Ticket #4994: 4994.patch
File 4994.patch, 1.3 KB (added by , 11 years ago) |
---|
-
bp-blogs-classes.php
122 122 $blog_ids[] = $blog->blog_id; 123 123 } 124 124 125 $blog_ids = $wpdb->escape( join( ',', (array) $blog_ids ) );126 125 $paged_blogs = BP_Blogs_Blog::get_blog_extras( $paged_blogs, $blog_ids, $type ); 127 126 128 127 return array( 'blogs' => $paged_blogs, 'total' => $total_blogs ); … … 211 210 function search_blogs( $filter, $limit = null, $page = null ) { 212 211 global $wpdb, $bp; 213 212 214 $filter = like_escape( $wpdb->escape( $filter ) );213 $filter = esc_sql( like_escape( $filter ) ); 215 214 216 215 if ( !bp_current_user_can( 'bp_moderate' ) ) 217 216 $hidden_sql = "AND wb.public = 1"; … … 241 240 function get_by_letter( $letter, $limit = null, $page = null ) { 242 241 global $bp, $wpdb; 243 242 244 $letter = like_escape( $wpdb->escape( $letter ) );243 $letter = esc_sql( like_escape( $letter ) ); 245 244 246 245 if ( !bp_current_user_can( 'bp_moderate' ) ) 247 246 $hidden_sql = "AND wb.public = 1"; … … 294 293 } 295 294 } 296 295 296 $blog_ids = esc_sql( implode( ',', wp_parse_id_list( $blog_ids ) ) ); 297 297 298 /* Fetch the blog description for each blog (as it may be empty we can't fetch it in the main query). */ 298 299 $blog_descs = $wpdb->get_results( "SELECT blog_id, meta_value as description FROM {$bp->blogs->table_name_blogmeta} WHERE meta_key = 'description' AND blog_id IN ( {$blog_ids} )" ); 299 300