diff --git a/bp-blogs/bp-blogs-classes.php b/bp-blogs/bp-blogs-classes.php
index 5c3bd2f..2594db8 100644
|
a
|
b
|
class BP_Blogs_Blog { |
| 109 | 109 | } |
| 110 | 110 | |
| 111 | 111 | if ( !empty( $search_terms ) ) { |
| 112 | | $filter = like_escape( $wpdb->escape( $search_terms ) ); |
| | 112 | $filter = esc_sql( like_escape( $search_terms ) ); |
| 113 | 113 | $paged_blogs = $wpdb->get_results( "SELECT b.blog_id, b.user_id as admin_user_id, u.user_email as admin_user_email, wb.domain, wb.path, bm.meta_value as last_activity, bm2.meta_value as name FROM {$bp->blogs->table_name} b, {$bp->blogs->table_name_blogmeta} bm, {$bp->blogs->table_name_blogmeta} bm2, {$wpdb->base_prefix}blogs wb, {$wpdb->users} u WHERE b.blog_id = wb.blog_id AND b.user_id = u.ID AND b.blog_id = bm.blog_id AND b.blog_id = bm2.blog_id AND wb.archived = '0' AND wb.spam = 0 AND wb.mature = 0 AND wb.deleted = 0 {$hidden_sql} AND bm.meta_key = 'last_activity' AND bm2.meta_key = 'name' AND bm2.meta_value LIKE '%%$filter%%' {$user_sql} GROUP BY b.blog_id {$order_sql} {$pag_sql}" ); |
| 114 | 114 | $total_blogs = $wpdb->get_var( "SELECT COUNT(DISTINCT b.blog_id) FROM {$bp->blogs->table_name} b, {$wpdb->base_prefix}blogs wb, {$bp->blogs->table_name_blogmeta} bm, {$bp->blogs->table_name_blogmeta} bm2 WHERE b.blog_id = wb.blog_id AND bm.blog_id = b.blog_id AND bm2.blog_id = b.blog_id AND wb.archived = '0' AND wb.spam = 0 AND wb.mature = 0 AND wb.deleted = 0 {$hidden_sql} AND bm.meta_key = 'name' AND bm2.meta_key = 'description' AND ( bm.meta_value LIKE '%%$filter%%' || bm2.meta_value LIKE '%%$filter%%' ) {$user_sql}" ); |
| 115 | 115 | } else { |
| … |
… |
class BP_Blogs_Blog { |
| 119 | 119 | |
| 120 | 120 | $blog_ids = array(); |
| 121 | 121 | foreach ( (array) $paged_blogs as $blog ) { |
| 122 | | $blog_ids[] = |
| | 122 | $blog_ids[] = (int) $blog->blog_id; |
| 123 | 123 | } |
| 124 | 124 | |
| 125 | | $blog_ids = $wpdb->escape( join( ',', (array) $blog_ids ) ); |
| 126 | 125 | $paged_blogs = BP_Blogs_Blog::get_blog_extras( $paged_blogs, $blog_ids, $type ); |
| 127 | 126 | |
| 128 | 127 | return array( 'blogs' => $paged_blogs, 'total' => $total_blogs ); |
| … |
… |
class BP_Blogs_Blog { |
| 211 | 210 | function search_blogs( $filter, $limit = null, $page = null ) { |
| 212 | 211 | global $wpdb, $bp; |
| 213 | 212 | |
| 214 | | $filter = like_escape( $wpdb->escape( $filter ) ); |
| | 213 | $filter = esc_sql( like_escape( $filter ) ); |
| 215 | 214 | |
| | 215 | $hidden_sql = ''; |
| 216 | 216 | if ( !bp_current_user_can( 'bp_moderate' ) ) |
| 217 | 217 | $hidden_sql = "AND wb.public = 1"; |
| 218 | 218 | |
| … |
… |
class BP_Blogs_Blog { |
| 241 | 241 | function get_by_letter( $letter, $limit = null, $page = null ) { |
| 242 | 242 | global $bp, $wpdb; |
| 243 | 243 | |
| 244 | | $letter = like_escape( $wpdb->escape( $letter ) ); |
| | 244 | $letter = esc_sql( like_escape( $letter ) ); |
| 245 | 245 | |
| | 246 | $hidden_sql = ''; |
| 246 | 247 | if ( !bp_current_user_can( 'bp_moderate' ) ) |
| 247 | 248 | $hidden_sql = "AND wb.public = 1"; |
| 248 | 249 | |
| … |
… |
class BP_Blogs_Blog { |
| 261 | 262 | if ( empty( $blog_ids ) ) |
| 262 | 263 | return $paged_blogs; |
| 263 | 264 | |
| | 265 | $blog_ids = esc_sql( implode( ',', wp_parse_id_list( $blog_ids ) ) ); |
| | 266 | |
| 264 | 267 | for ( $i = 0, $count = count( $paged_blogs ); $i < $count; ++$i ) { |
| 265 | 268 | $blog_prefix = $wpdb->get_blog_prefix( $paged_blogs[$i]->blog_id ); |
| 266 | 269 | $paged_blogs[$i]->latest_post = $wpdb->get_row( "SELECT ID, post_content, post_title, post_excerpt, guid FROM {$blog_prefix}posts WHERE post_status = 'publish' AND post_type = 'post' AND id != 1 ORDER BY id DESC LIMIT 1" ); |