Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
11/13/2021 06:40:37 PM (3 years ago)
Author:
espellcaste
Message:

Sanitize all ORDER BY (ASC/DESC) values using the bp_esc_sql_order helper function where possible.

BuddyPress is not consistent on how it escapes ORDER BY (ASC/DESC) values provided by the developers/users. This commit improves that by using the bp_esc_sql_order helper function where possible.

Props imath

Fixes #8576

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-blogs/bp-blogs-template.php

    r13108 r13147  
    9898/**
    9999 * Rewind the blogs and reset blog index.
     100 *
     101 * @global BP_Blogs_Template $blogs_template {@link BP_Blogs_Template}
    100102 */
    101103function bp_rewind_blogs() {
     
    112114 * display a list of activity items.
    113115 *
    114  * @global object $blogs_template {@link BP_Blogs_Template}
     116 * @global BP_Blogs_Template $blogs_template {@link BP_Blogs_Template}
    115117 *
    116118 * @param array|string $args {
     
    134136 *                                      'active', 'alphabetical', 'newest', or 'random'.
    135137 *     @type array    $include_blog_ids Array of blog IDs to limit results to.
    136  *     @type string   $sort             'ASC' or 'DESC'. Default: 'DESC'.
    137138 *     @type string   $search_terms     Limit results by a search term. Default: the value of `$_REQUEST['s']` or
    138139 *                                      `$_REQUEST['sites_search']`, if present.
Note: See TracChangeset for help on using the changeset viewer.