diff --git src/bp-activity/classes/class-bp-activity-activity.php src/bp-activity/classes/class-bp-activity-activity.php
index cf084c16f..71611dbe9 100644
|
|
|
class BP_Activity_Activity { |
| 507 | 507 | } |
| 508 | 508 | } |
| 509 | 509 | |
| 510 | | // Sorting. |
| | 510 | // Sanitize 'order'. |
| 511 | 511 | $sort = $r['sort']; |
| 512 | | if ( $sort != 'ASC' && $sort != 'DESC' ) { |
| 513 | | $sort = 'DESC'; |
| | 512 | if ( 'DESC' !== $sort ) { |
| | 513 | $sort = bp_esc_sql_order( $sort ); |
| 514 | 514 | } |
| 515 | 515 | |
| 516 | 516 | switch( $r['order_by'] ) { |
diff --git src/bp-blogs/bp-blogs-functions.php src/bp-blogs/bp-blogs-functions.php
index c64e88ab7..743090230 100644
|
|
|
function bp_blogs_get_blogs( $args = '' ) { |
| 91 | 91 | * |
| 92 | 92 | * @param array $args { |
| 93 | 93 | * Array of arguments. |
| 94 | | * @type int |
| 95 | | * @type int |
| 96 | | * @type array |
| 97 | | * @type array |
| | 94 | * @type int $offset The offset to use. |
| | 95 | * @type int $limit The number of blogs to record at one time. |
| | 96 | * @type array $blog_ids Blog IDs to record. If empty, all blogs will be recorded. |
| | 97 | * @type array $site_id The network site ID to use. |
| 98 | 98 | * } |
| 99 | | * |
| 100 | 99 | * @return bool |
| 101 | 100 | */ |
| 102 | 101 | function bp_blogs_record_existing_blogs( $args = array() ) { |
diff --git src/bp-blogs/bp-blogs-template.php src/bp-blogs/bp-blogs-template.php
index 5b06fcfce..f6f353658 100644
|
|
|
function bp_blogs_directory_permalink() { |
| 97 | 97 | |
| 98 | 98 | /** |
| 99 | 99 | * Rewind the blogs and reset blog index. |
| | 100 | * |
| | 101 | * @global BP_Blogs_Template $blogs_template {@link BP_Blogs_Template} |
| 100 | 102 | */ |
| 101 | 103 | function bp_rewind_blogs() { |
| 102 | 104 | global $blogs_template; |
| … |
… |
function bp_rewind_blogs() { |
| 111 | 113 | * global, enabling the use of BuddyPress templates and template functions to |
| 112 | 114 | * display a list of activity items. |
| 113 | 115 | * |
| 114 | | * @global object $blogs_template {@link BP_Blogs_Template} |
| | 116 | * @global BP_Blogs_Template $blogs_template {@link BP_Blogs_Template} |
| 115 | 117 | * |
| 116 | 118 | * @param array|string $args { |
| 117 | 119 | * Arguments for limiting the contents of the blogs loop. Most arguments |
| … |
… |
function bp_rewind_blogs() { |
| 133 | 135 | * @type string $type The order in which results should be fetched. |
| 134 | 136 | * 'active', 'alphabetical', 'newest', or 'random'. |
| 135 | 137 | * @type array $include_blog_ids Array of blog IDs to limit results to. |
| 136 | | * @type string $sort 'ASC' or 'DESC'. Default: 'DESC'. |
| 137 | 138 | * @type string $search_terms Limit results by a search term. Default: the value of `$_REQUEST['s']` or |
| 138 | 139 | * `$_REQUEST['sites_search']`, if present. |
| 139 | 140 | * @type int $user_id The ID of the user whose blogs should be retrieved. |
diff --git src/bp-core/bp-core-functions.php src/bp-core/bp-core-functions.php
index e2acd9373..6007f05ac 100644
|
|
|
function bp_is_running_wp( $version, $compare = '>=' ) { |
| 92 | 92 | * |
| 93 | 93 | * @since 1.2.6 |
| 94 | 94 | * |
| 95 | | * @global object $wpdb WordPress database object. |
| | 95 | * @global wpdb $wpdb WordPress database object. |
| 96 | 96 | * |
| 97 | 97 | * @return string Filtered database prefix. |
| 98 | 98 | */ |
| … |
… |
function bp_esc_sql_order( $order = '' ) { |
| 383 | 383 | * |
| 384 | 384 | * @since 2.1.0 |
| 385 | 385 | * |
| | 386 | * @global wpdb $wpdb WordPress database object. |
| 386 | 387 | * @see wpdb::esc_like() for more details on proper use. |
