Skip to:
Content

BuddyPress.org

Ticket #5432: 5432.diff

File 5432.diff, 784 bytes (added by imath, 10 years ago)
  • bp-core/bp-core-classes.php

    diff --git bp-core/bp-core-classes.php bp-core/bp-core-classes.php
    index 4bd3b67..9486cb2 100644
    class BP_User_Query { 
    365365                // To avoid global joins, do a separate query
    366366                // @todo remove need for bp_is_active() check
    367367                if ( false !== $search_terms && bp_is_active( 'xprofile' ) ) {
    368                         $search_terms_clean = mysql_real_escape_string( mysql_real_escape_string( $search_terms ) );
     368                        $search_terms_clean = esc_sql( esc_sql( $search_terms ) );
    369369                        $search_terms_clean = like_escape( $search_terms_clean );
    370370                        $found_user_ids_query = "SELECT user_id FROM {$bp->profile->table_name_data} WHERE value LIKE '%" . $search_terms_clean . "%'";
    371371                        $found_user_ids = $wpdb->get_col( $found_user_ids_query );