Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
11/13/2021 06:40:37 PM (3 years ago)
Author:
espellcaste
Message:

Sanitize all ORDER BY (ASC/DESC) values using the bp_esc_sql_order helper function where possible.

BuddyPress is not consistent on how it escapes ORDER BY (ASC/DESC) values provided by the developers/users. This commit improves that by using the bp_esc_sql_order helper function where possible.

Props imath

Fixes #8576

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-blogs/bp-blogs-functions.php

    r13140 r13147  
    9292 * @param array $args {
    9393 *     Array of arguments.
    94  *     @type int   $offset   The offset to use.
    95  *     @type int   $limit    The number of blogs to record at one time.
    96  *     @type array $blog_ids Blog IDs to record. If empty, all blogs will be recorded.
    97  *     @type array $site_id  The network site ID to use.
     94 *     @type int    $offset   The offset to use.
     95 *     @type int    $limit    The number of blogs to record at one time.
     96 *     @type array  $blog_ids Blog IDs to record. If empty, all blogs will be recorded.
     97 *     @type array  $site_id  The network site ID to use.
    9898 * }
    99  *
    10099 * @return bool
    101100 */
Note: See TracChangeset for help on using the changeset viewer.