Changeset 8541 for trunk/src/bp-core/bp-core-classes.php
- Timestamp:
- 06/19/2014 01:36:57 AM (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/bp-core/bp-core-classes.php
r8332 r8541 365 365 // xprofile field matches happen in bp_xprofile_bp_user_query_search() 366 366 if ( false !== $search_terms ) { 367 $search_terms_ clean = esc_sql( esc_sql( $search_terms ) );368 $sql['where']['search'] = "u.{$this->uid_name} IN ( SELECT ID FROM {$wpdb->users} WHERE ( user_login LIKE '%{$search_terms_clean}%' OR user_nicename LIKE '%{$search_terms_clean}%' ) )";367 $search_terms_like = '%' . bp_esc_like( $search_terms ) . '%'; 368 $sql['where']['search'] = $wpdb->prepare( "u.{$this->uid_name} IN ( SELECT ID FROM {$wpdb->users} WHERE ( user_login LIKE %s OR user_nicename LIKE %s ) )", $search_terms_like, $search_terms_like ); 369 369 } 370 370 … … 968 968 969 969 if ( !empty( $search_terms ) && bp_is_active( 'xprofile' ) ) { 970 $search_terms = esc_sql( like_escape( $search_terms ) );971 $sql['where_searchterms'] = "AND spd.value LIKE '%%$search_terms%%'";970 $search_terms_like = '%' . bp_esc_like( $search_terms ) . '%'; 971 $sql['where_searchterms'] = $wpdb->prepare( "AND spd.value LIKE %s", $search_terms_like ); 972 972 } 973 973 … … 1086 1086 } 1087 1087 1088 $letter = esc_sql( like_escape( $letter ) );1089 $status_sql = bp_core_get_status_sql( 'u.' );1088 $letter_like = bp_esc_like( $letter ) . '%'; 1089 $status_sql = bp_core_get_status_sql( 'u.' ); 1090 1090 1091 1091 if ( !empty( $exclude ) ) { … … 1096 1096 } 1097 1097 1098 $total_users_sql = apply_filters( 'bp_core_users_by_letter_count_sql', $wpdb->prepare( "SELECT COUNT(DISTINCT u.ID) FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id LEFT JOIN {$bp->profile->table_name_fields} pf ON pd.field_id = pf.id WHERE {$status_sql} AND pf.name = %s {$exclude_sql} AND pd.value LIKE '{$letter}%%' ORDER BY pd.value ASC", bp_xprofile_fullname_field_name()) );1099 $paged_users_sql = apply_filters( 'bp_core_users_by_letter_sql', $wpdb->prepare( "SELECT DISTINCT u.ID as id, u.user_registered, u.user_nicename, u.user_login, u.user_email FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id LEFT JOIN {$bp->profile->table_name_fields} pf ON pd.field_id = pf.id WHERE {$status_sql} AND pf.name = %s {$exclude_sql} AND pd.value LIKE '{$letter}%%' ORDER BY pd.value ASC{$pag_sql}", bp_xprofile_fullname_field_name()) );1098 $total_users_sql = apply_filters( 'bp_core_users_by_letter_count_sql', $wpdb->prepare( "SELECT COUNT(DISTINCT u.ID) FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id LEFT JOIN {$bp->profile->table_name_fields} pf ON pd.field_id = pf.id WHERE {$status_sql} AND pf.name = %s {$exclude_sql} AND pd.value LIKE %s ORDER BY pd.value ASC", bp_xprofile_fullname_field_name(), $letter_like ) ); 1099 $paged_users_sql = apply_filters( 'bp_core_users_by_letter_sql', $wpdb->prepare( "SELECT DISTINCT u.ID as id, u.user_registered, u.user_nicename, u.user_login, u.user_email FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id LEFT JOIN {$bp->profile->table_name_fields} pf ON pd.field_id = pf.id WHERE {$status_sql} AND pf.name = %s {$exclude_sql} AND pd.value LIKE %s ORDER BY pd.value ASC{$pag_sql}", bp_xprofile_fullname_field_name(), $letter_like ) ); 1100 1100 1101 1101 $total_users = $wpdb->get_var( $total_users_sql ); … … 1185 1185 $pag_sql = $limit && $page ? $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * intval( $limit ) ), intval( $limit ) ) : ''; 1186 1186 1187 $search_terms = esc_sql( like_escape( $search_terms ) );1188 $status_sql = bp_core_get_status_sql( 'u.' );1189 1190 $total_users_sql = apply_filters( 'bp_core_search_users_count_sql', "SELECT COUNT(DISTINCT u.ID) as id FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id WHERE {$status_sql} AND pd.value LIKE '%%{$search_terms}%%' ORDER BY pd.value ASC", $search_terms );1191 $paged_users_sql = apply_filters( 'bp_core_search_users_sql', "SELECT DISTINCT u.ID as id, u.user_registered, u.user_nicename, u.user_login, u.user_email FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id WHERE {$status_sql} AND pd.value LIKE '%%{$search_terms}%%' ORDER BY pd.value ASC{$pag_sql}", $search_terms, $pag_sql );1187 $search_terms_like = '%' . bp_esc_like( $search_terms ) . '%'; 1188 $status_sql = bp_core_get_status_sql( 'u.' ); 1189 1190 $total_users_sql = apply_filters( 'bp_core_search_users_count_sql', $wpdb->prepare( "SELECT COUNT(DISTINCT u.ID) as id FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id WHERE {$status_sql} AND pd.value LIKE %s ORDER BY pd.value ASC", $search_terms_like ), $search_terms ); 1191 $paged_users_sql = apply_filters( 'bp_core_search_users_sql', $wpdb->prepare( "SELECT DISTINCT u.ID as id, u.user_registered, u.user_nicename, u.user_login, u.user_email FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id WHERE {$status_sql} AND pd.value LIKE %s ORDER BY pd.value ASC{$pag_sql}", $search_terms_like ), $search_terms, $pag_sql ); 1192 1192 1193 1193 $total_users = $wpdb->get_var( $total_users_sql );
Note: See TracChangeset
for help on using the changeset viewer.