diff --git a/bp-core/bp-core-cache.php b/bp-core/bp-core-cache.php
index 1c0ba2d..66d8890 100644
a
|
b
|
function bp_update_meta_cache( $args = array() ) { |
92 | 92 | $object_column = $object_type . '_id'; |
93 | 93 | } |
94 | 94 | |
95 | | if ( !is_array( $object_ids ) ) { |
96 | | $object_ids = preg_replace( '|[^0-9,]|', '', $object_ids ); |
97 | | $object_ids = explode( ',', $object_ids ); |
98 | | } |
99 | | |
100 | | $object_ids = array_map( 'intval', $object_ids ); |
101 | | |
| 95 | $object_ids = wp_parse_id_list( $object_ids ); |
102 | 96 | $cache = array(); |
103 | 97 | |
104 | 98 | // Get meta info |
105 | | $id_list = join( ',', $object_ids ); |
| 99 | $id_list = esc_sql( join( ',', $object_ids ) ); |
106 | 100 | $meta_list = $wpdb->get_results( $wpdb->prepare( "SELECT {$object_column}, meta_key, meta_value FROM {$meta_table} WHERE {$object_column} IN ($id_list)", $object_type ), ARRAY_A ); |
107 | 101 | |
108 | 102 | if ( !empty( $meta_list ) ) { |
diff --git a/bp-core/bp-core-classes.php b/bp-core/bp-core-classes.php
index 102dbd8..57ee5ba 100644
a
|
b
|
class BP_User_Query { |
298 | 298 | // 'user_id' - When a user id is passed, limit to the friends of the user |
299 | 299 | // @todo remove need for bp_is_active() check |
300 | 300 | if ( ! empty( $user_id ) && bp_is_active( 'friends' ) ) { |
301 | | $friend_ids = friends_get_friend_user_ids( $user_id ); |
| 301 | $friend_ids = wp_parse_id_list( friends_get_friend_user_ids( $user_id ) ); |
302 | 302 | $friend_ids = $wpdb->escape( implode( ',', (array) $friend_ids ) ); |
303 | 303 | |
304 | 304 | if ( ! empty( $friend_ids ) ) { |
… |
… |
class BP_User_Query { |
323 | 323 | $found_user_ids = $wpdb->get_col( $found_user_ids_query ); |
324 | 324 | |
325 | 325 | if ( ! empty( $found_user_ids ) ) { |
326 | | $sql['where'][] = "u.{$this->uid_name} IN (" . implode( ',', wp_parse_id_list( $found_user_ids ) ) . ")"; |
| 326 | $sql['where'][] = "u.{$this->uid_name} IN (" . esc_sql( implode( ',', wp_parse_id_list( $found_user_ids ) ) ) . ")"; |
327 | 327 | } else { |
328 | 328 | $sql['where'][] = $this->no_results['where']; |
329 | 329 | } |
… |
… |
class BP_User_Query { |
341 | 341 | $found_user_ids = $wpdb->get_col( $meta_sql ); |
342 | 342 | |
343 | 343 | if ( ! empty( $found_user_ids ) ) { |
344 | | $sql['where'][] = "u.{$this->uid_name} IN (" . implode( ',', wp_parse_id_list( $found_user_ids ) ) . ")"; |
| 344 | $found_user_ids = esc_sql( implode( ',', wp_parse_id_list( $found_user_ids ) ) ); |
| 345 | $sql['where'][] = "u.{$this->uid_name} IN ({$found_user_ids})"; |
345 | 346 | } |
346 | 347 | } |
347 | 348 | |
… |
… |
class BP_User_Query { |
458 | 459 | } |
459 | 460 | |
460 | 461 | // Turn user ID's into a query-usable, comma separated value |
461 | | $user_ids_sql = implode( ',', wp_parse_id_list( $this->user_ids ) ); |
| 462 | $user_ids_sql = esc_sql( implode( ',', wp_parse_id_list( $this->user_ids ) ) ); |
462 | 463 | |
463 | 464 | /** |
464 | 465 | * Use this action to independently populate your own custom extras. |
… |
… |
class BP_Core_User { |
805 | 806 | } |
806 | 807 | |
807 | 808 | if ( !empty( $exclude ) ) { |
| 809 | $exclude = esc_sql( implode( ',', wp_parse_id_list( $exclude ) ) ); |
808 | 810 | $sql['where_exclude'] = "AND u.ID NOT IN ({$exclude})"; |
809 | 811 | } |
810 | 812 | |
… |
… |
class BP_Core_User { |
814 | 816 | $sql['where_users'] = "AND 0 = 1"; |
815 | 817 | } else { |
816 | 818 | if ( !empty( $include ) ) { |
817 | | if ( is_array( $include ) ) { |
818 | | $uids = $wpdb->escape( implode( ',', (array) $include ) ); |
819 | | } else { |
820 | | $uids = $wpdb->escape( $include ); |
821 | | } |
| 819 | $uids = esc_sql( implode( ',', wp_parse_id_list( $include ) ) );; |
822 | 820 | |
823 | 821 | if ( !empty( $uids ) ) { |
824 | 822 | $sql['where_users'] = "AND u.ID IN ({$uids})"; |
825 | 823 | } |
826 | 824 | } elseif ( !empty( $user_id ) && bp_is_active( 'friends' ) ) { |
827 | 825 | $friend_ids = friends_get_friend_user_ids( $user_id ); |
828 | | $friend_ids = $wpdb->escape( implode( ',', (array) $friend_ids ) ); |
