Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
11/13/2021 06:40:37 PM (3 years ago)
Author:
espellcaste
Message:

Sanitize all ORDER BY (ASC/DESC) values using the bp_esc_sql_order helper function where possible.

BuddyPress is not consistent on how it escapes ORDER BY (ASC/DESC) values provided by the developers/users. This commit improves that by using the bp_esc_sql_order helper function where possible.

Props imath

Fixes #8576

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-messages/classes/class-bp-messages-thread-template.php

    r13096 r13147  
    8585     *
    8686     * @param int    $thread_id ID of the message thread to display.
    87      * @param string $order     Order to show the thread's messages in.
     87     * @param string $order     Optional. Order to show the thread's messages in.
     88     *                          Default: 'ASC'.
    8889     * @param array  $args      Array of arguments for the query.
    8990     */
Note: See TracChangeset for help on using the changeset viewer.