Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
11/13/2021 06:40:37 PM (3 years ago)
Author:
espellcaste
Message:

Sanitize all ORDER BY (ASC/DESC) values using the bp_esc_sql_order helper function where possible.

BuddyPress is not consistent on how it escapes ORDER BY (ASC/DESC) values provided by the developers/users. This commit improves that by using the bp_esc_sql_order helper function where possible.

Props imath

Fixes #8576

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-core/bp-core-functions.php

    r13140 r13147  
    9393 * @since 1.2.6
    9494 *
    95  * @global object $wpdb WordPress database object.
     95 * @global wpdb $wpdb WordPress database object.
    9696 *
    9797 * @return string Filtered database prefix.
     
    384384 * @since 2.1.0
    385385 *
     386 * @global wpdb $wpdb WordPress database object.
    386387 * @see wpdb::esc_like() for more details on proper use.
    387388 *
     
    395396    if ( method_exists( $wpdb, 'esc_like' ) ) {
    396397        return $wpdb->esc_like( $text );
    397     } else {
    398         return addcslashes( $text, '_%\\' );
    399     }
     398    }
     399
     400    return addcslashes( $text, '_%\\' );
    400401}
    401402
Note: See TracChangeset for help on using the changeset viewer.