Changeset 7338 for trunk/bp-groups/bp-groups-classes.php
- Timestamp:
- 08/05/2013 02:42:16 PM (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/bp-groups/bp-groups-classes.php
r7332 r7338 393 393 394 394 if ( ! empty( $r['include'] ) ) { 395 $include = wp_parse_id_list( $r['include'] ); 396 $include = $wpdb->escape( implode( ',', $include ) ); 395 $include = implode( ',', wp_parse_id_list( $r['include'] ) ); 397 396 $sql['include'] = " AND g.id IN ({$include})"; 398 397 } 399 398 400 399 if ( ! empty( $r['exclude'] ) ) { 401 $exclude = wp_parse_id_list( $r['exclude'] ); 402 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 400 $exclude = implode( ',', wp_parse_id_list( $r['exclude'] ) ); 403 401 $sql['exclude'] = " AND g.id NOT IN ({$exclude})"; 404 402 } … … 507 505 // Populate some extra information instead of querying each time in the loop 508 506 if ( !empty( $r['populate_extras'] ) ) { 509 $group_ids = $wpdb->escape( join( ',', (array)$group_ids ) );507 $group_ids = implode( ',', wp_parse_id_list( $group_ids ) ); 510 508 $paged_groups = BP_Groups_Group::get_group_extras( $paged_groups, $group_ids, $r['type'] ); 511 509 } … … 676 674 677 675 if ( !empty( $exclude ) ) { 678 $exclude = wp_parse_id_list( $exclude ); 679 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 676 $exclude = implode( ',', wp_parse_id_list( $exclude ) ); 680 677 $exclude_sql = " AND g.id NOT IN ({$exclude})"; 681 678 } 682 679 683 680 if ( !empty( $user_id ) ) { 684 $user_id = absint( $wpdb->escape( $user_id ) );681 $user_id = absint( esc_sql( $user_id ) ); 685 682 $paged_groups = $wpdb->get_results( "SELECT DISTINCT g.*, gm1.meta_value as total_member_count, gm2.meta_value as last_activity FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_groupmeta} gm3, {$bp->groups->table_name_members} m, {$bbdb->forums} f, {$bp->groups->table_name} g WHERE g.id = m.group_id AND g.id = gm1.group_id AND g.id = gm2.group_id AND g.id = gm3.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND (gm3.meta_key = 'forum_id' AND gm3.meta_value = f.forum_id) AND f.topics > 0 {$hidden_sql} {$search_sql} AND m.user_id = {$user_id} AND m.is_confirmed = 1 AND m.is_banned = 0 {$exclude_sql} ORDER BY f.topics DESC {$pag_sql}" ); 686 683 $total_groups = $wpdb->get_var( "SELECT COUNT(DISTINCT g.id) FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_groupmeta} gm3, {$bbdb->forums} f, {$bp->groups->table_name} g WHERE g.id = gm1.group_id AND g.id = gm2.group_id AND g.id = gm3.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND (gm3.meta_key = 'forum_id' AND gm3.meta_value = f.forum_id) AND f.topics > 0 {$hidden_sql} {$search_sql} AND m.user_id = {$user_id} AND m.is_confirmed = 1 AND m.is_banned = 0 {$exclude_sql}" ); … … 692 689 if ( !empty( $populate_extras ) ) { 693 690 foreach ( (array) $paged_groups as $group ) $group_ids[] = $group->id; 694 $group_ids = $wpdb->escape( join( ',', (array)$group_ids ) );691 $group_ids = implode( ',', wp_parse_id_list( $group_ids ) ); 695 692 $paged_groups = BP_Groups_Group::get_group_extras( $paged_groups, $group_ids, 'newest' ); 696 693 } … … 718 715 719 716 if ( !empty( $exclude ) ) { 720 $exclude = wp_parse_id_list( $exclude ); 721 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 717 $exclude = implode( ',', wp_parse_id_list( $exclude ) ); 722 718 $exclude_sql = " AND g.id NOT IN ({$exclude})"; 723 719 } 724 720 725 721 if ( !empty( $user_id ) ) { 726 $user_id = $wpdb->escape( $user_id );722 $user_id = esc_sql( $user_id ); 727 723 $paged_groups = $wpdb->get_results( "SELECT DISTINCT g.*, gm1.meta_value as total_member_count, gm2.meta_value as last_activity FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_groupmeta} gm3, {$bp->groups->table_name_members} m, {$bbdb->forums} f, {$bp->groups->table_name} g WHERE g.id = m.group_id AND g.id = gm1.group_id AND g.id = gm2.group_id AND g.id = gm3.