Changeset 7338
- Timestamp:
- 08/05/2013 02:42:16 PM (11 years ago)
- Location:
- trunk
- Files:
-
- 10 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/bp-activity/bp-activity-classes.php
r7318 r7338 173 173 // Searching 174 174 if ( $search_terms ) { 175 $search_terms = $wpdb->escape( $search_terms );175 $search_terms = esc_sql( $search_terms ); 176 176 $where_conditions['search_sql'] = "a.content LIKE '%%" . esc_sql( like_escape( $search_terms ) ) . "%%'"; 177 177 } -
trunk/bp-activity/bp-activity-functions.php
r7222 r7338 686 686 // Sanitize value 687 687 if ( is_string( $meta_value ) ) 688 $meta_value = stripslashes( $wpdb->escape( $meta_value ) );688 $meta_value = stripslashes( esc_sql( $meta_value ) ); 689 689 690 690 // Maybe, just maybe... serialize -
trunk/bp-blogs/bp-blogs-functions.php
r7298 r7338 716 716 717 717 if ( is_string($meta_value) ) 718 $meta_value = stripslashes( $wpdb->escape($meta_value));718 $meta_value = stripslashes( esc_sql( $meta_value ) ); 719 719 720 720 $meta_value = maybe_serialize($meta_value); -
trunk/bp-core/bp-core-classes.php
r7334 r7338 331 331 // 'exclude' - User ids to exclude from the results 332 332 if ( false !== $exclude ) { 333 $exclude = wp_parse_id_list( $exclude ); 334 $exclude_ids = $wpdb->escape( implode( ',', (array) $exclude ) ); 333 $exclude_ids = implode( ',', wp_parse_id_list( $exclude ) ); 335 334 $sql['where'][] = "u.{$this->uid_name} NOT IN ({$exclude_ids})"; 336 335 } -
trunk/bp-forums/bp-forums-functions.php
r7298 r7338 463 463 // Get the topic ids 464 464 foreach ( (array) $topics as $topic ) $topic_ids[] = $topic->topic_id; 465 $topic_ids = $wpdb->escape( join( ',', (array)$topic_ids ) );465 $topic_ids = implode( ',', wp_parse_id_list( $topic_ids ) ); 466 466 467 467 // Fetch the topic's last poster details … … 597 597 // Get the user ids 598 598 foreach ( (array) $posts as $post ) $user_ids[] = $post->poster_id; 599 $user_ids = $wpdb->escape( join( ',', (array)$user_ids ) );599 $user_ids = implode( ',', wp_parse_id_list( $user_ids ) ); 600 600 601 601 // Fetch the poster's user_email, user_nicename and user_login -
trunk/bp-groups/bp-groups-classes.php
r7332 r7338 393 393 394 394 if ( ! empty( $r['include'] ) ) { 395 $include = wp_parse_id_list( $r['include'] ); 396 $include = $wpdb->escape( implode( ',', $include ) ); 395 $include = implode( ',', wp_parse_id_list( $r['include'] ) ); 397 396 $sql['include'] = " AND g.id IN ({$include})"; 398 397 } 399 398 400 399 if ( ! empty( $r['exclude'] ) ) { 401 $exclude = wp_parse_id_list( $r['exclude'] ); 402 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 400 $exclude = implode( ',', wp_parse_id_list( $r['exclude'] ) ); 403 401 $sql['exclude'] = " AND g.id NOT IN ({$exclude})"; 404 402 } … … 507 505 // Populate some extra information instead of querying each time in the loop 508 506 if ( !empty( $r['populate_extras'] ) ) { 509 $group_ids = $wpdb->escape( join( ',', (array)$group_ids ) );507 $group_ids = implode( ',', wp_parse_id_list( $group_ids ) ); 510 508 $paged_groups = BP_Groups_Group::get_group_extras( $paged_groups, $group_ids, $r['type'] ); 511 509 } … … 676 674 677 675 if ( !empty( $exclude ) ) { 678 $exclude = wp_parse_id_list( $exclude ); 679 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 676 $exclude = implode( ',', wp_parse_id_list( $exclude ) ); 680 677 $exclude_sql = " AND g.id NOT IN ({$exclude})"; 681 678 } 682 679 683 680 if ( !empty( $user_id ) ) { 684 $user_id = absint( $wpdb->escape( $user_id ) );681 $user_id = absint( esc_sql( $user_id ) ); 685 682 $paged_groups = $wpdb->get_results( "SELECT DISTINCT g.*, gm1.meta_value as total_member_count, gm2.meta_value as last_activity FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_groupmeta} gm3, {$bp->groups->table_name_members} m, {$bbdb->forums} f, {$bp->groups->table_name} g WHERE g.id = m.group_id AND g.id = gm1.group_id AND g.id = gm2.group_id AND g.id = gm3.