Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
08/05/2013 02:41:51 PM (12 years ago)
Author:
boonebgorges
Message:

Use esc_sql() instead of $wpdb->escape() throughout

WordPress 3.6 deprecated the use of $wpdb->escape() for sanitizing SQL
query fragments, in favor of the rewritten esc_sql(). This changeset
makes the appropriate changes throughout BuddyPress.

In a few places, this changeset also removes redundant sanitization, in
particular when using wp_parse_id_list().

Also adds a unit test for a touched method (BP_User_Query, when using
the 'exclude' parameter).

Fixes #5100

Props needle

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/1.8/bp-forums/bp-forums-functions.php

    r7228 r7337  
    457457    // Get the topic ids
    458458    foreach ( (array) $topics as $topic ) $topic_ids[] = $topic->topic_id;
    459     $topic_ids = $wpdb->escape( join( ',', (array) $topic_ids ) );
     459    $topic_ids = implode( ',', wp_parse_id_list( $topic_ids ) );
    460460
    461461    // Fetch the topic's last poster details
     
    591591    // Get the user ids
    592592    foreach ( (array) $posts as $post ) $user_ids[] = $post->poster_id;
    593     $user_ids = $wpdb->escape( join( ',', (array) $user_ids ) );
     593    $user_ids = implode( ',', wp_parse_id_list( $user_ids ) );
    594594
    595595    // Fetch the poster's user_email, user_nicename and user_login
Note: See TracChangeset for help on using the changeset viewer.