Changeset 7042
- Timestamp:
- 05/09/2013 01:20:07 PM (11 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/bp-blogs/bp-blogs-classes.php
r6539 r7042 110 110 111 111 if ( !empty( $search_terms ) ) { 112 $filter = like_escape( $wpdb->escape( $search_terms ) );112 $filter = esc_sql( like_escape( $search_terms ) ); 113 113 $paged_blogs = $wpdb->get_results( "SELECT b.blog_id, b.user_id as admin_user_id, u.user_email as admin_user_email, wb.domain, wb.path, bm.meta_value as last_activity, bm2.meta_value as name FROM {$bp->blogs->table_name} b, {$bp->blogs->table_name_blogmeta} bm, {$bp->blogs->table_name_blogmeta} bm2, {$wpdb->base_prefix}blogs wb, {$wpdb->users} u WHERE b.blog_id = wb.blog_id AND b.user_id = u.ID AND b.blog_id = bm.blog_id AND b.blog_id = bm2.blog_id AND wb.archived = '0' AND wb.spam = 0 AND wb.mature = 0 AND wb.deleted = 0 {$hidden_sql} AND bm.meta_key = 'last_activity' AND bm2.meta_key = 'name' AND bm2.meta_value LIKE '%%$filter%%' {$user_sql} GROUP BY b.blog_id {$order_sql} {$pag_sql}" ); 114 114 $total_blogs = $wpdb->get_var( "SELECT COUNT(DISTINCT b.blog_id) FROM {$bp->blogs->table_name} b, {$wpdb->base_prefix}blogs wb, {$bp->blogs->table_name_blogmeta} bm, {$bp->blogs->table_name_blogmeta} bm2 WHERE b.blog_id = wb.blog_id AND bm.blog_id = b.blog_id AND bm2.blog_id = b.blog_id AND wb.archived = '0' AND wb.spam = 0 AND wb.mature = 0 AND wb.deleted = 0 {$hidden_sql} AND bm.meta_key = 'name' AND bm2.meta_key = 'description' AND ( bm.meta_value LIKE '%%$filter%%' || bm2.meta_value LIKE '%%$filter%%' ) {$user_sql}" ); … … 120 120 $blog_ids = array(); 121 121 foreach ( (array) $paged_blogs as $blog ) { 122 $blog_ids[] = $blog->blog_id; 123 } 124 125 $blog_ids = $wpdb->escape( join( ',', (array) $blog_ids ) ); 122 $blog_ids[] = (int) $blog->blog_id; 123 } 124 126 125 $paged_blogs = BP_Blogs_Blog::get_blog_extras( $paged_blogs, $blog_ids, $type ); 127 126 … … 212 211 global $wpdb, $bp; 213 212 214 $filter = like_escape( $wpdb->escape( $filter ) ); 215 213 $filter = esc_sql( like_escape( $filter ) ); 214 215 $hidden_sql = ''; 216 216 if ( !bp_current_user_can( 'bp_moderate' ) ) 217 217 $hidden_sql = "AND wb.public = 1"; … … 242 242 global $bp, $wpdb; 243 243 244 $letter = like_escape( $wpdb->escape( $letter ) ); 245 244 $letter = esc_sql( like_escape( $letter ) ); 245 246 $hidden_sql = ''; 246 247 if ( !bp_current_user_can( 'bp_moderate' ) ) 247 248 $hidden_sql = "AND wb.public = 1"; … … 261 262 if ( empty( $blog_ids ) ) 262 263 return $paged_blogs; 264 265 $blog_ids = implode( ',', wp_parse_id_list( $blog_ids ) ); 263 266 264 267 for ( $i = 0, $count = count( $paged_blogs ); $i < $count; ++$i ) {
Note: See TracChangeset
for help on using the changeset viewer.