Skip to:
Content

BuddyPress.org

Ticket #5919: 5919.patch

File 5919.patch, 4.2 KB (added by boonebgorges, 10 years ago)
  • src/bp-core/bp-core-filters.php

    diff --git src/bp-core/bp-core-filters.php src/bp-core/bp-core-filters.php
    index 69f0685..ce335e8 100644
    add_filter( 'wp_setup_nav_menu_item', 'bp_setup_nav_menu_item', 10, 1 ); 
    603603 * @return string
    604604 */
    605605function bp_filter_metaid_column_name( $q ) {
    606         return str_replace( 'meta_id', 'id', $q );
     606        /*
     607         * Replace quoted content with __QUOTE__ to avoid false positives.
     608         * This regular expression will match nested quotes.
     609         */
     610        $quoted_regex = "/'[^'\\\\]*(?:\\\\.[^'\\\\]*)*'/s";
     611        preg_match_all( $quoted_regex, $q, $quoted_matches );
     612        $q = preg_replace( $quoted_regex, '__QUOTE__', $q );
     613
     614        $q = str_replace( 'meta_id', 'id', $q );
     615
     616        // Put quoted content back into the string.
     617        if ( ! empty( $quoted_matches[0] ) ) {
     618                for ( $i = 0; $i < count( $quoted_matches[0] ); $i++ ) {
     619                        $quote_pos = strpos( $q, '__QUOTE__' );
     620                        $q = substr_replace( $q, $quoted_matches[0][ $i ], $quote_pos, 9 );
     621                }
     622        }
     623
     624        return $q;
    607625}
    608626
    609627/**
  • src/bp-xprofile/bp-xprofile-filters.php

    diff --git src/bp-xprofile/bp-xprofile-filters.php src/bp-xprofile/bp-xprofile-filters.php
    index a11bf12..8a2758c 100644
    function xprofile_filter_pre_validate_value_by_field_type( $value, $field, $fiel 
    200200/**
    201201 * Filter an Extended Profile field value, and attempt to make clickable links
    202202 * to members search results out of them.
    203  * 
     203 *
    204204 * - Not run on datebox field types
    205205 * - Not run on values without commas with less than 5 words
    206206 * - URL's are made clickable
    add_filter( 'bp_user_query_populate_extras', 'bp_xprofile_filter_user_query_popu 
    335335function bp_xprofile_filter_meta_query( $q ) {
    336336        global $wpdb;
    337337
     338        $raw_q = $q;
     339
     340        /*
     341         * Replace quoted content with __QUOTE__ to avoid false positives.
     342         * This regular expression will match nested quotes.
     343         */
     344        $quoted_regex = "/'[^'\\\\]*(?:\\\\.[^'\\\\]*)*'/s";
     345        preg_match_all( $quoted_regex, $q, $quoted_matches );
     346        $q = preg_replace( $quoted_regex, '__QUOTE__', $q );
     347
    338348        // Get the first word of the command
    339349        preg_match( '/^(\S+)/', $q, $first_word_matches );
    340350
    341351        if ( empty( $first_word_matches[0] ) ) {
    342                 return $q;
     352                return $raw_q;
    343353        }
    344354
    345355        // Get the field type
    346356        preg_match( '/xprofile_(group|field|data)_id/', $q, $matches );
    347357
    348358        if ( empty( $matches[0] ) || empty( $matches[1] ) ) {
    349                 return $q;
     359                return $raw_q;
    350360        }
    351361
    352362        switch ( $first_word_matches[0] ) {
    function bp_xprofile_filter_meta_query( $q ) { 
    415425                        break;
    416426        }
    417427
     428        // Put quoted content back into the string.
     429        if ( ! empty( $quoted_matches[0] ) ) {
     430                for ( $i = 0; $i < count( $quoted_matches[0] ); $i++ ) {
     431                        $quote_pos = strpos( $q, '__QUOTE__' );
     432                        $q = substr_replace( $q, $quoted_matches[0][ $i ], $quote_pos, 9 );
     433                }
     434        }
     435
    418436        return $q;
    419437}
     438
     439function bp_xprofile_filter_meta_query_preg_replace_callback( $matches ) {
     440
     441}
  • tests/phpunit/testcases/xprofile/functions.php

    diff --git tests/phpunit/testcases/xprofile/functions.php tests/phpunit/testcases/xprofile/functions.php
    index c404448..316556b 100644
    Bar!'; 
    473473
    474474        /**
    475475         * @group xprofilemeta
     476         * @group bp_xprofile_update_meta
     477         * @ticket BP5919
     478         */
     479        public function test_bp_xprofile_update_meta_where_sql_filter_keywords_are_in_quoted_value() {
     480                $g = $this->factory->xprofile_group->create();
     481                $value = "SELECT object_id FROM wp_bp_xprofile_groups WHERE \"foo\" VALUES (foo = 'bar'";
     482                bp_xprofile_add_meta( $g, 'group', 'foo', 'bar' );
     483                bp_xprofile_update_meta( $g, 'group', 'foo', $value );
     484                $this->assertSame( $value, bp_xprofile_get_meta( $g, 'group', 'foo' ) );
     485        }
     486
     487        /**
     488         * @group xprofilemeta
     489         * @group bp_xprofile_update_meta
     490         * @ticket BP5919
     491         */
     492        public function test_bp_xprofile_update_meta_where_meta_id_is_in_quoted_value() {
     493                $g = $this->factory->xprofile_group->create();
     494                $value = "foo meta_id bar";
     495                bp_xprofile_add_meta( $g, 'group', 'foo', 'bar' );
     496                bp_xprofile_update_meta( $g, 'group', 'foo', $value );
     497                $this->assertSame( $value, bp_xprofile_get_meta( $g, 'group', 'foo' ) );
     498        }
     499
     500        /**
     501         * @group xprofilemeta
    476502         * @group bp_xprofile_add_meta
    477503         */
    478504        public function test_bp_xprofile_add_meta_no_meta_key() {