Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
05/09/2013 02:11:57 PM (9 years ago)
Author:
boonebgorges
Message:

Improved sanitization in Activity component database methods

  • All integer array params are filtered through wp_parse_id_list()
  • Standardized LIKE clause processing

Adds tests for touched methods

Fixes #4995

Props DJPaul, johnjamesjacoby

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-activity/bp-activity-classes.php

    r6948 r7048  
    174174        if ( $search_terms ) {
    175175            $search_terms = $wpdb->escape( $search_terms );
    176             $where_conditions['search_sql'] = "a.content LIKE '%%" . like_escape( $search_terms ) . "%%'";
     176            $where_conditions['search_sql'] = "a.content LIKE '%%" . esc_sql( like_escape( $search_terms ) ) . "%%'";
    177177        }
    178178
     
    253253
    254254        // Get the fullnames of users so we don't have to query in the loop
    255         $activity_user_ids = array();
    256         if ( bp_is_active( 'xprofile' ) && $activities ) {
    257             foreach ( (array) $activities as $activity ) {
    258                 if ( (int) $activity->user_id )
    259                     $activity_user_ids[] = $activity->user_id;
    260             }
    261 
    262             $activity_user_ids = implode( ',', array_unique( (array) $activity_user_ids ) );
    263             if ( !empty( $activity_user_ids ) ) {
     255        if ( bp_is_active( 'xprofile' ) && !empty( $activities ) ) {
     256            $activity_user_ids = wp_list_pluck( $activities, 'user_id' );
     257            $activity_user_ids = implode( ',', wp_parse_id_list( $activity_user_ids ) );
     258
     259            if ( !empty( $activity_user_ids ) ) {               
    264260                if ( $names = $wpdb->get_results( "SELECT user_id, value AS user_fullname FROM {$bp->profile->table_name_data} WHERE field_id = 1 AND user_id IN ({$activity_user_ids})" ) ) {
    265261                    foreach ( (array) $names as $name )
     
    374370
    375371        if ( !empty( $item_id ) )
    376             $where_args[] = $wpdb->prepare( "item_id = %s", $item_id );
     372            $where_args[] = $wpdb->prepare( "item_id = %d", $item_id );
    377373
    378374        if ( !empty( $secondary_item_id ) )
    379             $where_args[] = $wpdb->prepare( "secondary_item_id = %s", $secondary_item_id );
     375            $where_args[] = $wpdb->prepare( "secondary_item_id = %d", $secondary_item_id );
    380376
    381377        if ( !empty( $action ) )
     
    439435
    440436        if ( !empty( $item_id ) )
    441             $where_args[] = $wpdb->prepare( "item_id = %s", $item_id );
     437            $where_args[] = $wpdb->prepare( "item_id = %d", $item_id );
    442438
    443439        if ( !empty( $secondary_item_id ) )
    444             $where_args[] = $wpdb->prepare( "secondary_item_id = %s", $secondary_item_id );
     440            $where_args[] = $wpdb->prepare( "secondary_item_id = %d", $secondary_item_id );
    445441
    446442        if ( !empty( $date_recorded ) )
     
    471467    }
    472468
    473     function delete_activity_item_comments( $activity_ids ) {
     469    function delete_activity_item_comments( $activity_ids = array() ) {
    474470        global $bp, $wpdb;
    475471
    476         if ( is_array( $activity_ids ) )
    477             $activity_ids = implode ( ',', array_map( 'absint', $activity_ids ) );
    478         else
    479             $activity_ids = implode ( ',', array_map( 'absint', explode ( ',', $activity_ids ) ) );
     472        $activity_ids = implode( ',', wp_parse_id_list( $activity_ids ) );
    480473
    481474        return $wpdb->query( "DELETE FROM {$bp->activity->table_name} WHERE type = 'activity_comment' AND item_id IN ({$activity_ids})" );
    482475    }
    483476
    484     function delete_activity_meta_entries( $activity_ids ) {
     477    function delete_activity_meta_entries( $activity_ids = array() ) {
    485478        global $bp, $wpdb;
    486479
    487         if ( is_array( $activity_ids ) )
    488             $activity_ids = implode ( ',', array_map( 'absint', $activity_ids ) );
    489         else
    490             $activity_ids = implode ( ',', array_map( 'absint', explode ( ',', $activity_ids ) ) );
     480        $activity_ids = implode( ',', wp_parse_id_list( $activity_ids ) );
    491481
    492482        return $wpdb->query( "DELETE FROM {$bp->activity->table_name_meta} WHERE activity_id IN ({$activity_ids})" );
Note: See TracChangeset for help on using the changeset viewer.