Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
05/08/2013 08:31:14 PM (11 years ago)
Author:
boonebgorges
Message:

Improved sanitization in the Core component database methods

All constructed IN clauses for integer values are now run through
wp_parse_id_list().

Fixes #4992 for the 1.7 branch

Props johnjamesjacoby, DJPaul

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/1.7/bp-core/bp-core-filters.php

    r6827 r7025  
    131131        return $comments;
    132132
    133     $user_ids = implode( ',', $user_ids );
     133    $user_ids = implode( ',', wp_parse_id_list( $user_ids ) );
    134134
    135135    if ( !$userdata = $wpdb->get_results( "SELECT ID as user_id, user_login, user_nicename FROM {$wpdb->users} WHERE ID IN ({$user_ids})" ) )
Note: See TracChangeset for help on using the changeset viewer.