| 387 | 388 | * |
| 388 | 389 | * @param string $text The raw text to be escaped. |
| … |
… |
function bp_esc_like( $text ) { |
| 394 | 395 | |
| 395 | 396 | if ( method_exists( $wpdb, 'esc_like' ) ) { |
| 396 | 397 | return $wpdb->esc_like( $text ); |
| 397 | | } else { |
| 398 | | return addcslashes( $text, '_%\\' ); |
| 399 | 398 | } |
| | 399 | |
| | 400 | return addcslashes( $text, '_%\\' ); |
| 400 | 401 | } |
| 401 | 402 | |
| 402 | 403 | /** |
diff --git src/bp-friends/classes/class-bp-friends-friendship.php src/bp-friends/classes/class-bp-friends-friendship.php
index 69cbf2eb0..dcce808e1 100644
|
|
|
class BP_Friends_Friendship { |
| 257 | 257 | * @type int $is_confirmed Whether the friendship has been accepted. |
| 258 | 258 | * @type int $is_limited Whether the friendship is limited. |
| 259 | 259 | * @type string $order_by Column name to order by. |
| 260 | | * @type string $sort_order ASC or DESC. Default DESC. |
| | 260 | * @type string $sort_order Optional. ASC or DESC. Default: 'DESC'. |
| 261 | 261 | * } |
| 262 | 262 | * @param string $operator Optional. Operator to use in `wp_list_filter()`. |
| 263 | 263 | * |
| … |
… |
class BP_Friends_Friendship { |
| 369 | 369 | } |
| 370 | 370 | |
| 371 | 371 | // Adjust the sort direction of the results. |
| 372 | | if ( 'ASC' === strtoupper( $r['sort_order'] ) ) { |
| | 372 | if ( 'ASC' === bp_esc_sql_order( $r['sort_order'] ) ) { |
| 373 | 373 | // `true` to preserve keys. |
| 374 | 374 | $friendships = array_reverse( $friendships, true ); |
| 375 | 375 | } |
diff --git src/bp-groups/classes/class-bp-groups-list-table.php src/bp-groups/classes/class-bp-groups-list-table.php
index 4a102b3fd..7d3dff995 100644
|
|
|
class BP_Groups_List_Table extends WP_List_Table { |
| 96 | 96 | // Sort order. |
| 97 | 97 | $order = 'DESC'; |
| 98 | 98 | if ( ! empty( $_REQUEST['order'] ) ) { |
| 99 | | $order = ( 'desc' == strtolower( $_REQUEST['order'] ) ) ? 'DESC' : 'ASC'; |
| | 99 | $order = bp_esc_sql_order( $_REQUEST['order'] ); |
| 100 | 100 | } |
| 101 | 101 | |
| 102 | 102 | // Order by - default to newest. |
diff --git src/bp-members/classes/class-bp-members-invitations-template.php src/bp-members/classes/class-bp-members-invitations-template.php
index 3270eed7d..184ac23b7 100644
|
|
|
class BP_Members_Invitations_Template { |
| 184 | 184 | ); |
| 185 | 185 | |
| 186 | 186 | // Sort order direction. |
| 187 | | $orders = array( 'ASC', 'DESC' ); |
| 188 | | if ( ! empty( $_GET['sort_order'] ) && in_array( $_GET['sort_order'], $orders ) ) { |
| | 187 | if ( ! empty( $_GET['sort_order'] ) ) { |
| 189 | 188 | $r['sort_order'] = $_GET['sort_order']; |
| 190 | | } else { |
| 191 | | $r['sort_order'] = in_array( $r['sort_order'], $orders ) ? $r['sort_order'] : 'DESC'; |
| 192 | 189 | } |
| 193 | 190 | |
| 194 | 191 | // Setup variables. |
| 195 | 192 | $this->pag_arg = sanitize_key( $r['page_arg'] ); |
| 196 | 193 | $this->pag_page = bp_sanitize_pagination_arg( $this->pag_arg, $r['page'] ); |
| 197 | 194 | $this->pag_num = bp_sanitize_pagination_arg( 'num', $r['per_page'] ); |
| | 195 | $this->sort_order = bp_esc_sql_order( $r['sort_order'] ); |
| 198 | 196 | $this->user_id = $r['user_id']; |
| 199 | 197 | $this->search_terms = $r['search_terms']; |
| 200 | 198 | $this->order_by = $r['order_by']; |
| 201 | | $this->sort_order = $r['sort_order']; |
| 202 | 199 | $this->query_vars = array( |
| 203 | 200 | 'id' => $r['id'], |
| 204 | 201 | 'user_id' => $r['user_id'], |
| … |
… |
class BP_Members_Invitations_Template { |
| 252 | 249 | * @return bool True if there are items in the loop, otherwise false. |
