Context Navigation

← Previous Change
Next Change →

bp-core-classes.php

Timestamp:

05/06/2013 07:51:30 PM (12 years ago)

Author:

boonebgorges

Message:

Improve search_terms SQL clause in BP_User_Query

Standardizing the way that apostrophes and other special characters are
escaped in the LIKE claues means that we won't miss items "O'Conner" in member
search.

Fixes #4933

Props dontdream

File:

: 1 edited

trunk/bp-core/bp-core-classes.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/bp-core/bp-core-classes.php

-                      r6996
+                      r7008
         // @todo remove need for bp_is_active() check
         if ( false !== $search_terms && bp_is_active( 'xprofile' ) ) {
+            $found_user_ids = $wpdb->get_col( $wpdb->prepare( "SELECT user_id FROM {$bp->profile->table_name_data} WHERE value LIKE %s", '%%' . like_escape( $search_terms ) . '%%' ) );
+            $search_terms_clean = mysql_real_escape_string( mysql_real_escape_string( $search_terms ) );
+            $search_terms_clean = like_escape( $search_terms_clean );
+            $found_user_ids_query = "SELECT user_id FROM {$bp->profile->table_name_data} WHERE value LIKE '%" . $search_terms_clean . "%'";
+            $found_user_ids = $wpdb->get_col( $found_user_ids_query );
             if ( ! empty( $found_user_ids ) ) {

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

BuddyPress.org

Context Navigation

Changeset 7008 for trunk/bp-core/bp-core-classes.php

Legend:

trunk/bp-core/bp-core-classes.php

Download in other formats: