- Timestamp:
- 11/13/2021 06:40:37 PM (3 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/bp-xprofile/classes/class-bp-xprofile-field.php
r13110 r13147 562 562 * @since 1.2.0 563 563 * 564 * @global object $wpdb 565 * 566 * @param bool $for_editing Whether or not the field is for editing. 564 * @global BuddyPress $bp The one true BuddyPress instance. 565 * @global wpdb $wpdb WordPress database object. 566 * 567 * @param bool $for_editing Whether or not the field is for editing. Default to false. 567 568 * @return array 568 569 */ … … 570 571 global $wpdb; 571 572 573 // Sanitize 'order_by'. 574 $order_by = bp_esc_sql_order( $this->order_by ); 575 572 576 // This is done here so we don't have problems with sql injection. 573 if ( empty( $for_editing ) && ( 'asc' === $this->order_by ) ) { 574 $sort_sql = 'ORDER BY name ASC'; 575 } elseif ( empty( $for_editing ) && ( 'desc' === $this->order_by ) ) { 576 $sort_sql = 'ORDER BY name DESC'; 577 if ( empty( $for_editing ) ) { 578 $sort_sql = "ORDER BY name {$order_by}"; 577 579 } else { 578 580 $sort_sql = 'ORDER BY option_order ASC'; … … 587 589 } 588 590 589 $bp = buddypress(); 590 $sql = $wpdb->prepare( "SELECT * FROM {$bp->profile->table_name_fields} WHERE parent_id = %d AND group_id = %d {$sort_sql}", $parent_id, $this->group_id ); 591 591 $bp = buddypress(); 592 $sql = $wpdb->prepare( "SELECT * FROM {$bp->profile->table_name_fields} WHERE parent_id = %d AND group_id = %d {$sort_sql}", $parent_id, $this->group_id ); 592 593 $children = $wpdb->get_results( $sql ); 593 594 … … 598 599 * @since 3.0.0 Added the `$this` parameter. 599 600 * 600 * @param object$children Found children for a field.601 * @param array $children Found children for a field. 601 602 * @param bool $for_editing Whether or not the field is for editing. 602 603 * @param BP_XProfile_Field $this Field object
Note: See TracChangeset
for help on using the changeset viewer.