Changeset 6574 for trunk/bp-members/bp-members-functions.php

Timestamp:

12/10/2012 05:45:24 AM (12 years ago)

Author:

johnjamesjacoby

Message:

prepare() usage audit. See #4654. (trunk)

File:

• trunk/bp-members/bp-members-functions.php (modified) (9 diffs)

trunk/bp-members/bp-members-functions.php

@@ -192 +192 @@
         return false;
 
-    return apply_filters( 'bp_core_get_userid', $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->users WHERE user_login = %s", $username ) ), $username );
+    return apply_filters( 'bp_core_get_userid', $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM {$wpdb->users} WHERE user_login = %s", $username ) ), $username );
 }
 
@@ -210 +210 @@
         return false;
 
-    return apply_filters( 'bp_core_get_userid_from_nicename', $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->users WHERE user_nicename = %s", $user_nicename ) ) );
+    return apply_filters( 'bp_core_get_userid_from_nicename', $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM {$wpdb->users} WHERE user_nicename = %s", $user_nicename ) ) );
 }
 
@@ -499 +499 @@
     if ( !$count = wp_cache_get( 'bp_total_member_count', 'bp' ) ) {
         $status_sql = bp_core_get_status_sql();
-        $count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(ID) FROM $wpdb->users WHERE {$status_sql}" ) );
+        $count = $wpdb->get_var( "SELECT COUNT(ID) FROM {$wpdb->users} WHERE {$status_sql}" );
         wp_cache_set( 'bp_total_member_count', $count, 'bp' );
     }
@@ -517 +517 @@
         // Avoid a costly join by splitting the lookup
         if ( is_multisite() ) {
-            $sql = $wpdb->prepare( "SELECT ID FROM $wpdb->users WHERE (user_status != 0 OR deleted != 0 OR user_status != 0)" );
+            $sql = "SELECT ID FROM {$wpdb->users} WHERE (user_status != 0 OR deleted != 0 OR user_status != 0)";
         } else {
-            $sql = $wpdb->prepare( "SELECT ID FROM $wpdb->users WHERE user_status != 0" );
-        }
-
-        $exclude_users = $wpdb->get_col( $sql );
-        $exclude_users_sql = !empty( $exclude_users ) ? $wpdb->prepare( "AND user_id NOT IN (" . implode( ',', wp_parse_id_list( $exclude_users ) ) . ")" ) : '';
-
-        $count = (int) $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(user_id) FROM $wpdb->usermeta WHERE meta_key = %s {$exclude_users_sql}", bp_get_user_meta_key( 'last_activity' ) ) );
+            $sql = "SELECT ID FROM {$wpdb->users} WHERE user_status != 0";
+        }
+
+        $exclude_users     = $wpdb->get_col( $sql );
+        $exclude_users_sql = !empty( $exclude_users ) ? "AND user_id NOT IN (" . implode( ',', wp_parse_id_list( $exclude_users ) ) . ")" : '';
+        $count             = (int) $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(user_id) FROM {$wpdb->usermeta} WHERE meta_key = %s {$exclude_users_sql}", bp_get_user_meta_key( 'last_activity' ) ) );
+
         set_transient( 'bp_active_member_count', $count );
     }
@@ -791 +791 @@
         $user_id = bp_displayed_user_id();
 
-    return apply_filters( 'bp_core_get_all_posts_for_user', $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_author = %d AND post_status = 'publish' AND post_type = 'post'", $user_id ) ) );
+    return apply_filters( 'bp_core_get_all_posts_for_user', $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM {$wpdb->posts} WHERE post_author = %d AND post_status = 'publish' AND post_type = 'post'", $user_id ) ) );
 }
 
@@ -1156 +1156 @@
 
         // Update the user status to '2' which we will use as 'not activated' (0 = active, 1 = spam, 2 = not active)
-        $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->users SET user_status = 2 WHERE ID = %d", $user_id ) );
+        $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->users} SET user_status = 2 WHERE ID = %d", $user_id ) );
 
         // Set any profile data
@@ -1246 +1246 @@
 
         // Get the user_id based on the $key
-        $user_id = $wpdb->get_var( $wpdb->prepare( "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = 'activation_key' AND meta_value = %s", $key ) );
+        $user_id = $wpdb->get_var( $wpdb->prepare( "SELECT user_id FROM {$wpdb->usermeta} WHERE meta_key = 'activation_key' AND meta_value = %s", $key ) );
 
         if ( empty( $user_id ) )
@@ -1252 +1252 @@
 
         // Change the user's status so they become active
-        if ( !$wpdb->query( $wpdb->prepare( "UPDATE $wpdb->users SET user_status = 0 WHERE ID = %d", $user_id ) ) )
+        if ( !$wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->users} SET user_status = 0 WHERE ID = %d", $user_id ) ) )
             return new WP_Error( 'invalid_key', __( 'Invalid activation key', 'buddypress' ) );
 
@@ -1267 +1267 @@
     // Set the password on multisite installs
     if ( is_multisite() && !empty( $user['meta']['password'] ) )
-        $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->users SET user_pass = %s WHERE ID = %d", $user['meta']['password'], $user_id ) );
+        $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->users} SET user_pass = %s WHERE ID = %d", $user['meta']['password'], $user_id ) );
 
     do_action( 'bp_core_activated_user', $user_id, $key, $user );