Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
10/24/2010 09:22:29 PM (15 years ago)
Author:
djpaul
Message:

Fixed #2676

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/bp-core/bp-core-classes.php

    r3267 r3300  
    5151     * @uses bp_core_get_userlink() Returns a HTML formatted link for a user with the user's full name as the link text
    5252     * @uses bp_core_get_user_email() Returns the email address for the user based on user ID
    53      * @uses get_usermeta() WordPress function returns the value of passed usermeta name from usermeta table
     53     * @uses get_user_meta() WordPress function returns the value of passed usermeta name from usermeta table
    5454     * @uses bp_core_fetch_avatar() Returns HTML formatted avatar for a user
    5555     * @uses bp_profile_last_updated_date() Returns the last updated date for a user.
     
    6161        if ( $this->profile_data ) {
    6262            $this->user_url = bp_core_get_user_domain( $this->id, $this->profile_data['user_nicename'], $this->profile_data['user_login'] );
    63             $this->fullname = attribute_escape( $this->profile_data[BP_XPROFILE_FULLNAME_FIELD_NAME]['field_data'] );
     63            $this->fullname = esc_attr( $this->profile_data[BP_XPROFILE_FULLNAME_FIELD_NAME]['field_data'] );
    6464            $this->user_link = "<a href='{$this->user_url}' title='{$this->fullname}'>{$this->fullname}</a>";
    65             $this->email = attribute_escape( $this->profile_data['user_email'] );
     65            $this->email = esc_attr( $this->profile_data['user_email'] );
    6666        } else {
    6767            $this->user_url = bp_core_get_user_domain( $this->id );
    6868            $this->user_link = bp_core_get_userlink( $this->id );
    69             $this->fullname = attribute_escape( bp_core_get_user_displayname( $this->id ) );
    70             $this->email = attribute_escape( bp_core_get_user_email( $this->id ) );
     69            $this->fullname = esc_attr( bp_core_get_user_displayname( $this->id ) );
     70            $this->email = esc_attr( bp_core_get_user_email( $this->id ) );
    7171        }
    7272
     
    8080        $this->avatar_mini = bp_core_fetch_avatar( array( 'item_id' => $this->id, 'type' => 'thumb', 'width' => 30, 'height' => 30 ) );
    8181
    82         $this->last_active = bp_core_get_last_activity( get_usermeta( $this->id, 'last_activity' ), __( 'active %s ago', 'buddypress' ) );
     82        $this->last_active = bp_core_get_last_activity( get_user_meta( $this->id, 'last_activity', true ), __( 'active %s ago', 'buddypress' ) );
    8383    }
    8484
     
    107107    /* Static Functions */
    108108
    109     function get_users( $type, $limit = null, $page = 1, $user_id = false, $search_terms = false, $populate_extras = true ) {
     109    function get_users( $type, $limit = null, $page = 1, $user_id = false, $include = false, $search_terms = false, $populate_extras = true ) {
    110110        global $wpdb, $bp;
    111111
    112112        $sql = array();
    113113
    114         $sql['select_main'] = "SELECT u.ID as id, u.user_registered, u.user_nicename, u.user_login, u.display_name, u.user_email";
     114        $sql['select_main'] = "SELECT DISTINCT u.ID as id, u.user_registered, u.user_nicename, u.user_login, u.display_name, u.user_email";
    115115
    116116        if ( 'active' == $type || 'online' == $type )
     
    125125        $sql['from'] = "FROM " . CUSTOM_USER_TABLE . " u LEFT JOIN " . CUSTOM_USER_META_TABLE . " um ON um.user_id = u.ID";
    126126
     127        if ( $search_terms && function_exists( 'xprofile_install' ) || 'alphabetical' == $type )
     128            $sql['join_profiledata'] = "LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id";
     129
    127130        $sql['where'] = 'WHERE ' . bp_core_get_status_sql( 'u.' );
    128131
     
    134137
    135138        if ( 'online' == $type )
    136             $sql['where_online'] = "AND DATE_ADD( um.meta_value, INTERVAL 5 MINUTE ) >= NOW()";
     139            $sql['where_online'] = "AND DATE_ADD( um.meta_value, INTERVAL 5 MINUTE ) >= UTC_TIMESTAMP()";
    137140
    138141        if ( 'alphabetical' == $type )
    139142            $sql['where_alpha'] = "AND pd.field_id = 1";
    140143
    141         if ( $user_id && function_exists( 'friends_install' ) ) {
     144        if ( $include ) {
     145            if ( is_array( $include ) )
     146                $uids = $wpdb->escape( implode( ',', (array)$include ) );
     147            else
     148                $uids = $wpdb->escape( $include );
     149
     150            if ( !empty( $uids ) )
     151                $sql['where_users'] = "AND u.ID IN ({$uids})";
     152        }
     153
     154        else if ( $user_id && function_exists( 'friends_install' ) ) {
    142155            $friend_ids = friends_get_friend_user_ids( $user_id );
    143156            $friend_ids = $wpdb->escape( implode( ',', (array)$friend_ids ) );
     
    151164        }
    152165
    153         if ( $search_terms ) {
     166        if ( $search_terms && function_exists( 'xprofile_install' ) ) {
    154167            $search_terms = like_escape( $wpdb->escape( $search_terms ) );
    155             $sql['where_searchterms'] = "AND u.display_name LIKE '%%$search_terms%%'";
     168            $sql['where_searchterms'] = "AND pd.value LIKE '%%$search_terms%%'";
    156169        }
    157170
     
    164177                break;
    165178            case 'alphabetical':
    166                 $sql[] = "ORDER BY u.display_name ASC";
     179                $sql[] = "ORDER BY pd.value ASC";
    167180                break;
    168181            case 'random':
     
    178191
    179192        /* Get paginated results */
    180         $paged_users = $wpdb->get_results( join( ' ', (array)$sql ) );
     193        $paged_users_sql = apply_filters( 'bp_core_get_paged_users_sql', join( ' ', (array)$sql ), $sql );
     194        $paged_users     = $wpdb->get_results( $paged_users_sql );
    181195
    182196        /* Re-jig the SQL so we can get the total user count */
     
    198212
    199213        /* Get total user results */
    200         $total_users = $wpdb->get_var( join( ' ', (array)$sql ) );
     214        $total_users_sql = apply_filters( 'bp_core_get_total_users_sql', join( ' ', (array)$sql ), $sql );
     215        $total_users     = $wpdb->get_var( $total_users_sql );
    201216
    202217        /***
     
    223238            $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
    224239
    225         if ( strlen($letter) > 1 || is_numeric($letter) || !$letter )
    226             return false;
     240        // Multibyte compliance
     241        if ( function_exists( 'mb_strlen' ) ) {
     242            if ( mb_strlen( $letter, 'UTF-8' ) > 1 || is_numeric( $letter ) || !$letter ) {
     243                return false;
     244            }
     245        } else {
     246            if ( strlen( $letter ) > 1 || is_numeric( $letter ) || !$letter ) {
     247                return false;
     248            }
     249        }
    227250
    228251        $letter = like_escape( $wpdb->escape( $letter ) );
     
    318341        /* Fetch the user's full name */
    319342        if ( bp_is_active( 'xprofile' ) && 'alphabetical' != $type ) {
     343            /* Ensure xprofile globals are set */
     344            if ( !defined( 'BP_XPROFILE_FULLNAME_FIELD_NAME' ) )
     345                xprofile_setup_globals();
     346
    320347            $names = $wpdb->get_results( $wpdb->prepare( "SELECT pd.user_id as id, pd.value as fullname FROM {$bp->profile->table_name_fields} pf, {$bp->profile->table_name_data} pd WHERE pf.id = pd.field_id AND pf.name = %s AND pd.user_id IN ( {$user_ids} )", BP_XPROFILE_FULLNAME_FIELD_NAME ) );
    321348            for ( $i = 0; $i < count( $paged_users ); $i++ ) {
     
    436463        if ( $this->id ) {
    437464            // Update
    438             $sql = $wpdb->prepare( "UPDATE {$bp->core->table_name_notifications} SET item_id = %d, secondary_item_id = %d, user_id = %d, component_name = %s, component_action = %d, date_notified = FROM_UNIXTIME(%d), is_new = %d ) WHERE id = %d", $this->item_id, $this->secondary_item_id, $this->user_id, $this->component_name, $this->component_action, $this->date_notified, $this->is_new, $this->id );
     465            $sql = $wpdb->prepare( "UPDATE {$bp->core->table_name_notifications} SET item_id = %d, secondary_item_id = %d, user_id = %d, component_name = %s, component_action = %d, date_notified = %s, is_new = %d ) WHERE id = %d", $this->item_id, $this->secondary_item_id, $this->user_id, $this->component_name, $this->component_action, $this->date_notified, $this->is_new, $this->id );
    439466        } else {
    440467            // Save
    441             $sql = $wpdb->prepare( "INSERT INTO {$bp->core->table_name_notifications} ( item_id, secondary_item_id, user_id, component_name, component_action, date_notified, is_new ) VALUES ( %d, %d, %d, %s, %s, FROM_UNIXTIME(%d), %d )", $this->item_id, $this->secondary_item_id, $this->user_id, $this->component_name, $this->component_action, $this->date_notified, $this->is_new );
     468            $sql = $wpdb->prepare( "INSERT INTO {$bp->core->table_name_notifications} ( item_id, secondary_item_id, user_id, component_name, component_action, date_notified, is_new ) VALUES ( %d, %d, %d, %s, %s, %s, %d )", $this->item_id, $this->secondary_item_id, $this->user_id, $this->component_name, $this->component_action, $this->date_notified, $this->is_new );
    442469        }
    443470
Note: See TracChangeset for help on using the changeset viewer.