Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
05/09/2013 01:36:29 PM (12 years ago)
Author:
boonebgorges
Message:

Improved sanitization in Blogs component database methods

  • All integer arrays are sanitized with wp_parse_id_list()
  • Standardized treatment for LIKE clauses

Fixes #4994 for the 1.7 branch

Props DJPaul, johnjamesjacoby

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/1.7/bp-blogs/bp-blogs-classes.php

    r6539 r7046  
    110110
    111111        if ( !empty( $search_terms ) ) {
    112             $filter = like_escape( $wpdb->escape( $search_terms ) );
     112            $filter = esc_sql( like_escape( $search_terms ) );
    113113            $paged_blogs = $wpdb->get_results( "SELECT b.blog_id, b.user_id as admin_user_id, u.user_email as admin_user_email, wb.domain, wb.path, bm.meta_value as last_activity, bm2.meta_value as name FROM {$bp->blogs->table_name} b, {$bp->blogs->table_name_blogmeta} bm, {$bp->blogs->table_name_blogmeta} bm2, {$wpdb->base_prefix}blogs wb, {$wpdb->users} u WHERE b.blog_id = wb.blog_id AND b.user_id = u.ID AND b.blog_id = bm.blog_id AND b.blog_id = bm2.blog_id AND wb.archived = '0' AND wb.spam = 0 AND wb.mature = 0 AND wb.deleted = 0 {$hidden_sql} AND bm.meta_key = 'last_activity' AND bm2.meta_key = 'name' AND bm2.meta_value LIKE '%%$filter%%' {$user_sql} GROUP BY b.blog_id {$order_sql} {$pag_sql}" );
    114114            $total_blogs = $wpdb->get_var( "SELECT COUNT(DISTINCT b.blog_id) FROM {$bp->blogs->table_name} b, {$wpdb->base_prefix}blogs wb, {$bp->blogs->table_name_blogmeta} bm, {$bp->blogs->table_name_blogmeta} bm2 WHERE b.blog_id = wb.blog_id AND bm.blog_id = b.blog_id AND bm2.blog_id = b.blog_id AND wb.archived = '0' AND wb.spam = 0 AND wb.mature = 0 AND wb.deleted = 0 {$hidden_sql} AND bm.meta_key = 'name' AND bm2.meta_key = 'description' AND ( bm.meta_value LIKE '%%$filter%%' || bm2.meta_value LIKE '%%$filter%%' ) {$user_sql}" );
     
    120120        $blog_ids = array();
    121121        foreach ( (array) $paged_blogs as $blog ) {
    122             $blog_ids[] = $blog->blog_id;
    123         }
    124 
    125         $blog_ids = $wpdb->escape( join( ',', (array) $blog_ids ) );
     122            $blog_ids[] = (int) $blog->blog_id;
     123        }
     124
    126125        $paged_blogs = BP_Blogs_Blog::get_blog_extras( $paged_blogs, $blog_ids, $type );
    127126
     
    212211        global $wpdb, $bp;
    213212
    214         $filter = like_escape( $wpdb->escape( $filter ) );
    215 
     213        $filter = esc_sql( like_escape( $filter ) );
     214
     215        $hidden_sql = '';
    216216        if ( !bp_current_user_can( 'bp_moderate' ) )
    217217            $hidden_sql = "AND wb.public = 1";
     
    242242        global $bp, $wpdb;
    243243
    244         $letter = like_escape( $wpdb->escape( $letter ) );
    245 
     244        $letter = esc_sql( like_escape( $letter ) );
     245
     246        $hidden_sql = '';
    246247        if ( !bp_current_user_can( 'bp_moderate' ) )
    247248            $hidden_sql = "AND wb.public = 1";
     
    261262        if ( empty( $blog_ids ) )
    262263            return $paged_blogs;
     264
     265        $blog_ids = implode( ',', wp_parse_id_list( $blog_ids ) );
    263266
    264267        for ( $i = 0, $count = count( $paged_blogs ); $i < $count; ++$i ) {
Note: See TracChangeset for help on using the changeset viewer.