Skip to:
Content

BuddyPress.org

Changeset 2052


Ignore:
Timestamp:
10/22/2009 05:06:04 PM (15 years ago)
Author:
apeatling
Message:

Fixes #1223 props DJPaul

Location:
branches/1.1
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • branches/1.1/bp-activity/bp-activity-filters.php

    r1925 r2052  
    33/* Apply WordPress defined filters */
    44add_filter( 'bp_get_activity_content', 'bp_activity_filter_kses', 1 );
     5add_filter( 'bp_get_activity_content', 'bp_activity_filter_kses', 1 );
     6
    57add_filter( 'bp_get_activity_content', 'force_balance_tags' );
    68add_filter( 'bp_get_activity_content', 'wptexturize' );
  • branches/1.1/bp-activity/bp-activity-templatetags.php

    r1980 r2052  
    352352            else
    353353                unset($selected);
     354           
     355            $component_name = attribute_escape( $component_name );
    354356
    355357            switch ( $style ) {
     
    379381            $translatable_component_names = array( __( 'profile', 'buddypress'), __( 'friends', 'buddypress' ), __( 'groups', 'buddypress' ), __( 'status', 'buddypress' ), __( 'blogs', 'buddypress' ) );
    380382           
    381             $component_links[] = $before . '<a href="' . $link . '">' . ucwords( __( $component_name, 'buddypress' ) ) . '</a>' . $after;
     383            $component_links[] = $before . '<a href="' . attribute_escape( $link ) . '">' . ucwords( __( $component_name, 'buddypress' ) ) . '</a>' . $after;
    382384        }
    383385
     
    385387
    386388        if ( isset( $_GET['afilter'] ) )
    387             $component_links[] = '<' . $tag . ' id="afilter-clear"><a href="' . $link . '"">' . __( 'Clear Filter', 'buddypress' ) . '</a></' . $tag . '>';
     389            $component_links[] = '<' . $tag . ' id="afilter-clear"><a href="' . attribute_escape( $link ) . '"">' . __( 'Clear Filter', 'buddypress' ) . '</a></' . $tag . '>';
    388390       
    389391        return apply_filters( 'bp_get_activity_filter_links', implode( "\n", $component_links ) );
  • branches/1.1/bp-blogs/bp-blogs-classes.php

    r2047 r2052  
    181181            bp_blogs_setup_globals();
    182182       
    183         like_escape( $wpdb->escape( $letter ) );
     183        $letter = like_escape( $wpdb->escape( $letter ) );
    184184               
    185185        if ( $limit && $page ) {
     
    199199            bp_blogs_setup_globals();
    200200       
    201         like_escape( $wpdb->escape( $filter ) );
     201        $filter = like_escape( $wpdb->escape( $filter ) );
    202202       
    203203        if ( $limit && $page ) {
  • branches/1.1/bp-core/bp-core-classes.php

    r2047 r2052  
    220220            return false;
    221221       
    222         like_escape( $wpdb->escape( $letter ) );
     222        $letter = like_escape( $wpdb->escape( $letter ) );
    223223
    224224        $total_users_sql = apply_filters( 'bp_core_users_by_letter_count_sql', $wpdb->prepare( "SELECT DISTINCT count(u.ID) FROM " . CUSTOM_USER_TABLE . " u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id LEFT JOIN {$bp->profile->table_name_fields} pf ON pd.field_id = pf.id WHERE u.spam = 0 AND u.deleted = 0 AND u.user_status = 0 AND pf.name = %s AND pd.value LIKE '$letter%%' ORDER BY pd.value ASC", BP_XPROFILE_FULLNAME_FIELD_NAME ), $letter );
     
