diff --git src/bp-xprofile/classes/class-bp-xprofile-field.php src/bp-xprofile/classes/class-bp-xprofile-field.php
index 20eb7224b..c42b11fb5 100644
|
|
|
class BP_XProfile_Field { |
| 570 | 570 | public function get_children( $for_editing = false ) { |
| 571 | 571 | global $wpdb; |
| 572 | 572 | |
| 573 | | // Sanitize 'order_by'. |
| 574 | | $order_by = bp_esc_sql_order( $this->order_by ); |
| 575 | | |
| 576 | 573 | // This is done here so we don't have problems with sql injection. |
| 577 | | if ( empty( $for_editing ) |
| 578 | | $sort_sql = "ORDER BY name {$order_by}"; |
| | 574 | if ( empty( $for_editing ) && in_array( $this->order_by, array( 'asc', 'desc' ), true ) ) { |
| | 575 | $sort_sql = sprintf( 'ORDER BY name %s', bp_esc_sql_order( $this->order_by ) ); |
| 579 | 576 | } else { |
| 580 | 577 | $sort_sql = 'ORDER BY option_order ASC'; |
| 581 | 578 | } |
| … |
… |
class BP_XProfile_Field { |
| 598 | 595 | * @since 1.2.5 |
| 599 | 596 | * @since 3.0.0 Added the `$this` parameter. |
| 600 | 597 | * |
| 601 | | * @param array $children |
| 602 | | * @param bool $for_editing |
| 603 | | * @param BP_XProfile_Field $this Field object |
| | 598 | * @param array $children Found children for a field. |
| | 599 | * @param bool $for_editing Whether or not the field is for editing. |
| | 600 | * @param BP_XProfile_Field $field_object BP_XProfile_Field Field object. |
| 604 | 601 | */ |
| 605 | 602 | return apply_filters( 'bp_xprofile_field_get_children', $children, $for_editing, $this ); |
| 606 | 603 | } |