Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
11/13/2021 06:40:37 PM (3 years ago)
Author:
espellcaste
Message:

Sanitize all ORDER BY (ASC/DESC) values using the bp_esc_sql_order helper function where possible.

BuddyPress is not consistent on how it escapes ORDER BY (ASC/DESC) values provided by the developers/users. This commit improves that by using the bp_esc_sql_order helper function where possible.

Props imath

Fixes #8576

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-messages/bp-messages-template.php

    r13108 r13147  
    16351635 * @param array|string $args {
    16361636 *     Array of arguments. All are optional.
    1637  *     @type int      $thread_id         ID of the thread whose messages you are displaying.
     1637 *     @type int      $thread_id         Optional. ID of the thread whose messages you are displaying.
    16381638 *                                       Default: if viewing a thread, the thread ID will be parsed from
    16391639 *                                       the URL (bp_action_variable( 0 )).
    1640  *     @type string   $order             'ASC' or 'DESC'. Default: 'ASC'.
    1641  *     @type bool     $update_meta_cache Whether to pre-fetch metadata for
     1640 *     @type string   $order             Optional. 'ASC' or 'DESC'. Default: 'ASC'.
     1641 *     @type bool     $update_meta_cache Optional. Whether to pre-fetch metadata for
    16421642 *                                       queried message items. Default: true.
    16431643 *     @type int|null $page              Page of messages being requested. Default to null, meaning all.
Note: See TracChangeset for help on using the changeset viewer.