Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
11/13/2021 06:40:37 PM (3 years ago)
Author:
espellcaste
Message:

Sanitize all ORDER BY (ASC/DESC) values using the bp_esc_sql_order helper function where possible.

BuddyPress is not consistent on how it escapes ORDER BY (ASC/DESC) values provided by the developers/users. This commit improves that by using the bp_esc_sql_order helper function where possible.

Props imath

Fixes #8576

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-activity/classes/class-bp-activity-activity.php

    r13146 r13147  
    512512        }
    513513
    514         // Sorting.
     514        // Sanitize 'order'.
    515515        $sort = $r['sort'];
    516         if ( $sort != 'ASC' && $sort != 'DESC' ) {
    517             $sort = 'DESC';
     516        if ( 'DESC' !== $sort ) {
     517            $sort = bp_esc_sql_order( $sort );
    518518        }
    519519
Note: See TracChangeset for help on using the changeset viewer.