| 253 | 250 | */ |
| 254 | 251 | public function has_invitations() { |
| 255 | | if ( $this->current_invitation_count ) { |
| 256 | | return true; |
| 257 | | } |
| 258 | | |
| 259 | | return false; |
| | 252 | return ! empty( $this->current_invitation_count ); |
| 260 | 253 | } |
| 261 | 254 | |
| 262 | 255 | /** |
diff --git src/bp-messages/bp-messages-template.php src/bp-messages/bp-messages-template.php
index b5441b294..47064ebb8 100644
|
|
|
function bp_message_get_recipient_usernames() { |
| 1634 | 1634 | * |
| 1635 | 1635 | * @param array|string $args { |
| 1636 | 1636 | * Array of arguments. All are optional. |
| 1637 | | * @type int $thread_id |
| | 1637 | * @type int $thread_id Optional. ID of the thread whose messages you are displaying. |
| 1638 | 1638 | * Default: if viewing a thread, the thread ID will be parsed from |
| 1639 | 1639 | * the URL (bp_action_variable( 0 )). |
| 1640 | | * @type string $order |
| 1641 | | * @type bool $update_meta_cache |
| | 1640 | * @type string $order Optional. 'ASC' or 'DESC'. Default: 'ASC'. |
| | 1641 | * @type bool $update_meta_cache Optional. Whether to pre-fetch metadata for |
| 1642 | 1642 | * queried message items. Default: true. |
| 1643 | 1643 | * @type int|null $page Page of messages being requested. Default to null, meaning all. |
| 1644 | 1644 | * @type int|null $per_page Messages to return per page. Default to null, meaning all. |
diff --git src/bp-messages/classes/class-bp-messages-thread-template.php src/bp-messages/classes/class-bp-messages-thread-template.php
index 3623f85a1..6a4429819 100644
|
|
|
class BP_Messages_Thread_Template { |
| 84 | 84 | * @see BP_Messages_Thread::populate() for full parameter info. |
| 85 | 85 | * |
| 86 | 86 | * @param int $thread_id ID of the message thread to display. |
| 87 | | * @param string $order Order to show the thread's messages in. |
| | 87 | * @param string $order Optional. Order to show the thread's messages in. |
| | 88 | * Default: 'ASC'. |
| 88 | 89 | * @param array $args Array of arguments for the query. |
| 89 | 90 | */ |
| 90 | 91 | public function __construct( $thread_id = 0, $order = 'ASC', $args = array() ) { |
diff --git src/bp-messages/classes/class-bp-messages-thread.php src/bp-messages/classes/class-bp-messages-thread.php
index e1a7f1891..889e0a014 100644
|
|
|
class BP_Messages_Thread { |
| 121 | 121 | * queried message items. Default: true. |
| 122 | 122 | * @type int|null $page Page of messages being requested. Default to null, meaning all. |
| 123 | 123 | * @type int|null $per_page Messages to return per page. Default to null, meaning all. |
| 124 | | * @type string $order |
| | 124 | * @type string $order Optional. The order to sort the messages. Either 'ASC' or 'DESC'. |
| 125 | 125 | * Defaults to 'ASC'. |
| 126 | 126 | * @type int|null $recipients_page Page of recipients being requested. Default to null, meaning all. |
| 127 | 127 | * @type int|null $recipients_per_page Recipients to return per page. Defaults to null, meaning all. |
| … |
… |
class BP_Messages_Thread { |
| 160 | 160 | */ |
| 161 | 161 | public function populate( $thread_id = 0, $order = 'ASC', $args = array() ) { |
| 162 | 162 | |
| 163 | | if ( ! in_array( strtoupper( $order ), array( 'ASC', 'DESC' ), true ) ) { |
| 164 | | $order = 'ASC'; |
| 165 | | } |
| 166 | | |
| 167 | 163 | $user_id = |
| 168 | 164 | bp_displayed_user_id() ? |
| 169 | 165 | bp_displayed_user_id() : |
| … |
… |
class BP_Messages_Thread { |
| 177 | 173 | 'update_meta_cache' => true, |
| 178 | 174 | 'page' => null, |
| 179 | 175 | 'per_page' => null, |
| 180 | | 'order' => $order, |
