Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
08/05/2013 02:42:16 PM (11 years ago)
Author:
boonebgorges
Message:

Use esc_sql() instead of $wpdb->escape() throughout

WordPress 3.6 deprecated the use of $wpdb->escape() for sanitizing SQL
query fragments, in favor of the rewritten esc_sql(). This changeset
makes the appropriate changes throughout BuddyPress.

In a few places, this changeset also removes redundant sanitization, in
particular when using wp_parse_id_list().

Also adds a unit test for a touched method (BP_User_Query, when using
the 'exclude' parameter).

Fixes #5100

Props needle

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-core/bp-core-classes.php

    r7334 r7338  
    331331        // 'exclude' - User ids to exclude from the results
    332332        if ( false !== $exclude ) {
    333             $exclude        = wp_parse_id_list( $exclude );
    334             $exclude_ids    = $wpdb->escape( implode( ',', (array) $exclude ) );
     333            $exclude_ids    = implode( ',', wp_parse_id_list( $exclude ) );
    335334            $sql['where'][] = "u.{$this->uid_name} NOT IN ({$exclude_ids})";
    336335        }
Note: See TracChangeset for help on using the changeset viewer.