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND (gm3.meta_key = 'forum_id' AND gm3.meta_value = f.forum_id) {$hidden_sql} {$search_sql} AND m.user_id = {$user_id} AND m.is_confirmed = 1 AND m.is_banned = 0 {$exclude_sql} ORDER BY f.posts ASC {$pag_sql}" ); 728 724 $total_groups = $wpdb->get_results( "SELECT COUNT(DISTINCT g.id) FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_groupmeta} gm3, {$bp->groups->table_name_members} m, {$bbdb->forums} f, {$bp->groups->table_name} g WHERE g.id = m.group_id AND g.id = gm1.group_id AND g.id = gm2.group_id AND g.id = gm3.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND (gm3.meta_key = 'forum_id' AND gm3.meta_value = f.forum_id) AND f.posts > 0 {$hidden_sql} {$search_sql} AND m.user_id = {$user_id} AND m.is_confirmed = 1 AND m.is_banned = 0 {$exclude_sql} " ); … … 734 730 if ( !empty( $populate_extras ) ) { 735 731 foreach ( (array) $paged_groups as $group ) $group_ids[] = $group->id; 736 $group_ids = $wpdb->escape( join( ',', (array)$group_ids ) );732 $group_ids = implode( ',', wp_parse_id_list( $group_ids ) ); 737 733 $paged_groups = BP_Groups_Group::get_group_extras( $paged_groups, $group_ids, 'newest' ); 738 734 } … … 756 752 757 753 if ( !empty( $exclude ) ) { 758 $exclude = wp_parse_id_list( $exclude ); 759 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 754 $exclude = implode( ',', wp_parse_id_list( $exclude ) ); 760 755 $exclude_sql = " AND g.id NOT IN ({$exclude})"; 761 756 } … … 777 772 $group_ids[] = $group->id; 778 773 } 779 $group_ids = $wpdb->escape( join( ',', (array)$group_ids ) );774 $group_ids = implode( ',', wp_parse_id_list( $group_ids ) ); 780 775 $paged_groups = BP_Groups_Group::get_group_extras( $paged_groups, $group_ids, 'newest' ); 781 776 } … … 802 797 if ( !empty( $exclude ) ) { 803 798 $exclude = wp_parse_id_list( $exclude ); 804 $exclude = $wpdb->escape( implode( ',', $exclude ) );799 $exclude = esc_sql( implode( ',', $exclude ) ); 805 800 $exclude_sql = " AND g.id NOT IN ({$exclude})"; 806 801 } 807 802 808 803 if ( !empty( $user_id ) ) { 809 $user_id = $wpdb->escape( $user_id );804 $user_id = esc_sql( $user_id ); 810 805 $paged_groups = $wpdb->get_results( "SELECT g.*, gm1.meta_value as total_member_count, gm2.meta_value as last_activity FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE g.id = m.group_id AND g.id = gm1.group_id AND g.id = gm2.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' {$hidden_sql} {$search_sql} AND m.user_id = {$user_id} AND m.is_confirmed = 1 AND m.is_banned = 0 {$exclude_sql} ORDER BY rand() {$pag_sql}" ); 811 806 $total_groups = $wpdb->get_var( "SELECT COUNT(DISTINCT m.group_id) FROM {$bp->groups->table_name_members} m LEFT JOIN {$bp->groups->table_name_groupmeta} gm ON m.group_id = gm.group_id INNER JOIN {$bp->groups->table_name} g ON m.group_id = g.id WHERE gm.meta_key = 'last_activity'{$hidden_sql} {$search_sql} AND m.user_id = {$user_id} AND m.is_confirmed = 1 AND m.is_banned = 0 {$exclude_sql}" ); … … 817 812 if ( !empty( $populate_extras ) ) { 818 813 foreach ( (array) $paged_groups as $group ) $group_ids[] = $group->id; 819 $group_ids = $wpdb->escape( join( ',', (array)$group_ids ) );814 $group_ids = implode( ',', wp_parse_id_list( $group_ids ) ); 820 815 $paged_groups = BP_Groups_Group::get_group_extras( $paged_groups, $group_ids, 'newest' ); 821 816 } … … 1512 1507 1513 1508 if ( !empty( $exclude ) ) { 1514 $exclude = wp_parse_id_list( $exclude ); 1515 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 1509 $exclude = implode( ',', wp_parse_id_list( $exclude ) ); 1516 1510 $exclude_sql = " AND g.id NOT IN ({$exclude})"; 1517 1511 } else { … … 1674 1668 $exclude_sql = ''; 1675 1669 if ( !empty( $exclude ) ) { 1676 $exclude = wp_parse_id_list( $exclude ); 1677 $exclude = $wpdb->escape( implode( ',', $exclude ) ); 1670 $exclude = implode( ',', wp_parse_id_list( $exclude ) ); 1678 1671 $exclude_sql = " AND m.user_id NOT IN ({$exclude})"; 1679 1672 }
Note: See TracChangeset
for help on using the changeset viewer.