| | 176 | 'order' => bp_esc_sql_order( $order ), |
| 181 | 177 | 'recipients_page' => null, |
| 182 | 178 | 'recipients_per_page' => null, |
| 183 | 179 | ) |
| 184 | 180 | ); |
| 185 | 181 | |
| 186 | | $this->messages_order = $order; |
| | 182 | $this->messages_order = $r['order']; |
| 187 | 183 | $this->thread_id = (int) $thread_id; |
| 188 | 184 | |
| 189 | 185 | // Get messages for thread. |
| … |
… |
class BP_Messages_Thread { |
| 373 | 369 | ) |
| 374 | 370 | ); |
| 375 | 371 | |
| 376 | | // Fallback. |
| 377 | | if ( ! in_array( strtoupper( $r['order'] ), array( 'ASC', 'DESC' ), true ) ) { |
| 378 | | $r['order'] = 'ASC'; |
| 379 | | } |
| | 372 | // Sanitize 'order'. |
| | 373 | $r['order'] = bp_esc_sql_order( $r['order'] ); |
| 380 | 374 | |
| 381 | 375 | // Get messages from cache if available. |
| 382 | 376 | $messages = wp_cache_get( $thread_id, 'bp_messages_threads' ); |
| … |
… |
class BP_Messages_Thread { |
| 403 | 397 | } |
| 404 | 398 | |
| 405 | 399 | // Flip if order is DESC. |
| 406 | | if ( 'DESC' === strtoupper( $r['order'] ) ) { |
| | 400 | if ( 'DESC' === $r['order'] ) { |
| 407 | 401 | $messages = array_reverse( $messages ); |
| 408 | 402 | } |
| 409 | 403 | |
diff --git src/bp-notifications/bp-notifications-template.php src/bp-notifications/bp-notifications-template.php
index f13267d3d..9ab7a998a 100644
|
|
|
function bp_notifications_sort_order_form() { |
| 997 | 997 | $selected = 'DESC'; |
| 998 | 998 | |
| 999 | 999 | // Check for a custom sort_order. |
| 1000 | | if ( ! |
| 1001 | | if ( in_array( $_REQUEST['sort_order'], $orders |
| | 1000 | if ( ! empty( $_REQUEST['sort_order'] ) ) { |
| | 1001 | if ( in_array( $_REQUEST['sort_order'], $orders, true ) ) { |
| 1002 | 1002 | $selected = $_REQUEST['sort_order']; |
| 1003 | 1003 | } |
| 1004 | 1004 | } ?> |
diff --git src/bp-notifications/classes/class-bp-notifications-notification.php src/bp-notifications/classes/class-bp-notifications-notification.php
index 1adb42cd1..0403ad7b9 100644
|
|
|
class BP_Notifications_Notification { |
| 446 | 446 | } |
| 447 | 447 | |
| 448 | 448 | // Sort order direction. |
| 449 | | if ( ! empty( $args['sort_order'] ) && in_array( $args['sort_order'], array( 'ASC', 'DESC' ), true ) ) { |
| 450 | | $sort_order = $args['sort_order']; |
| | 449 | if ( ! empty( $args['sort_order'] ) ) { |
| | 450 | $sort_order = bp_esc_sql_order( $args['sort_order'] ); |
| 451 | 451 | $conditions['sort_order'] = "{$sort_order}"; |
| 452 | 452 | } |
| 453 | 453 | |
diff --git src/bp-notifications/classes/class-bp-notifications-template.php src/bp-notifications/classes/class-bp-notifications-template.php
index 09dc3ffc7..ce8683e0d 100644
|
|
|
class BP_Notifications_Template { |
| 175 | 175 | ); |
| 176 | 176 | |
| 177 | 177 | // Sort order direction. |
| 178 | | $orders = array( 'ASC', 'DESC' ); |
| 179 | | if ( ! empty( $_GET['sort_order'] ) && in_array( $_GET['sort_order'], $orders, true ) ) { |
| | 178 | if ( ! empty( $_GET['sort_order'] ) ) { |
| 180 | 179 | $r['sort_order'] = $_GET['sort_order']; |
| 181 | | } else { |
| 182 | | $r['sort_order'] = in_array( $r['sort_order'], $orders ) ? $r['sort_order'] : 'DESC'; |
| 183 | 180 | } |
| 184 | 181 | |
| 185 | 182 | // Setup variables. |
| 186 | 183 | $this->pag_arg = sanitize_key( $r['page_arg'] ); |
| 187 | 184 | $this->pag_page = bp_sanitize_pagination_arg( $this->pag_arg, $r['page'] ); |
| 188 | 185 | $this->pag_num = bp_sanitize_pagination_arg( 'num', $r['per_page'] ); |
| | 186 | $this->sort_order = bp_esc_sql_order( $r['sort_order'] ); |
| 189 | 187 | $this->user_id = $r['user_id']; |
