Changeset 7024 for trunk/bp-core/bp-core-classes.php
- Timestamp:
- 05/08/2013 08:27:22 PM (12 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/bp-core/bp-core-classes.php
r7017 r7024 300 300 if ( ! empty( $user_id ) && bp_is_active( 'friends' ) ) { 301 301 $friend_ids = friends_get_friend_user_ids( $user_id ); 302 $friend_ids = $wpdb->escape( implode( ',', (array)$friend_ids ) );302 $friend_ids = implode( ',', wp_parse_id_list( $friend_ids ) ); 303 303 304 304 if ( ! empty( $friend_ids ) ) { … … 806 806 807 807 if ( !empty( $exclude ) ) { 808 $exclude = implode( ',', wp_parse_id_list( $exclude ) ); 808 809 $sql['where_exclude'] = "AND u.ID NOT IN ({$exclude})"; 809 810 } … … 815 816 } else { 816 817 if ( !empty( $include ) ) { 817 if ( is_array( $include ) ) { 818 $uids = $wpdb->escape( implode( ',', (array) $include ) ); 819 } else { 820 $uids = $wpdb->escape( $include ); 821 } 822 823 if ( !empty( $uids ) ) { 824 $sql['where_users'] = "AND u.ID IN ({$uids})"; 825 } 818 $include = implode( ',', wp_parse_id_list( $include ) ); 819 $sql['where_users'] = "AND u.ID IN ({$include})"; 826 820 } elseif ( !empty( $user_id ) && bp_is_active( 'friends' ) ) { 827 821 $friend_ids = friends_get_friend_user_ids( $user_id ); 828 $friend_ids = $wpdb->escape( implode( ',', (array) $friend_ids ) );829 822 830 823 if ( !empty( $friend_ids ) ) { 824 $friend_ids = implode( ',', wp_parse_id_list( $friend_ids ) ); 831 825 $sql['where_friends'] = "AND u.ID IN ({$friend_ids})"; 832 826 … … 914 908 } 915 909 916 $user_ids = $wpdb->escape( join( ',', (array) $user_ids ) );917 918 910 // Add additional data to the returned results 919 911 $paged_users = BP_Core_User::get_user_extras( $paged_users, $user_ids, $type ); … … 960 952 961 953 if ( !empty( $exclude ) ) { 962 $exclude = wp_parse_id_list( $r['exclude'] ); 963 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 954 $exclude = implode( ',', wp_parse_id_list( $r['exclude'] ) ); 964 955 $exclude_sql = " AND u.id NOT IN ({$exclude})"; 965 956 } else { … … 982 973 $user_ids = array(); 983 974 foreach ( (array) $paged_users as $user ) 984 $user_ids[] = $user->id; 985 986 $user_ids = $wpdb->escape( join( ',', (array) $user_ids ) ); 975 $user_ids[] = (int) $user->id; 987 976 988 977 // Add additional data to the returned results … … 1012 1001 $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) ); 1013 1002 1003 $user_ids = implode( ',', wp_parse_id_list( $user_ids ) ); 1014 1004 $status_sql = bp_core_get_status_sql(); 1015 1005 1016 $total_users_sql = apply_filters( 'bp_core_get_specific_users_count_sql', "SELECT COUNT(DISTINCT ID) FROM {$wpdb->users} WHERE {$status_sql} AND ID IN ( " . $wpdb->escape( $user_ids ) . " )" );1017 $paged_users_sql = apply_filters( 'bp_core_get_specific_users_count_sql', "SELECT DISTINCT ID as id, user_registered, user_nicename, user_login, user_email FROM {$wpdb->users} WHERE {$status_sql} AND ID IN ( " . $wpdb->escape( $user_ids ) . ") {$pag_sql}" );1006 $total_users_sql = apply_filters( 'bp_core_get_specific_users_count_sql', "SELECT COUNT(DISTINCT ID) FROM {$wpdb->users} WHERE {$status_sql} AND ID IN ({$user_ids})" ); 1007 $paged_users_sql = apply_filters( 'bp_core_get_specific_users_count_sql', "SELECT DISTINCT ID as id, user_registered, user_nicename, user_login, user_email FROM {$wpdb->users} WHERE {$status_sql} AND ID IN ({$user_ids}) {$pag_sql}" ); 1018 1008 1019 1009 $total_users = $wpdb->get_var( $total_users_sql ); … … 1070 1060 $user_ids[] = $user->id; 1071 1061 1072 $user_ids = $wpdb->escape( join( ',', (array) $user_ids ) );1073 1074 1062 // Add additional data to the returned results 1075 1063 if ( $populate_extras ) … … 1097 1085 if ( empty( $user_ids ) ) 1098 1086 return $paged_users; 1087 1088 // Sanitize user IDs 1089 $user_ids = implode( ',', wp_parse_id_list( $user_ids ) ); 1099 1090 1100 1091 // Fetch the user's full name
Note: See TracChangeset
for help on using the changeset viewer.