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND (gm3.meta_key = 'forum_id' AND gm3.meta_value = f.forum_id) AND f.topics > 0 {$hidden_sql} {$search_sql} AND m.user_id = {$user_id} AND m.is_confirmed = 1 AND m.is_banned = 0 {$exclude_sql} ORDER BY f.topics DESC {$pag_sql}" ); 686 683 $total_groups = $wpdb->get_var( "SELECT COUNT(DISTINCT g.id) FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_groupmeta} gm3, {$bbdb->forums} f, {$bp->groups->table_name} g WHERE g.id = gm1.group_id AND g.id = gm2.group_id AND g.id = gm3.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND (gm3.meta_key = 'forum_id' AND gm3.meta_value = f.forum_id) AND f.topics > 0 {$hidden_sql} {$search_sql} AND m.user_id = {$user_id} AND m.is_confirmed = 1 AND m.is_banned = 0 {$exclude_sql}" ); … … 692 689 if ( !empty( $populate_extras ) ) { 693 690 foreach ( (array) $paged_groups as $group ) $group_ids[] = $group->id; 694 $group_ids = $wpdb->escape( join( ',', (array)$group_ids ) );691 $group_ids = implode( ',', wp_parse_id_list( $group_ids ) ); 695 692 $paged_groups = BP_Groups_Group::get_group_extras( $paged_groups, $group_ids, 'newest' ); 696 693 } … … 718 715 719 716 if ( !empty( $exclude ) ) { 720 $exclude = wp_parse_id_list( $exclude ); 721 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 717 $exclude = implode( ',', wp_parse_id_list( $exclude ) ); 722 718 $exclude_sql = " AND g.id NOT IN ({$exclude})"; 723 719 } 724 720 725 721 if ( !empty( $user_id ) ) { 726 $user_id = $wpdb->escape( $user_id );722 $user_id = esc_sql( $user_id ); 727 723 $paged_groups = $wpdb->get_results( "SELECT DISTINCT g.*, gm1.meta_value as total_member_count, gm2.meta_value as last_activity FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_groupmeta} gm3, {$bp->groups->table_name_members} m, {$bbdb->forums} f, {$bp->groups->table_name} g WHERE g.id = m.group_id AND g.id = gm1.group_id AND g.id = gm2.group_id AND g.id = gm3.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND (gm3.meta_key = 'forum_id' AND gm3.meta_value = f.forum_id) {$hidden_sql} {$search_sql} AND m.user_id = {$user_id} AND m.is_confirmed = 1 AND m.is_banned = 0 {$exclude_sql} ORDER BY f.posts ASC {$pag_sql}" ); 728 724 $total_groups = $wpdb->get_results( "SELECT COUNT(DISTINCT g.id) FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_groupmeta} gm3, {$bp->groups->table_name_members} m, {$bbdb->forums} f, {$bp->groups->table_name} g WHERE g.id = m.group_id AND g.id = gm1.group_id AND g.id = gm2.group_id AND g.id = gm3.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND (gm3.meta_key = 'forum_id' AND gm3.meta_value = f.forum_id) AND f.posts > 0 {$hidden_sql} {$search_sql} AND m.user_id = {$user_id} AND m.is_confirmed = 1 AND m.is_banned = 0 {$exclude_sql} " ); … … 734 730 if ( !empty( $populate_extras ) ) { 735 731 foreach ( (array) $paged_groups as $group ) $group_ids[] = $group->id; 736 $group_ids = $wpdb->escape( join( ',', (array)$group_ids ) );732 $group_ids = implode( ',', wp_parse_id_list( $group_ids ) ); 737 733 $paged_groups = BP_Groups_Group::get_group_extras( $paged_groups, $group_ids, 'newest' ); 738 734 } … … 756 752 757 753 if ( !empty( $exclude ) ) { 758 $exclude = wp_parse_id_list( $exclude ); 759 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 754 $exclude = implode( ',', wp_parse_id_list( $exclude ) ); 760 755 $exclude_sql = " AND g.id NOT IN ({$exclude})"; 761 756 } … … 777 772 $group_ids[] = $group->id; 778 773 } 779 $group_ids = $wpdb->escape( join( ',', (array)$group_ids ) );774 $group_ids = implode( ',', wp_parse_id_list( $group_ids ) ); 780 775 $paged_groups = BP_Groups_Group::get_group_extras( $paged_groups, $group_ids, 'newest' ); 781 776 } … … 802 797 if ( !empty( $exclude ) ) { 803 798 $exclude = wp_parse_id_list( $exclude ); 804 $exclude = $wpdb->escape( implode( ',', $exclude ) );799 $exclude = esc_sql( implode( ',', $exclude ) ); 805 800 $exclude_sql = " AND g.id NOT IN ({$exclude})"; 806 801 } 807 802 808 803 if ( !empty( $user_id ) ) { 809 $user_id = $wpdb->escape( $user_id );804 $user_id = esc_sql( $user_id ); 810 805 $paged_groups = $wpdb->get_results( "SELECT g.