| 826 | $friend_ids = $wpdb->escape( implode( ',', wp_parse_id_list( $friend_ids ) ) ); |
829 | 827 | |
830 | 828 | if ( !empty( $friend_ids ) ) { |
831 | 829 | $sql['where_friends'] = "AND u.ID IN ({$friend_ids})"; |
… |
… |
class BP_Core_User { |
910 | 908 | $user_ids = array(); |
911 | 909 | |
912 | 910 | foreach ( (array) $paged_users as $user ) { |
913 | | $user_ids[] = $user->id; |
| 911 | $user_ids[] = (int) $user->id; |
914 | 912 | } |
915 | 913 | |
916 | | $user_ids = $wpdb->escape( join( ',', (array) $user_ids ) ); |
| 914 | $user_ids = $wpdb->escape( join( ',', $user_ids ) ); |
917 | 915 | |
918 | 916 | // Add additional data to the returned results |
919 | 917 | $paged_users = BP_Core_User::get_user_extras( $paged_users, $user_ids, $type ); |
… |
… |
class BP_Core_User { |
981 | 979 | */ |
982 | 980 | $user_ids = array(); |
983 | 981 | foreach ( (array) $paged_users as $user ) |
984 | | $user_ids[] = $user->id; |
| 982 | $user_ids[] = (int) $user->id; |
985 | 983 | |
986 | | $user_ids = $wpdb->escape( join( ',', (array) $user_ids ) ); |
| 984 | $user_ids = $wpdb->escape( join( ',', $user_ids ) ); |
987 | 985 | |
988 | 986 | // Add additional data to the returned results |
989 | 987 | if ( $populate_extras ) { |
… |
… |
class BP_Core_User { |
1013 | 1011 | |
1014 | 1012 | $status_sql = bp_core_get_status_sql(); |
1015 | 1013 | |
| 1014 | $user_ids = implode( ',', wp_parse_id_list( $user_ids ) ); |
1016 | 1015 | $total_users_sql = apply_filters( 'bp_core_get_specific_users_count_sql', "SELECT COUNT(DISTINCT ID) FROM {$wpdb->users} WHERE {$status_sql} AND ID IN ( " . $wpdb->escape( $user_ids ) . " ) " ); |
1017 | 1016 | $paged_users_sql = apply_filters( 'bp_core_get_specific_users_count_sql', "SELECT DISTINCT ID as id, user_registered, user_nicename, user_login, user_email FROM {$wpdb->users} WHERE {$status_sql} AND ID IN ( " . $wpdb->escape( $user_ids ) . " ) {$pag_sql}" ); |
1018 | 1017 | |
… |
… |
class BP_Core_User { |
1097 | 1096 | if ( empty( $user_ids ) ) |
1098 | 1097 | return $paged_users; |
1099 | 1098 | |
| 1099 | $user_ids = esc_sql( implode( ',', wp_parse_id_list( $user_ids ) ) ); |
| 1100 | |
1100 | 1101 | // Fetch the user's full name |
1101 | 1102 | if ( bp_is_active( 'xprofile' ) && 'alphabetical' != $type ) { |
1102 | 1103 | $names = $wpdb->get_results( $wpdb->prepare( "SELECT pd.user_id as id, pd.value as fullname FROM {$bp->profile->table_name_fields} pf, {$bp->profile->table_name_data} pd WHERE pf.id = pd.field_id AND pf.name = %s AND pd.user_id IN ( {$user_ids} )", bp_xprofile_fullname_field_name() ) ); |
diff --git a/bp-core/bp-core-filters.php b/bp-core/bp-core-filters.php
index d984c24..2a70dc6 100644
a
|
b
|
function bp_core_filter_comments( $comments, $post_id ) { |
130 | 130 | if ( empty( $user_ids ) ) |
131 | 131 | return $comments; |
132 | 132 | |
133 | | $user_ids = implode( ',', $user_ids ); |
| 133 | $user_ids = esc_sql( implode( ',', wp_parse_id_list( $user_ids ) ) ); |
134 | 134 | |
135 | 135 | if ( !$userdata = $wpdb->get_results( "SELECT ID as user_id, user_login, user_nicename FROM {$wpdb->users} WHERE ID IN ({$user_ids})" ) ) |
136 | 136 | return $comments; |
diff --git a/bp-core/bp-core-functions.php b/bp-core/bp-core-functions.php
index 96b7564..0d24386 100644
a
|
b
|
function bp_core_get_directory_pages() { |
141 | 141 | // Always get page data from the root blog, except on multiblog mode, when it comes |
142 | 142 | // from the current blog |
143 | 143 | $posts_table_name = bp_is_multiblog_mode() ? $wpdb->posts : $wpdb->get_blog_prefix( bp_get_root_blog_id() ) . 'posts'; |
144 | | $page_ids_sql = implode( ',', (array) $page_ids ); |
| 144 | $page_ids_sql = esc_sql( implode( ',', wp_parse_id_list( $page_ids ) ) ); |
145 | 145 | $page_names = $wpdb->get_results( "SELECT ID, post_name, post_parent, post_title FROM {$posts_table_name} WHERE ID IN ({$page_ids_sql}) AND post_status = 'publish' " ); |
146 | 146 | |
147 | 147 | foreach ( (array) $page_ids as $component_id => $page_id ) { |