Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
05/09/2013 02:13:14 PM (11 years ago)
Author:
boonebgorges
Message:

Improved sanitization in Activity component database methods

  • All integer array parms are filtered through wp_parse_id_list()
  • Standardized LIKE clause processing

Fixes #4995 for the 1.7 branch

Props DJPaul, johnjamesjacoby

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/1.7/bp-activity/bp-activity-classes.php

    r6592 r7049  
    171171        if ( $search_terms ) {
    172172            $search_terms = $wpdb->escape( $search_terms );
    173             $where_conditions['search_sql'] = "a.content LIKE '%%" . like_escape( $search_terms ) . "%%'";
     173            $where_conditions['search_sql'] = "a.content LIKE '%%" . esc_sql( like_escape( $search_terms ) ) . "%%'";
    174174        }
    175175
     
    239239
    240240        // Get the fullnames of users so we don't have to query in the loop
    241         $activity_user_ids = array();
    242         if ( bp_is_active( 'xprofile' ) && $activities ) {
    243             foreach ( (array) $activities as $activity ) {
    244                 if ( (int) $activity->user_id )
    245                     $activity_user_ids[] = $activity->user_id;
    246             }
    247 
    248             $activity_user_ids = implode( ',', array_unique( (array) $activity_user_ids ) );
    249             if ( !empty( $activity_user_ids ) ) {
     241        if ( bp_is_active( 'xprofile' ) && !empty( $activities ) ) {
     242            $activity_user_ids = wp_list_pluck( $activities, 'user_id' );
     243            $activity_user_ids = implode( ',', wp_parse_id_list( $activity_user_ids ) );
     244
     245            if ( !empty( $activity_user_ids ) ) {               
    250246                if ( $names = $wpdb->get_results( "SELECT user_id, value AS user_fullname FROM {$bp->profile->table_name_data} WHERE field_id = 1 AND user_id IN ({$activity_user_ids})" ) ) {
    251247                    foreach ( (array) $names as $name )
     
    320316
    321317        if ( !empty( $item_id ) )
    322             $where_args[] = $wpdb->prepare( "item_id = %s", $item_id );
     318            $where_args[] = $wpdb->prepare( "item_id = %d", $item_id );
    323319
    324320        if ( !empty( $secondary_item_id ) )
    325             $where_args[] = $wpdb->prepare( "secondary_item_id = %s", $secondary_item_id );
     321            $where_args[] = $wpdb->prepare( "secondary_item_id = %d", $secondary_item_id );
    326322
    327323        if ( !empty( $action ) )
     
    385381
    386382        if ( !empty( $item_id ) )
    387             $where_args[] = $wpdb->prepare( "item_id = %s", $item_id );
     383            $where_args[] = $wpdb->prepare( "item_id = %d", $item_id );
    388384
    389385        if ( !empty( $secondary_item_id ) )
    390             $where_args[] = $wpdb->prepare( "secondary_item_id = %s", $secondary_item_id );
     386            $where_args[] = $wpdb->prepare( "secondary_item_id = %d", $secondary_item_id );
    391387
    392388        if ( !empty( $date_recorded ) )
     
    417413    }
    418414
    419     function delete_activity_item_comments( $activity_ids ) {
     415    function delete_activity_item_comments( $activity_ids = array() ) {
    420416        global $bp, $wpdb;
    421417
    422         if ( is_array( $activity_ids ) )
    423             $activity_ids = implode ( ',', array_map( 'absint', $activity_ids ) );
    424         else
    425             $activity_ids = implode ( ',', array_map( 'absint', explode ( ',', $activity_ids ) ) );
     418        $activity_ids = implode( ',', wp_parse_id_list( $activity_ids ) );
    426419
    427420        return $wpdb->query( "DELETE FROM {$bp->activity->table_name} WHERE type = 'activity_comment' AND item_id IN ({$activity_ids})" );
    428421    }
    429422
    430     function delete_activity_meta_entries( $activity_ids ) {
     423    function delete_activity_meta_entries( $activity_ids = array() ) {
    431424        global $bp, $wpdb;
    432425
    433         if ( is_array( $activity_ids ) )
    434             $activity_ids = implode ( ',', array_map( 'absint', $activity_ids ) );
    435         else
    436             $activity_ids = implode ( ',', array_map( 'absint', explode ( ',', $activity_ids ) ) );
     426        $activity_ids = implode( ',', wp_parse_id_list( $activity_ids ) );
    437427
    438428        return $wpdb->query( "DELETE FROM {$bp->activity->table_name_meta} WHERE activity_id IN ({$activity_ids})" );
Note: See TracChangeset for help on using the changeset viewer.