Changeset 6716 for trunk/bp-forums/bp-forums-functions.php

Timestamp:

01/09/2013 04:27:09 PM (11 years ago)

Author:

boonebgorges

Message:

Escape post text before checking for existing replies in bp_forums_reply_exists()

Fixes #4758

Props wpdennis

File:

• trunk/bp-forums/bp-forums-functions.php (modified) (2 diffs)

trunk/bp-forums/bp-forums-functions.php

@@ -353 +353 @@
  */
 function bp_forums_reply_exists( $text = '', $topic_id = 0, $user_id = 0 ) {
+    global $wpdb;
+
     $reply_exists = false;
 
@@ -364 +366 @@
 
         // BB_Query's post_text parameter does a MATCH, while we need exact matches
-        add_filter( 'get_posts_where', create_function( '$q', 'return $q . " AND p.post_text = \'' . $text . '\'";' ) );
+        add_filter( 'get_posts_where', create_function( '$q', 'return $q . " AND p.post_text = \'' . $wpdb->escape( $text ) . '\'";' ) );
 
         $query = new BB_Query( 'post', $args );