    240240            $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
    241241       
    242         like_escape( $wpdb->escape( $search_terms ) ); 
     242        $search_terms = like_escape( $wpdb->escape( $search_terms ) ); 
    243243
    244244        $total_users_sql = apply_filters( 'bp_core_search_users_count_sql', "SELECT DISTINCT count(u.ID) as user_id FROM " . CUSTOM_USER_TABLE . " u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id WHERE u.spam = 0 AND u.deleted = 0 AND u.user_status = 0 AND pd.value LIKE '%%$search_terms%%' ORDER BY pd.value ASC", $search_terms );
  • branches/1.1/bp-friends/bp-friends-classes.php

    r2047 r2052  
    150150            $user_id = $bp->loggedin_user->id;
    151151       
    152         like_escape( $wpdb->escape( $filter ) );
     152        $filter = like_escape( $wpdb->escape( $filter ) );
    153153       
    154154        if ( $limit && $page )
     
    222222        global $wpdb, $bp;
    223223       
    224         like_escape( $wpdb->escape( $filter ) );
     224        $filter = like_escape( $wpdb->escape( $filter ) );
    225225        $usermeta_table = $wpdb->base_prefix . 'usermeta';
    226226        $users_table = $wpdb->base_prefix . 'users';
     
    247247        global $wpdb, $bp;
    248248       
    249         like_escape( $wpdb->escape( $filter ) );
     249        $filter = like_escape( $wpdb->escape( $filter ) );
    250250        $usermeta_table = $wpdb->prefix . 'usermeta';
    251251        $users_table = $wpdb->base_prefix . 'users';
  • branches/1.1/bp-groups/bp-groups-classes.php

    r2047 r2052  
    247247            $user_id = $bp->displayed_user->id;
    248248       
    249         like_escape( $wpdb->escape( $filter ) );
     249        $filter = like_escape( $wpdb->escape( $filter ) );
    250250       
    251251        if ( $limit && $page )
     
    269269        global $wpdb, $bp;
    270270       
    271         like_escape( $wpdb->escape( $filter ) );
     271        $filter = like_escape( $wpdb->escape( $filter ) );
    272272       
    273273        if ( $limit && $page )
     
    463463            $hidden_sql = $wpdb->prepare( " AND status != 'hidden'");
    464464       
    465         like_escape( $wpdb->escape( $letter ) );
    466                
     465        $letter = like_escape( $wpdb->escape( $letter ) );
     466
    467467        if ( $limit && $page ) {
    468468            $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
     
    699699
    700700        if ( $filter ) {
    701             like_escape( $wpdb->escape( $filter ) );
     701            $filter = like_escape( $wpdb->escape( $filter ) );
    702702            $filter_sql = " AND ( g.name LIKE '{$filter}%%' OR g.description LIKE '{$filter}%%' )";         
    703703        }
     
    739739           
    740740        if ( $filter ) {
    741             like_escape( $wpdb->escape( $filter ) );
     741            $filter = like_escape( $wpdb->escape( $filter ) );
    742742            $filter_sql = " AND ( g.name LIKE '{$filter}%%' OR g.description LIKE '{$filter}%%' )";         
    743743        }
     
    759759
    760760        if ( $filter ) {
    761             like_escape( $wpdb->escape( $filter ) );
     761            $filter = like_escape( $wpdb->escape( $filter ) );
    762762            $filter_sql = " AND ( g.name LIKE '{$filter}%%' OR g.description LIKE '{$filter}%%' )";         
    763763        }
     
    779779
    780780        if ( $filter ) {
    781             like_escape( $wpdb->escape( $filter ) );
     781            $filter = like_escape( $wpdb->escape( $filter ) );
    782782            $filter_sql = " AND ( g.name LIKE '{$filter}%%' OR g.description LIKE '{$filter}%%' )";         
    783783        }
     
    799799
    800800        if ( $filter ) {
    801             like_escape( $wpdb->escape( $filter ) );
     801            $filter = like_escape( $wpdb->escape( $filter ) );
    802802            $filter_sql = " AND ( g.name LIKE '{$filter}%%' OR g.description LIKE '{$filter}%%' )";         
    803803        }
Note: See TracChangeset for help on using the changeset viewer.