Ticket #925: bp-xprofile-classes.php.patch
| File bp-xprofile-classes.php.patch, 4.0 KB (added by , 14 years ago) |
|---|
-
bp-xprofile-classes.php
207 207 $this->group_id = $field->group_id; 208 208 $this->parent_id = $field->parent_id; 209 209 $this->type = $field->type; 210 $this->name = stripslashes($field->name);211 $this->desc = stripslashes($field->description);210 $this->name = $field->name; 211 $this->desc = $field->description; 212 212 $this->is_required = $field->is_required; 213 213 $this->can_delete = $field->can_delete; 214 214 $this->field_order = $field->field_order; … … 253 253 do_action( 'xprofile_field_before_save', $this ); 254 254 255 255 if ( $this->id != null ) 256 $sql = $wpdb->prepare("UPDATE {$bp->profile->table_name_fields} SET group_id = %d, parent_id = 0, type = %s, name = %s, description = %s, is_required = %d, order_by = %sWHERE id = %d", $this->group_id, $this->type, $this->name, $this->desc, $this->is_required, $this->order_by, $this->id);256 $sql = sprintf("UPDATE {$bp->profile->table_name_fields} SET group_id = %d, parent_id = 0, type = '%s', name = '%s', description = '%s', is_required = %d, order_by = '%s' WHERE id = %d", $this->group_id, $this->type, $this->name, $this->desc, $this->is_required, $this->order_by, $this->id); 257 257 else 258 $sql = $wpdb->prepare("INSERT INTO {$bp->profile->table_name_fields} (group_id, parent_id, type, name, description, is_required, order_by) VALUES (%d, 0, %s, %s, %s, %d, %d)", $this->group_id, $this->type, $this->name, $this->desc, $this->is_required, $this->order_by);258 $sql = sprintf("INSERT INTO {$bp->profile->table_name_fields} (group_id, parent_id, type, name, description, is_required, order_by) VALUES (%d, 0, '%s', '%s', '%s', %d, %d)", $this->group_id, $this->type, $this->name, $this->desc, $this->is_required, $this->order_by); 259 259 260 260 if ( $wpdb->query($sql) ) { 261 261 … … 313 313 } 314 314 315 315 if ( '' != $option_value ) { 316 if ( !$wpdb->query( $wpdb->prepare("INSERT INTO {$bp->profile->table_name_fields} (group_id, parent_id, type, name, description, is_required, option_order, is_default_option) VALUES (%d, %d, 'option', %s, '', 0, %d, %d)", $this->group_id, $parent_id, $option_value, $counter, $is_default ) ) )316 if ( !$wpdb->query( sprintf("INSERT INTO {$bp->profile->table_name_fields} (group_id, parent_id, type, name, description, is_required, option_order, is_default_option) VALUES (%d, %d, 'option', '%s', '', 0, %d, %d)", $this->group_id, $parent_id, $option_value, $counter, $is_default ) ) ) 317 317 return false; 318 318 } 319 319 … … 620 620 $this->id = $profiledata->id; 621 621 $this->user_id = $profiledata->user_id; 622 622 $this->field_id = $profiledata->field_id; 623 $this->value = stripslashes($profiledata->value);623 $this->value = $profiledata->value; 624 624 $this->last_updated = $profiledata->last_updated; 625 625 } 626 626 } … … 661 661 662 662 if ( $this->is_valid_field() ) { 663 663 if ( $this->exists() && $this->value != '' ) { 664 $sql = $wpdb->prepare( "UPDATE {$bp->profile->table_name_data} SET value = %s, last_updated = %sWHERE user_id = %d AND field_id = %d", $this->value, $this->last_updated, $this->user_id, $this->field_id );664 $sql = sprintf( "UPDATE {$bp->profile->table_name_data} SET value = '%s', last_updated = '%s' WHERE user_id = %d AND field_id = %d", $this->value, $this->last_updated, $this->user_id, $this->field_id ); 665 665 } else if ( $this->exists() && empty( $this->value ) ) { 666 666 // Data removed, delete the entry. 667 667 $this->delete(); 668 668 } else { 669 $sql = $wpdb->prepare("INSERT INTO {$bp->profile->table_name_data} (user_id, field_id, value, last_updated) VALUES (%d, %d, %s, %s)", $this->user_id, $this->field_id, $this->value, $this->last_updated );669 $sql = sprintf("INSERT INTO {$bp->profile->table_name_data} (user_id, field_id, value, last_updated) VALUES (%d, %d, '%s', '%s')", $this->user_id, $this->field_id, $this->value, $this->last_updated ); 670 670 } 671 671 672 672 if ( $wpdb->query($sql) === false )