diff --git wp-content/plugins/buddypress/bp-xprofile/classes/class-bp-xprofile-field.php wp-content/plugins/buddypress/bp-xprofile/classes/class-bp-xprofile-field.php
index 20eb7224b..593614797 100644
|
|
|
class BP_XProfile_Field { |
| 570 | 570 | public function get_children( $for_editing = false ) { |
| 571 | 571 | global $wpdb; |
| 572 | 572 | |
| 573 | | // Sanitize 'order_by'. |
| 574 | | $order_by = bp_esc_sql_order( $this->order_by ); |
| 575 | | |
| 576 | 573 | // This is done here so we don't have problems with sql injection. |
| 577 | | if ( empty( $for_editing ) ) { |
| | 574 | if ( true === empty( $for_editing ) && 'custom' !== $this->order_by ) { |
| | 575 | // Sanitize 'order_by'. |
| | 576 | $order_by = bp_esc_sql_order( $this->order_by ); |
| 578 | 577 | $sort_sql = "ORDER BY name {$order_by}"; |
| | 578 | |
| 579 | 579 | } else { |
| 580 | 580 | $sort_sql = 'ORDER BY option_order ASC'; |
| 581 | 581 | } |