Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
08/05/2013 02:41:51 PM (11 years ago)
Author:
boonebgorges
Message:

Use esc_sql() instead of $wpdb->escape() throughout

WordPress 3.6 deprecated the use of $wpdb->escape() for sanitizing SQL
query fragments, in favor of the rewritten esc_sql(). This changeset
makes the appropriate changes throughout BuddyPress.

In a few places, this changeset also removes redundant sanitization, in
particular when using wp_parse_id_list().

Also adds a unit test for a touched method (BP_User_Query, when using
the 'exclude' parameter).

Fixes #5100

Props needle

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/1.8/tests/testcases/core/class-bp-user-query.php

    r7135 r7337  
    201201        $this->assertEquals( $user_id, $found_user_id );
    202202    }
     203
     204    /**
     205     * @group exclude
     206     */
     207    public function test_bp_user_query_with_exclude() {
     208        // Grab list of existing users who should also be excluded
     209        global $wpdb;
     210        $existing_users = $wpdb->get_col( "SELECT ID FROM {$wpdb->users}" );
     211
     212        $u1 = $this->create_user();
     213        $u2 = $this->create_user();
     214
     215        $exclude = array_merge( array( $u1 ), $existing_users );
     216        $q = new BP_User_Query( array( 'exclude' => $exclude, ) );
     217
     218        $found_user_ids = null;
     219        if ( ! empty( $q->results ) ) {
     220            $found_user_ids = array_values( wp_parse_id_list( wp_list_pluck( $q->results, 'ID' ) ) );
     221        }
     222
     223        $this->assertEquals( array( $u2 ), $found_user_ids );
     224    }
    203225}
Note: See TracChangeset for help on using the changeset viewer.