Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
11/13/2021 06:40:37 PM (3 years ago)
Author:
espellcaste
Message:

Sanitize all ORDER BY (ASC/DESC) values using the bp_esc_sql_order helper function where possible.

BuddyPress is not consistent on how it escapes ORDER BY (ASC/DESC) values provided by the developers/users. This commit improves that by using the bp_esc_sql_order helper function where possible.

Props imath

Fixes #8576

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/testcases/messages/class.bp-messages-thread.php

    r13102 r13147  
    141141        );
    142142
     143        // Testing sort with lowercase and space.
     144        $thread = new BP_Messages_Thread( $message_1->thread_id, '    desc' );
     145        $this->assertEquals(
     146            array( $message_2->id, $message_1->id ),
     147            wp_list_pluck( $thread->messages, 'id' )
     148        );
     149
    143150        // Now sorting via the helper method.
    144151        $messages = BP_Messages_Thread::get_messages( $message_1->thread_id, array( 'order' => 'desc' ) );
Note: See TracChangeset for help on using the changeset viewer.