Skip to:
Content

BuddyPress.org

Ticket #4994: 4994.patch

File 4994.patch, 1.3 KB (added by johnjamesjacoby, 11 years ago)
  • bp-blogs-classes.php

     
    122122                        $blog_ids[] = $blog->blog_id;
    123123                }
    124124
    125                 $blog_ids = $wpdb->escape( join( ',', (array) $blog_ids ) );
    126125                $paged_blogs = BP_Blogs_Blog::get_blog_extras( $paged_blogs, $blog_ids, $type );
    127126
    128127                return array( 'blogs' => $paged_blogs, 'total' => $total_blogs );
     
    211210        function search_blogs( $filter, $limit = null, $page = null ) {
    212211                global $wpdb, $bp;
    213212
    214                 $filter = like_escape( $wpdb->escape( $filter ) );
     213                $filter = esc_sql( like_escape( $filter ) );
    215214
    216215                if ( !bp_current_user_can( 'bp_moderate' ) )
    217216                        $hidden_sql = "AND wb.public = 1";
     
    241240        function get_by_letter( $letter, $limit = null, $page = null ) {
    242241                global $bp, $wpdb;
    243242
    244                 $letter = like_escape( $wpdb->escape( $letter ) );
     243                $letter = esc_sql( like_escape( $letter ) );
    245244
    246245                if ( !bp_current_user_can( 'bp_moderate' ) )
    247246                        $hidden_sql = "AND wb.public = 1";
     
    294293                        }
    295294                }
    296295
     296                $blog_ids = esc_sql( implode( ',', wp_parse_id_list( $blog_ids ) ) );
     297
    297298                /* Fetch the blog description for each blog (as it may be empty we can't fetch it in the main query). */
    298299                $blog_descs = $wpdb->get_results( "SELECT blog_id, meta_value as description FROM {$bp->blogs->table_name_blogmeta} WHERE meta_key = 'description' AND blog_id IN ( {$blog_ids} )" );
    299300