*, gm1.meta_value as total_member_count, gm2.meta_value as last_activity FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE g.id = m.group_id AND g.id = gm1.group_id AND g.id = gm2.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' {$hidden_sql} {$search_sql} AND m.user_id = {$user_id} AND m.is_confirmed = 1 AND m.is_banned = 0 {$exclude_sql} ORDER BY rand() {$pag_sql}" ); 811 806 $total_groups = $wpdb->get_var( "SELECT COUNT(DISTINCT m.group_id) FROM {$bp->groups->table_name_members} m LEFT JOIN {$bp->groups->table_name_groupmeta} gm ON m.group_id = gm.group_id INNER JOIN {$bp->groups->table_name} g ON m.group_id = g.id WHERE gm.meta_key = 'last_activity'{$hidden_sql} {$search_sql} AND m.user_id = {$user_id} AND m.is_confirmed = 1 AND m.is_banned = 0 {$exclude_sql}" ); … … 817 812 if ( !empty( $populate_extras ) ) { 818 813 foreach ( (array) $paged_groups as $group ) $group_ids[] = $group->id; 819 $group_ids = $wpdb->escape( join( ',', (array)$group_ids ) );814 $group_ids = implode( ',', wp_parse_id_list( $group_ids ) ); 820 815 $paged_groups = BP_Groups_Group::get_group_extras( $paged_groups, $group_ids, 'newest' ); 821 816 } … … 1512 1507 1513 1508 if ( !empty( $exclude ) ) { 1514 $exclude = wp_parse_id_list( $exclude ); 1515 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 1509 $exclude = implode( ',', wp_parse_id_list( $exclude ) ); 1516 1510 $exclude_sql = " AND g.id NOT IN ({$exclude})"; 1517 1511 } else { … … 1674 1668 $exclude_sql = ''; 1675 1669 if ( !empty( $exclude ) ) { 1676 $exclude = wp_parse_id_list( $exclude ); 1677 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 1670 $exclude = implode( ',', wp_parse_id_list( $exclude ) ); 1678 1671 $exclude_sql = " AND m.user_id NOT IN ({$exclude})"; 1679 1672 } -
trunk/bp-groups/bp-groups-functions.php
r7228 r7338 1046 1046 1047 1047 if ( is_string( $meta_value ) ) 1048 $meta_value = stripslashes( $wpdb->escape( $meta_value ) );1048 $meta_value = stripslashes( esc_sql( $meta_value ) ); 1049 1049 1050 1050 $meta_value = maybe_serialize( $meta_value ); -
trunk/bp-messages/bp-messages-classes.php
r7334 r7338 151 151 152 152 if ( !empty( $search_terms ) ) { 153 $search_terms = like_escape( $wpdb->escape( $search_terms ) );153 $search_terms = like_escape( esc_sql( $search_terms ) ); 154 154 $search_sql = "AND ( subject LIKE '%%$search_terms%%' OR message LIKE '%%$search_terms%%' )"; 155 155 } -
trunk/bp-xprofile/bp-xprofile-functions.php
r7228 r7338 590 590 591 591 if ( is_string( $meta_value ) ) 592 $meta_value = stripslashes( $wpdb->escape( $meta_value ) );592 $meta_value = stripslashes( esc_sql( $meta_value ) ); 593 593 594 594 $meta_value = maybe_serialize( $meta_value ); -
trunk/tests/testcases/core/class-bp-user-query.php
r7135 r7338 201 201 $this->assertEquals( $user_id, $found_user_id ); 202 202 } 203 204 /** 205 * @group exclude 206 */ 207 public function test_bp_user_query_with_exclude() { 208 // Grab list of existing users who should also be excluded 209 global $wpdb; 210 $existing_users = $wpdb->get_col( "SELECT ID FROM {$wpdb->users}" ); 211 212 $u1 = $this->create_user(); 213 $u2 = $this->create_user(); 214 215 $exclude = array_merge( array( $u1 ), $existing_users ); 216 $q = new BP_User_Query( array( 'exclude' => $exclude, ) ); 217 218 $found_user_ids = null; 219 if ( ! empty( $q->results ) ) { 220 $found_user_ids = array_values( wp_parse_id_list( wp_list_pluck( $q->results, 'ID' ) ) ); 221 } 222 223 $this->assertEquals( array( $u2 ), $found_user_ids ); 224 } 203 225 }
Note: See TracChangeset
for help on using the changeset viewer.