Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
11/06/2023 05:36:08 AM (12 months ago)
Author:
imath
Message:

Avoid $wpdb->prepare() wrong usage when getting favorited activities

In the BP_Activity_Query::get_sql_for_clause() method, make sure the placeholder used with $wpdb->prepare() is an integer as expected when setting the hide_sitewide clause.

Fixes #9017
Closes https://github.com/buddypress/buddypress/pull/186

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-activity/classes/class-bp-activity-query.php

    r12694 r13634  
    163163
    164164            // Tinyint.
    165             if ( ! empty( $column ) && true === in_array( $column, array( 'hide_sitewide', 'is_spam' ) ) ) {
     165            if ( ! empty( $column ) && true === in_array( $column, array( 'hide_sitewide', 'is_spam' ) ) && is_int( $value ) ) {
    166166                $sql_chunks['where'][] = $wpdb->prepare( "{$alias}{$column} = %d", $value );
    167167
Note: See TracChangeset for help on using the changeset viewer.