Ticket #5919: 5919.patch
File 5919.patch, 4.2 KB (added by , 10 years ago) |
---|
-
src/bp-core/bp-core-filters.php
diff --git src/bp-core/bp-core-filters.php src/bp-core/bp-core-filters.php index 69f0685..ce335e8 100644
add_filter( 'wp_setup_nav_menu_item', 'bp_setup_nav_menu_item', 10, 1 ); 603 603 * @return string 604 604 */ 605 605 function bp_filter_metaid_column_name( $q ) { 606 return str_replace( 'meta_id', 'id', $q ); 606 /* 607 * Replace quoted content with __QUOTE__ to avoid false positives. 608 * This regular expression will match nested quotes. 609 */ 610 $quoted_regex = "/'[^'\\\\]*(?:\\\\.[^'\\\\]*)*'/s"; 611 preg_match_all( $quoted_regex, $q, $quoted_matches ); 612 $q = preg_replace( $quoted_regex, '__QUOTE__', $q ); 613 614 $q = str_replace( 'meta_id', 'id', $q ); 615 616 // Put quoted content back into the string. 617 if ( ! empty( $quoted_matches[0] ) ) { 618 for ( $i = 0; $i < count( $quoted_matches[0] ); $i++ ) { 619 $quote_pos = strpos( $q, '__QUOTE__' ); 620 $q = substr_replace( $q, $quoted_matches[0][ $i ], $quote_pos, 9 ); 621 } 622 } 623 624 return $q; 607 625 } 608 626 609 627 /** -
src/bp-xprofile/bp-xprofile-filters.php
diff --git src/bp-xprofile/bp-xprofile-filters.php src/bp-xprofile/bp-xprofile-filters.php index a11bf12..8a2758c 100644
function xprofile_filter_pre_validate_value_by_field_type( $value, $field, $fiel 200 200 /** 201 201 * Filter an Extended Profile field value, and attempt to make clickable links 202 202 * to members search results out of them. 203 * 203 * 204 204 * - Not run on datebox field types 205 205 * - Not run on values without commas with less than 5 words 206 206 * - URL's are made clickable … … add_filter( 'bp_user_query_populate_extras', 'bp_xprofile_filter_user_query_popu 335 335 function bp_xprofile_filter_meta_query( $q ) { 336 336 global $wpdb; 337 337 338 $raw_q = $q; 339 340 /* 341 * Replace quoted content with __QUOTE__ to avoid false positives. 342 * This regular expression will match nested quotes. 343 */ 344 $quoted_regex = "/'[^'\\\\]*(?:\\\\.[^'\\\\]*)*'/s"; 345 preg_match_all( $quoted_regex, $q, $quoted_matches ); 346 $q = preg_replace( $quoted_regex, '__QUOTE__', $q ); 347 338 348 // Get the first word of the command 339 349 preg_match( '/^(\S+)/', $q, $first_word_matches ); 340 350 341 351 if ( empty( $first_word_matches[0] ) ) { 342 return $ q;352 return $raw_q; 343 353 } 344 354 345 355 // Get the field type 346 356 preg_match( '/xprofile_(group|field|data)_id/', $q, $matches ); 347 357 348 358 if ( empty( $matches[0] ) || empty( $matches[1] ) ) { 349 return $ q;359 return $raw_q; 350 360 } 351 361 352 362 switch ( $first_word_matches[0] ) { … … function bp_xprofile_filter_meta_query( $q ) { 415 425 break; 416 426 } 417 427 428 // Put quoted content back into the string. 429 if ( ! empty( $quoted_matches[0] ) ) { 430 for ( $i = 0; $i < count( $quoted_matches[0] ); $i++ ) { 431 $quote_pos = strpos( $q, '__QUOTE__' ); 432 $q = substr_replace( $q, $quoted_matches[0][ $i ], $quote_pos, 9 ); 433 } 434 } 435 418 436 return $q; 419 437 } 438 439 function bp_xprofile_filter_meta_query_preg_replace_callback( $matches ) { 440 441 } -
tests/phpunit/testcases/xprofile/functions.php
diff --git tests/phpunit/testcases/xprofile/functions.php tests/phpunit/testcases/xprofile/functions.php index c404448..316556b 100644
Bar!'; 473 473 474 474 /** 475 475 * @group xprofilemeta 476 * @group bp_xprofile_update_meta 477 * @ticket BP5919 478 */ 479 public function test_bp_xprofile_update_meta_where_sql_filter_keywords_are_in_quoted_value() { 480 $g = $this->factory->xprofile_group->create(); 481 $value = "SELECT object_id FROM wp_bp_xprofile_groups WHERE \"foo\" VALUES (foo = 'bar'"; 482 bp_xprofile_add_meta( $g, 'group', 'foo', 'bar' ); 483 bp_xprofile_update_meta( $g, 'group', 'foo', $value ); 484 $this->assertSame( $value, bp_xprofile_get_meta( $g, 'group', 'foo' ) ); 485 } 486 487 /** 488 * @group xprofilemeta 489 * @group bp_xprofile_update_meta 490 * @ticket BP5919 491 */ 492 public function test_bp_xprofile_update_meta_where_meta_id_is_in_quoted_value() { 493 $g = $this->factory->xprofile_group->create(); 494 $value = "foo meta_id bar"; 495 bp_xprofile_add_meta( $g, 'group', 'foo', 'bar' ); 496 bp_xprofile_update_meta( $g, 'group', 'foo', $value ); 497 $this->assertSame( $value, bp_xprofile_get_meta( $g, 'group', 'foo' ) ); 498 } 499 500 /** 501 * @group xprofilemeta 476 502 * @group bp_xprofile_add_meta 477 503 */ 478 504 public function test_bp_xprofile_add_meta_no_meta_key() {