Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
06/19/2014 01:36:57 AM (11 years ago)
Author:
boonebgorges
Message:

Refactor all uses of like_escape() to use bp_esc_like()

WordPress 4.0 will deprecate like_escape(), due to a history of inconsistent
documentation and usage. Its replacement is a new method, $wpdb->esc_like(),
which will be available only in WP 4.0. For this reason, and because the
return value of $wpdb->esc_like() will not always be identical to that of
like_escape(), BP cannot do a straight swap of the old function for the new
one. Instead, we introduce a wrapper function that uses the core method if
available, and otherwise reproduces the logic of that method (for earlier
versions of WordPress).

Fixes #5701
slightly different syntax in some cases

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-core/bp-core-classes.php

    r8332 r8541  
    365365        // xprofile field matches happen in bp_xprofile_bp_user_query_search()
    366366        if ( false !== $search_terms ) {
    367             $search_terms_clean = esc_sql( esc_sql( $search_terms ) );
    368             $sql['where']['search'] = "u.{$this->uid_name} IN ( SELECT ID FROM {$wpdb->users} WHERE ( user_login LIKE '%{$search_terms_clean}%' OR user_nicename LIKE '%{$search_terms_clean}%' ) )";
     367            $search_terms_like = '%' . bp_esc_like( $search_terms ) . '%';
     368            $sql['where']['search'] = $wpdb->prepare( "u.{$this->uid_name} IN ( SELECT ID FROM {$wpdb->users} WHERE ( user_login LIKE %s OR user_nicename LIKE %s ) )", $search_terms_like, $search_terms_like );
    369369        }
    370370
     
    968968
    969969        if ( !empty( $search_terms ) && bp_is_active( 'xprofile' ) ) {
    970             $search_terms             = esc_sql( like_escape( $search_terms ) );
    971             $sql['where_searchterms'] = "AND spd.value LIKE '%%$search_terms%%'";
     970            $search_terms_like        = '%' . bp_esc_like( $search_terms ) . '%';
     971            $sql['where_searchterms'] = $wpdb->prepare( "AND spd.value LIKE %s", $search_terms_like );
    972972        }
    973973
     
    10861086        }
    10871087
    1088         $letter     = esc_sql( like_escape( $letter ) );
    1089         $status_sql = bp_core_get_status_sql( 'u.' );
     1088        $letter_like = bp_esc_like( $letter ) . '%';
     1089        $status_sql  = bp_core_get_status_sql( 'u.' );
    10901090
    10911091        if ( !empty( $exclude ) ) {
     
    10961096        }
    10971097
    1098         $total_users_sql = apply_filters( 'bp_core_users_by_letter_count_sql', $wpdb->prepare( "SELECT COUNT(DISTINCT u.ID) FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id LEFT JOIN {$bp->profile->table_name_fields} pf ON pd.field_id = pf.id WHERE {$status_sql} AND pf.name = %s {$exclude_sql} AND pd.value LIKE '{$letter}%%'  ORDER BY pd.value ASC", bp_xprofile_fullname_field_name() ) );
    1099         $paged_users_sql = apply_filters( 'bp_core_users_by_letter_sql',       $wpdb->prepare( "SELECT DISTINCT u.ID as id, u.user_registered, u.user_nicename, u.user_login, u.user_email FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id LEFT JOIN {$bp->profile->table_name_fields} pf ON pd.field_id = pf.id WHERE {$status_sql} AND pf.name = %s {$exclude_sql} AND pd.value LIKE '{$letter}%%' ORDER BY pd.value ASC{$pag_sql}", bp_xprofile_fullname_field_name() ) );
     1098        $total_users_sql = apply_filters( 'bp_core_users_by_letter_count_sql', $wpdb->prepare( "SELECT COUNT(DISTINCT u.ID) FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id LEFT JOIN {$bp->profile->table_name_fields} pf ON pd.field_id = pf.id WHERE {$status_sql} AND pf.name = %s {$exclude_sql} AND pd.value LIKE %s ORDER BY pd.value ASC", bp_xprofile_fullname_field_name(), $letter_like ) );
     1099        $paged_users_sql = apply_filters( 'bp_core_users_by_letter_sql',       $wpdb->prepare( "SELECT DISTINCT u.ID as id, u.user_registered, u.user_nicename, u.user_login, u.user_email FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id LEFT JOIN {$bp->profile->table_name_fields} pf ON pd.field_id = pf.id WHERE {$status_sql} AND pf.name = %s {$exclude_sql} AND pd.value LIKE %s ORDER BY pd.value ASC{$pag_sql}", bp_xprofile_fullname_field_name(), $letter_like ) );
    11001100
    11011101        $total_users = $wpdb->get_var( $total_users_sql );
     
    11851185        $pag_sql  = $limit && $page ? $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * intval( $limit ) ), intval( $limit ) ) : '';
    11861186
    1187         $search_terms = esc_sql( like_escape( $search_terms ) );
    1188         $status_sql   = bp_core_get_status_sql( 'u.' );
    1189 
    1190         $total_users_sql = apply_filters( 'bp_core_search_users_count_sql', "SELECT COUNT(DISTINCT u.ID) as id FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id WHERE {$status_sql} AND pd.value LIKE '%%{$search_terms}%%' ORDER BY pd.value ASC", $search_terms );
    1191         $paged_users_sql = apply_filters( 'bp_core_search_users_sql',       "SELECT DISTINCT u.ID as id, u.user_registered, u.user_nicename, u.user_login, u.user_email FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id WHERE {$status_sql} AND pd.value LIKE '%%{$search_terms}%%' ORDER BY pd.value ASC{$pag_sql}", $search_terms, $pag_sql );
     1187        $search_terms_like = '%' . bp_esc_like( $search_terms ) . '%';
     1188        $status_sql        = bp_core_get_status_sql( 'u.' );
     1189
     1190        $total_users_sql = apply_filters( 'bp_core_search_users_count_sql', $wpdb->prepare( "SELECT COUNT(DISTINCT u.ID) as id FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id WHERE {$status_sql} AND pd.value LIKE %s ORDER BY pd.value ASC", $search_terms_like ), $search_terms );
     1191        $paged_users_sql = apply_filters( 'bp_core_search_users_sql',       $wpdb->prepare( "SELECT DISTINCT u.ID as id, u.user_registered, u.user_nicename, u.user_login, u.user_email FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id WHERE {$status_sql} AND pd.value LIKE %s ORDER BY pd.value ASC{$pag_sql}", $search_terms_like ), $search_terms, $pag_sql );
    11921192
    11931193        $total_users = $wpdb->get_var( $total_users_sql );
Note: See TracChangeset for help on using the changeset viewer.