Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
08/05/2013 02:41:51 PM (12 years ago)
Author:
boonebgorges
Message:

Use esc_sql() instead of $wpdb->escape() throughout

WordPress 3.6 deprecated the use of $wpdb->escape() for sanitizing SQL
query fragments, in favor of the rewritten esc_sql(). This changeset
makes the appropriate changes throughout BuddyPress.

In a few places, this changeset also removes redundant sanitization, in
particular when using wp_parse_id_list().

Also adds a unit test for a touched method (BP_User_Query, when using
the 'exclude' parameter).

Fixes #5100

Props needle

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/1.8/bp-messages/bp-messages-classes.php

    r6574 r7337  
    150150
    151151        if ( !empty( $search_terms ) ) {
    152             $search_terms = like_escape( $wpdb->escape( $search_terms ) );
     152            $search_terms = like_escape( esc_sql( $search_terms ) );
    153153            $search_sql   = "AND ( subject LIKE '%%$search_terms%%' OR message LIKE '%%$search_terms%%' )";
    154154        }
Note: See TracChangeset for help on using the changeset viewer.