Ticket #4989: 4898.patch
| File 4898.patch, 4.5 KB (added by , 11 years ago) |
|---|
-
bp-groups/bp-groups-classes.php
371 371 $sql['user'] = $wpdb->prepare( " AND m.user_id = %d AND m.is_confirmed = 1 AND m.is_banned = 0", $user_id ); 372 372 373 373 if ( !empty( $include ) ) { 374 if ( is_array( $include ) ) 375 $include = implode( ',', $include ); 376 377 $include = $wpdb->escape( $include ); 374 $include = wp_parse_id_list( $r['include'] ); 375 $include = $wpdb->escape( implode( ',', $include ) ); 378 376 $sql['include'] = " AND g.id IN ({$include})"; 379 377 } 380 378 381 379 if ( !empty( $exclude ) ) { 382 if ( is_array( $exclude ) ) 383 $exclude = implode( ',', $exclude ); 384 385 $exclude = $wpdb->escape( $exclude ); 380 $exclude = wp_parse_id_list( $r['exclude'] ); 381 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 386 382 $sql['exclude'] = " AND g.id NOT IN ({$exclude})"; 387 383 } 388 384 … … 484 480 } 485 481 486 482 if ( !empty( $exclude ) ) { 487 $exclude = $wpdb->escape( $exclude );488 $exclude_sql = " AND g.id NOT IN ({$exclude})";483 $exclude = wp_parse_id_list( $exclude ); 484 $exclude_sql = $wpdb->prepare( " AND g.id NOT IN (%s)", implode( ',', $exclude ) ); 489 485 } 490 486 491 487 if ( !empty( $user_id ) ) { … … 525 521 } 526 522 527 523 if ( !empty( $exclude ) ) { 528 $exclude = $wpdb->escape( $exclude );529 $exclude_sql = " AND g.id NOT IN ({$exclude})";524 $exclude = wp_parse_id_list( $exclude ); 525 $exclude_sql = $wpdb->prepare( " AND g.id NOT IN (%s)", implode( ',', $exclude ) ); 530 526 } 531 527 532 528 if ( !empty( $user_id ) ) { … … 562 558 } 563 559 564 560 if ( !empty( $exclude ) ) { 565 $exclude = $wpdb->escape( $exclude );566 $exclude_sql = " AND g.id NOT IN ({$exclude})";561 $exclude = wp_parse_id_list( $exclude ); 562 $exclude_sql = $wpdb->prepare( " AND g.id NOT IN (%s)", implode( ',', $exclude ) ); 567 563 } 568 564 569 565 if ( !bp_current_user_can( 'bp_moderate' ) ) … … 606 602 } 607 603 608 604 if ( !empty( $exclude ) ) { 609 $exclude = $wpdb->escape( $exclude );610 $exclude_sql = " AND g.id NOT IN ({$exclude})";605 $exclude = wp_parse_id_list( $exclude ); 606 $exclude_sql = $wpdb->prepare( " AND g.id NOT IN (%s)", implode( ',', $exclude ) ); 611 607 } 612 608 613 609 if ( !empty( $user_id ) ) { … … 1072 1068 1073 1069 $pag_sql = ( !empty( $limit ) && !empty( $page ) ) ? $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) ) : ''; 1074 1070 1075 $exclude_sql = !empty( $exclude ) ? $wpdb->prepare( " AND g.id NOT IN (%s)", $exclude ) : ''; 1071 if ( !empty( $exclude ) ) { 1072 $exclude = wp_parse_id_list( $exclude ); 1073 $exclude_sql = $wpdb->prepare( " AND g.id NOT IN (%s)", implode( ',', $exclude ) ); 1074 } 1076 1075 1077 1076 $paged_groups = $wpdb->get_results( $wpdb->prepare( "SELECT g.*, gm1.meta_value as total_member_count, gm2.meta_value as last_activity FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE g.id = m.group_id AND g.id = gm1.group_id AND g.id = gm2.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND m.is_confirmed = 0 AND m.inviter_id != 0 AND m.invite_sent = 1 AND m.user_id = %d {$exclude_sql} ORDER BY m.date_modified ASC {$pag_sql}", $user_id ) ); 1078 1077 $total_groups = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(DISTINCT m.group_id) FROM {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE m.group_id = g.id AND m.is_confirmed = 0 AND m.inviter_id != 0 AND m.invite_sent = 1 AND m.user_id = %d {$exclude_sql} ORDER BY date_modified ASC", $user_id ) ); … … 1227 1226 1228 1227 $exclude_sql = ''; 1229 1228 if ( !empty( $exclude ) ) { 1230 $exclude = implode( ',', wp_parse_id_list( $exclude ));1231 $exclude_sql = " AND m.user_id NOT IN ({$exclude})";1229 $exclude = wp_parse_id_list( $exclude ); 1230 $exclude_sql = $wpdb->prepare( " AND g.id NOT IN (%s)", implode( ',', $exclude ) ); 1232 1231 } 1233 1232 1234 1233 if ( bp_is_active( 'xprofile' ) ) { -
bp-themes/bp-default/_inc/ajax.php
124 124 125 125 // If page and search_terms have been passed via the AJAX post request, use those. 126 126 if ( ! empty( $_POST['page'] ) && '-1' != $_POST['page'] ) 127 $qs[] = 'page=' . $_POST['page'];127 $qs[] = 'page=' . absint( $_POST['page'] ); 128 128 129 129 $object_search_text = bp_get_search_default_text( $object ); 130 130 if ( ! empty( $_POST['search_terms'] ) && $object_search_text != $_POST['search_terms'] && 'false' != $_POST['search_terms'] && 'undefined' != $_POST['search_terms'] )