Changeset 2052
- Timestamp:
- 10/22/2009 05:06:04 PM (15 years ago)
- Location:
- branches/1.1
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/1.1/bp-activity/bp-activity-filters.php
r1925 r2052 3 3 /* Apply WordPress defined filters */ 4 4 add_filter( 'bp_get_activity_content', 'bp_activity_filter_kses', 1 ); 5 add_filter( 'bp_get_activity_content', 'bp_activity_filter_kses', 1 ); 6 5 7 add_filter( 'bp_get_activity_content', 'force_balance_tags' ); 6 8 add_filter( 'bp_get_activity_content', 'wptexturize' ); -
branches/1.1/bp-activity/bp-activity-templatetags.php
r1980 r2052 352 352 else 353 353 unset($selected); 354 355 $component_name = attribute_escape( $component_name ); 354 356 355 357 switch ( $style ) { … … 379 381 $translatable_component_names = array( __( 'profile', 'buddypress'), __( 'friends', 'buddypress' ), __( 'groups', 'buddypress' ), __( 'status', 'buddypress' ), __( 'blogs', 'buddypress' ) ); 380 382 381 $component_links[] = $before . '<a href="' . $link. '">' . ucwords( __( $component_name, 'buddypress' ) ) . '</a>' . $after;383 $component_links[] = $before . '<a href="' . attribute_escape( $link ) . '">' . ucwords( __( $component_name, 'buddypress' ) ) . '</a>' . $after; 382 384 } 383 385 … … 385 387 386 388 if ( isset( $_GET['afilter'] ) ) 387 $component_links[] = '<' . $tag . ' id="afilter-clear"><a href="' . $link. '"">' . __( 'Clear Filter', 'buddypress' ) . '</a></' . $tag . '>';389 $component_links[] = '<' . $tag . ' id="afilter-clear"><a href="' . attribute_escape( $link ) . '"">' . __( 'Clear Filter', 'buddypress' ) . '</a></' . $tag . '>'; 388 390 389 391 return apply_filters( 'bp_get_activity_filter_links', implode( "\n", $component_links ) ); -
branches/1.1/bp-blogs/bp-blogs-classes.php
r2047 r2052 181 181 bp_blogs_setup_globals(); 182 182 183 like_escape( $wpdb->escape( $letter ) );183 $letter = like_escape( $wpdb->escape( $letter ) ); 184 184 185 185 if ( $limit && $page ) { … … 199 199 bp_blogs_setup_globals(); 200 200 201 like_escape( $wpdb->escape( $filter ) );201 $filter = like_escape( $wpdb->escape( $filter ) ); 202 202 203 203 if ( $limit && $page ) { -
branches/1.1/bp-core/bp-core-classes.php
r2047 r2052 220 220 return false; 221 221 222 like_escape( $wpdb->escape( $letter ) );222 $letter = like_escape( $wpdb->escape( $letter ) ); 223 223 224 224 $total_users_sql = apply_filters( 'bp_core_users_by_letter_count_sql', $wpdb->prepare( "SELECT DISTINCT count(u.ID) FROM " . CUSTOM_USER_TABLE . " u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id LEFT JOIN {$bp->profile->table_name_fields} pf ON pd.field_id = pf.id WHERE u.spam = 0 AND u.deleted = 0 AND u.user_status = 0 AND pf.name = %s AND pd.value LIKE '$letter%%' ORDER BY pd.value ASC", BP_XPROFILE_FULLNAME_FIELD_NAME ), $letter ); … … 240 240 $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) ); 241 241 242 like_escape( $wpdb->escape( $search_terms ) );242 $search_terms = like_escape( $wpdb->escape( $search_terms ) ); 243 243 244 244 $total_users_sql = apply_filters( 'bp_core_search_users_count_sql', "SELECT DISTINCT count(u.ID) as user_id FROM " . CUSTOM_USER_TABLE . " u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id WHERE u.spam = 0 AND u.deleted = 0 AND u.user_status = 0 AND pd.value LIKE '%%$search_terms%%' ORDER BY pd.value ASC", $search_terms ); -
branches/1.1/bp-friends/bp-friends-classes.php
r2047 r2052 150 150 $user_id = $bp->loggedin_user->id; 151 151 152 like_escape( $wpdb->escape( $filter ) );152 $filter = like_escape( $wpdb->escape( $filter ) ); 153 153 154 154 if ( $limit && $page ) … … 222 222 global $wpdb, $bp; 223 223 224 like_escape( $wpdb->escape( $filter ) );224 $filter = like_escape( $wpdb->escape( $filter ) ); 225 225 $usermeta_table = $wpdb->base_prefix . 'usermeta'; 226 226 $users_table = $wpdb->base_prefix . 'users'; … … 247 247 global $wpdb, $bp; 248 248 249 like_escape( $wpdb->escape( $filter ) );249 $filter = like_escape( $wpdb->escape( $filter ) ); 250 250 $usermeta_table = $wpdb->prefix . 'usermeta'; 251 251 $users_table = $wpdb->base_prefix . 'users'; -
branches/1.1/bp-groups/bp-groups-classes.php
r2047 r2052 247 247 $user_id = $bp->displayed_user->id; 248 248 249 like_escape( $wpdb->escape( $filter ) );249 $filter = like_escape( $wpdb->escape( $filter ) ); 250 250 251 251 if ( $limit && $page ) … … 269 269 global $wpdb, $bp; 270 270 271 like_escape( $wpdb->escape( $filter ) );271 $filter = like_escape( $wpdb->escape( $filter ) ); 272 272 273 273 if ( $limit && $page ) … … 463 463 $hidden_sql = $wpdb->prepare( " AND status != 'hidden'"); 464 464 465 like_escape( $wpdb->escape( $letter ) );466 465 $letter = like_escape( $wpdb->escape( $letter ) ); 466 467 467 if ( $limit && $page ) { 468 468 $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) ); … … 699 699 700 700 if ( $filter ) { 701 like_escape( $wpdb->escape( $filter ) );701 $filter = like_escape( $wpdb->escape( $filter ) ); 702 702 $filter_sql = " AND ( g.name LIKE '{$filter}%%' OR g.description LIKE '{$filter}%%' )"; 703 703 } … … 739 739 740 740 if ( $filter ) { 741 like_escape( $wpdb->escape( $filter ) );741 $filter = like_escape( $wpdb->escape( $filter ) ); 742 742 $filter_sql = " AND ( g.name LIKE '{$filter}%%' OR g.description LIKE '{$filter}%%' )"; 743 743 } … … 759 759 760 760 if ( $filter ) { 761 like_escape( $wpdb->escape( $filter ) );761 $filter = like_escape( $wpdb->escape( $filter ) ); 762 762 $filter_sql = " AND ( g.name LIKE '{$filter}%%' OR g.description LIKE '{$filter}%%' )"; 763 763 } … … 779 779 780 780 if ( $filter ) { 781 like_escape( $wpdb->escape( $filter ) );781 $filter = like_escape( $wpdb->escape( $filter ) ); 782 782 $filter_sql = " AND ( g.name LIKE '{$filter}%%' OR g.description LIKE '{$filter}%%' )"; 783 783 } … … 799 799 800 800 if ( $filter ) { 801 like_escape( $wpdb->escape( $filter ) );801 $filter = like_escape( $wpdb->escape( $filter ) ); 802 802 $filter_sql = " AND ( g.name LIKE '{$filter}%%' OR g.description LIKE '{$filter}%%' )"; 803 803 }
Note: See TracChangeset
for help on using the changeset viewer.