Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
12/10/2012 06:07:53 AM (13 years ago)
Author:
johnjamesjacoby
Message:

Query variable and prepare() usage audit. See #4654. (1.6 branch)

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/1.6/bp-activity/bp-activity-classes.php

    r6557 r6575  
    5757
    5858    function save() {
    59         global $wpdb, $bp, $current_user;
     59        global $wpdb, $bp;
    6060
    6161        $this->id                = apply_filters_ref_array( 'bp_activity_id_before_save',                array( $this->id,                &$this ) );
     
    8484
    8585        // If we have an existing ID, update the activity item, otherwise insert it.
    86         if ( $this->id )
     86        if ( $this->id ) {
    8787            $q = $wpdb->prepare( "UPDATE {$bp->activity->table_name} SET user_id = %d, component = %s, type = %s, action = %s, content = %s, primary_link = %s, date_recorded = %s, item_id = %d, secondary_item_id = %d, hide_sitewide = %d, is_spam = %d WHERE id = %d", $this->user_id, $this->component, $this->type, $this->action, $this->content, $this->primary_link, $this->date_recorded, $this->item_id, $this->secondary_item_id, $this->hide_sitewide, $this->is_spam, $this->id );
    88         else
     88        } else {
    8989            $q = $wpdb->prepare( "INSERT INTO {$bp->activity->table_name} ( user_id, component, type, action, content, primary_link, date_recorded, item_id, secondary_item_id, hide_sitewide, is_spam ) VALUES ( %d, %s, %s, %s, %s, %s, %s, %d, %d, %d, %d )", $this->user_id, $this->component, $this->type, $this->action, $this->content, $this->primary_link, $this->date_recorded, $this->item_id, $this->secondary_item_id, $this->hide_sitewide, $this->is_spam );
     90        }
    9091
    9192        if ( false === $wpdb->query( $q ) )
     
    9394
    9495        // If this is a new activity item, set the $id property
    95         if ( empty( $this->id ) )
     96        if ( empty( $this->id ) ) {
    9697            $this->id = $wpdb->insert_id;
    9798
    9899        // If an existing activity item, prevent any changes to the content generating new @mention notifications.
    99         else
     100        } else {
    100101            add_filter( 'bp_activity_at_name_do_notifications', '__return_false' );
     102        }
    101103
    102104        do_action_ref_array( 'bp_activity_after_save', array( &$this ) );
Note: See TracChangeset for help on using the changeset viewer.