| 190 | 188 | $this->is_new = $r['is_new']; |
| 191 | 189 | $this->search_terms = $r['search_terms']; |
| 192 | 190 | $this->order_by = $r['order_by']; |
| 193 | | $this->sort_order = $r['sort_order']; |
| 194 | 191 | $this->query_vars = array( |
| 195 | 192 | 'id' => $r['id'], |
| 196 | 193 | 'user_id' => $this->user_id, |
diff --git src/bp-xprofile/classes/class-bp-xprofile-field.php src/bp-xprofile/classes/class-bp-xprofile-field.php
index 9607a6ed9..20eb7224b 100644
|
|
|
class BP_XProfile_Field { |
| 561 | 561 | * |
| 562 | 562 | * @since 1.2.0 |
| 563 | 563 | * |
| 564 | | * @global object $wpdb |
| | 564 | * @global BuddyPress $bp The one true BuddyPress instance. |
| | 565 | * @global wpdb $wpdb WordPress database object. |
| 565 | 566 | * |
| 566 | | * @param bool $for_editing Whether or not the field is for editing. |
| | 567 | * @param bool $for_editing Whether or not the field is for editing. Default to false. |
| 567 | 568 | * @return array |
| 568 | 569 | */ |
| 569 | 570 | public function get_children( $for_editing = false ) { |
| 570 | 571 | global $wpdb; |
| 571 | 572 | |
| | 573 | // Sanitize 'order_by'. |
| | 574 | $order_by = bp_esc_sql_order( $this->order_by ); |
| | 575 | |
| 572 | 576 | // This is done here so we don't have problems with sql injection. |
| 573 | | if ( empty( $for_editing ) && ( 'asc' === $this->order_by ) ) { |
| 574 | | $sort_sql = 'ORDER BY name ASC'; |
| 575 | | } elseif ( empty( $for_editing ) && ( 'desc' === $this->order_by ) ) { |
| 576 | | $sort_sql = 'ORDER BY name DESC'; |
| | 577 | if ( empty( $for_editing ) ) { |
| | 578 | $sort_sql = "ORDER BY name {$order_by}"; |
| 577 | 579 | } else { |
| 578 | 580 | $sort_sql = 'ORDER BY option_order ASC'; |
| 579 | 581 | } |
| … |
… |
class BP_XProfile_Field { |
| 586 | 588 | $parent_id = $this->id; |
| 587 | 589 | } |
| 588 | 590 | |
| 589 | | $bp = buddypress(); |
| 590 | | $sql = $wpdb->prepare( "SELECT * FROM {$bp->profile->table_name_fields} WHERE parent_id = %d AND group_id = %d {$sort_sql}", $parent_id, $this->group_id ); |
| 591 | | |
| | 591 | $bp = buddypress(); |
| | 592 | $sql = $wpdb->prepare( "SELECT * FROM {$bp->profile->table_name_fields} WHERE parent_id = %d AND group_id = %d {$sort_sql}", $parent_id, $this->group_id ); |
| 592 | 593 | $children = $wpdb->get_results( $sql ); |
| 593 | 594 | |
| 594 | 595 | /** |
| … |
… |
class BP_XProfile_Field { |
| 597 | 598 | * @since 1.2.5 |
| 598 | 599 | * @since 3.0.0 Added the `$this` parameter. |
| 599 | 600 | * |
| 600 | | * @param object $children Found children for a field. |
| | 601 | * @param array $children Found children for a field. |
| 601 | 602 | * @param bool $for_editing Whether or not the field is for editing. |
| 602 | 603 | * @param BP_XProfile_Field $this Field object |
| 603 | 604 | */ |
diff --git tests/phpunit/testcases/messages/class.bp-messages-thread.php tests/phpunit/testcases/messages/class.bp-messages-thread.php
index 946a87edb..f98ba4cec 100644
|
|
|
class BP_Tests_BP_Messages_Thread extends BP_UnitTestCase { |
| 140 | 140 | wp_list_pluck( $thread->messages, 'id' ) |
| 141 | 141 | ); |
| 142 | 142 | |
| | 143 | // Testing sort with lowercase and space. |
| | 144 | $thread = new BP_Messages_Thread( $message_1->thread_id, ' desc' ); |
| | 145 | $this->assertEquals( |
| | 146 | array( $message_2->id, $message_1->id ), |
| | 147 | wp_list_pluck( $thread->messages, 'id' ) |
| | 148 | ); |
| | 149 | |
| 143 | 150 | // Now sorting via the helper method. |
| 144 | 151 | $messages = BP_Messages_Thread::get_messages( $message_1->thread_id, array( 'order' => 'desc' ) ); |
| 145 | 152 | $this->assertEquals( |