Changeset 7014 for branches/1.7/bp-core/bp-core-classes.php
- Timestamp:
- 05/07/2013 11:42:23 PM (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/1.7/bp-core/bp-core-classes.php
r6654 r7014 837 837 838 838 if ( !empty( $search_terms ) && bp_is_active( 'xprofile' ) ) { 839 $search_terms = like_escape( $wpdb->escape( $search_terms) );839 $search_terms = esc_sql( like_escape( trim( $search_terms ) ) ); 840 840 $sql['where_searchterms'] = "AND spd.value LIKE '%%$search_terms%%'"; 841 841 } … … 954 954 } 955 955 956 $letter = like_escape( $wpdb->escape( $letter) );956 $letter = esc_sql( like_escape( trim( $letter ) ) ); 957 957 $status_sql = bp_core_get_status_sql( 'u.' ); 958 958 959 $exclude_sql = ( !empty( $exclude ) ) ? " AND u.ID NOT IN ({$exclude})" : ""; 959 if ( !empty( $exclude ) ) { 960 $exclude = wp_parse_id_list( $r['exclude'] ); 961 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 962 $exclude_sql = " AND u.id NOT IN ({$exclude})"; 963 } else { 964 $exclude_sql = ''; 965 } 960 966 961 967 $total_users_sql = apply_filters( 'bp_core_users_by_letter_count_sql', $wpdb->prepare( "SELECT COUNT(DISTINCT u.ID) FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id LEFT JOIN {$bp->profile->table_name_fields} pf ON pd.field_id = pf.id WHERE {$status_sql} AND pf.name = %s {$exclude_sql} AND pd.value LIKE '{$letter}%%' ORDER BY pd.value ASC", bp_xprofile_fullname_field_name() ) ); … … 1046 1052 $pag_sql = $limit && $page ? $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * intval( $limit ) ), intval( $limit ) ) : ''; 1047 1053 1048 $search_terms = like_escape( $wpdb->escape( $search_terms) );1054 $search_terms = esc_sql( like_escape( trim( $search_terms ) ) ); 1049 1055 $status_sql = bp_core_get_status_sql( 'u.' ); 1050 1056
Note: See TracChangeset
for help on using the changeset viewer.