Changeset 6493

Timestamp:

11/08/2012 07:04:54 PM (13 years ago)

Author:

johnjamesjacoby

Message:

Do not prepare() queries without string replacements in: bp-core-classes.php.

File:

• trunk/bp-core/bp-core-classes.php (modified) (2 diffs)

trunk/bp-core/bp-core-classes.php

@@ -203 +203 @@
                 $sql['select']  = "SELECT DISTINCT u.{$this->uid_name} as id FROM {$wpdb->usermeta} u";
                 $sql['where'][] = $wpdb->prepare( "u.meta_key = %s", bp_get_user_meta_key( 'last_activity' ) );
-                $sql['where'][] = $wpdb->prepare( 'u.meta_value >= DATE_SUB( UTC_TIMESTAMP(), INTERVAL 5 MINUTE )' );
+                $sql['where'][] = 'u.meta_value >= DATE_SUB( UTC_TIMESTAMP(), INTERVAL 5 MINUTE )';
                 $sql['orderby'] = "ORDER BY u.meta_value";
                 $sql['order']   = "DESC";
@@ -376 +376 @@
 
         // Get the specific user ids
-        $this->user_ids = $wpdb->get_col( $wpdb->prepare( "{$this->uid_clauses['select']} {$this->uid_clauses['where']} {$this->uid_clauses['orderby']} {$this->uid_clauses['order']} {$this->uid_clauses['limit']}" ) );
+        $this->user_ids = $wpdb->get_col( "{$this->uid_clauses['select']} {$this->uid_clauses['where']} {$this->uid_clauses['orderby']} {$this->uid_clauses['order']} {$this->uid_clauses['limit']}" );
 
         // Get the total user count