Changeset 13230

Timestamp:

02/05/2022 08:50:18 AM (3 years ago)

Author:

imath

Message:

Bring back custom order to xProfile field options sorting

r13147 introduced a regression about this type of xProfile field options order. To make sure we preserve it, we need to check $this->order_by value before sanitizing it otherwise the potential custom value is sanitized to ASC and the SQL sort part is never set to use the option_order db field.

Props oztaser, espellcaste, niftythree

See #8623 (branch 10.0)

File:

• branches/10.0/src/bp-xprofile/classes/class-bp-xprofile-field.php (modified) (2 diffs)

branches/10.0/src/bp-xprofile/classes/class-bp-xprofile-field.php

@@ -571 +571 @@
         global $wpdb;
 
-        // Sanitize 'order_by'.
-        $order_by = bp_esc_sql_order( $this->order_by );
-
         // This is done here so we don't have problems with sql injection.
-        if ( empty( $for_editing ) ) {
-            $sort_sql = "ORDER BY name {$order_by}";
+        if ( empty( $for_editing ) && in_array( $this->order_by, array( 'asc', 'desc' ), true ) ) {
+            $sort_sql = sprintf( 'ORDER BY name %s', bp_esc_sql_order( $this->order_by ) );
         } else {
             $sort_sql = 'ORDER BY option_order ASC';
@@ -599 +596 @@
          * @since 3.0.0 Added the `$this` parameter.
          *
-         * @param array             $children    Found children for a field.
-         * @param bool              $for_editing Whether or not the field is for editing.
-         * @param BP_XProfile_Field $this        Field object
+         * @param array             $children     Found children for a field.
+         * @param bool              $for_editing  Whether or not the field is for editing.
+         * @param BP_XProfile_Field $field_object BP_XProfile_Field Field object.
          */
         return apply_filters( 'bp_xprofile_field_get_children', $children, $for_editing, $this );