Skip to:
Content

BuddyPress.org

Ticket #925: bp-xprofile-classes.php.patch

File bp-xprofile-classes.php.patch, 4.0 KB (added by swinton, 12 years ago)
  • bp-xprofile-classes.php

     
    207207                        $this->group_id = $field->group_id;
    208208                        $this->parent_id = $field->parent_id;
    209209                        $this->type = $field->type;
    210                         $this->name = stripslashes($field->name);
    211                         $this->desc = stripslashes($field->description);
     210                        $this->name = $field->name;
     211                        $this->desc = $field->description;
    212212                        $this->is_required = $field->is_required;
    213213                        $this->can_delete = $field->can_delete;
    214214                        $this->field_order = $field->field_order;
     
    253253                do_action( 'xprofile_field_before_save', $this );
    254254               
    255255                if ( $this->id != null )
    256                         $sql = $wpdb->prepare("UPDATE {$bp->profile->table_name_fields} SET group_id = %d, parent_id = 0, type = %s, name = %s, description = %s, is_required = %d, order_by = %s WHERE id = %d", $this->group_id, $this->type, $this->name, $this->desc, $this->is_required, $this->order_by, $this->id);
     256                        $sql = sprintf("UPDATE {$bp->profile->table_name_fields} SET group_id = %d, parent_id = 0, type = '%s', name = '%s', description = '%s', is_required = %d, order_by = '%s' WHERE id = %d", $this->group_id, $this->type, $this->name, $this->desc, $this->is_required, $this->order_by, $this->id);
    257257                else
    258                         $sql = $wpdb->prepare("INSERT INTO {$bp->profile->table_name_fields} (group_id, parent_id, type, name, description, is_required, order_by) VALUES (%d, 0, %s, %s, %s, %d, %d)", $this->group_id, $this->type, $this->name, $this->desc, $this->is_required, $this->order_by);
     258                        $sql = sprintf("INSERT INTO {$bp->profile->table_name_fields} (group_id, parent_id, type, name, description, is_required, order_by) VALUES (%d, 0, '%s', '%s', '%s', %d, %d)", $this->group_id, $this->type, $this->name, $this->desc, $this->is_required, $this->order_by);
    259259
    260260                if ( $wpdb->query($sql) ) {
    261261                       
     
    313313                                                }
    314314
    315315                                                if ( '' != $option_value ) {
    316                                                         if ( !$wpdb->query( $wpdb->prepare("INSERT INTO {$bp->profile->table_name_fields} (group_id, parent_id, type, name, description, is_required, option_order, is_default_option) VALUES (%d, %d, 'option', %s, '', 0, %d, %d)", $this->group_id, $parent_id, $option_value, $counter, $is_default ) ) )
     316                                                        if ( !$wpdb->query( sprintf("INSERT INTO {$bp->profile->table_name_fields} (group_id, parent_id, type, name, description, is_required, option_order, is_default_option) VALUES (%d, %d, 'option', '%s', '', 0, %d, %d)", $this->group_id, $parent_id, $option_value, $counter, $is_default ) ) )
    317317                                                                return false;
    318318                                                }
    319319                                       
     
    620620                        $this->id = $profiledata->id;
    621621                        $this->user_id = $profiledata->user_id;
    622622                        $this->field_id = $profiledata->field_id;
    623                         $this->value = stripslashes($profiledata->value);
     623                        $this->value = $profiledata->value;
    624624                        $this->last_updated = $profiledata->last_updated;
    625625                }
    626626        }
     
    661661               
    662662                if ( $this->is_valid_field() ) {
    663663                        if ( $this->exists() && $this->value != '' ) {
    664                                 $sql = $wpdb->prepare( "UPDATE {$bp->profile->table_name_data} SET value = %s, last_updated = %s WHERE user_id = %d AND field_id = %d", $this->value, $this->last_updated, $this->user_id, $this->field_id );
     664                                $sql = sprintf( "UPDATE {$bp->profile->table_name_data} SET value = '%s', last_updated = '%s' WHERE user_id = %d AND field_id = %d", $this->value, $this->last_updated, $this->user_id, $this->field_id );
    665665                        } else if ( $this->exists() && empty( $this->value ) ) {
    666666                                // Data removed, delete the entry.
    667667                                $this->delete();
    668668                        } else {
    669                                 $sql = $wpdb->prepare("INSERT INTO {$bp->profile->table_name_data} (user_id, field_id, value, last_updated) VALUES (%d, %d, %s, %s)", $this->user_id, $this->field_id, $this->value, $this->last_updated );
     669                                $sql = sprintf("INSERT INTO {$bp->profile->table_name_data} (user_id, field_id, value, last_updated) VALUES (%d, %d, '%s', '%s')", $this->user_id, $this->field_id, $this->value, $this->last_updated );
    670670                        }
    671671                       
    672672                        if ( $wpdb->query($sql) === false )