0 ORDER BY rand() LIMIT $total_groups", $user_id) );1195 return $wpdb->get_col( $wpdb->prepare( "SELECT DISTINCT m.group_id FROM {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE m.group_id = g.id AND g.status != 'hidden' AND m.user_id = %d AND m.is_confirmed = 1 AND m.is_banned = 0 ORDER BY rand() LIMIT %d", $user_id, $total_groups ) ); 1186 1196 } 1187 1197 } 1188 1198 … … 1227 1237 1228 1238 $exclude_sql = ''; 1229 1239 if ( !empty( $exclude ) ) { 1230 $exclude = implode( ',', wp_parse_id_list( $exclude ) ); 1240 $exclude = wp_parse_id_list( $exclude ); 1241 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 1231 1242 $exclude_sql = " AND m.user_id NOT IN ({$exclude})"; 1232 1243 } 1233 1244 -
bp-themes/bp-default/_inc/ajax.php
124 124 125 125 // If page and search_terms have been passed via the AJAX post request, use those. 126 126 if ( ! empty( $_POST['page'] ) && '-1' != $_POST['page'] ) 127 $qs[] = 'page=' . $_POST['page'];127 $qs[] = 'page=' . absint( $_POST['page'] ); 128 128 129 129 $object_search_text = bp_get_search_default_text( $object ); 130 130 if ( ! empty( $_POST['search_terms'] ) && $object_search_text != $_POST['search_terms'] && 'false' != $_POST['search_terms'] && 'undefined' != $_POST['search_terms'] )