Changeset 8541 for trunk/src/bp-core/bp-core-functions.php

Timestamp:

06/19/2014 01:36:57 AM (11 years ago)

Author:

boonebgorges

Message:

Refactor all uses of like_escape() to use bp_esc_like()

WordPress 4.0 will deprecate like_escape(), due to a history of inconsistent
documentation and usage. Its replacement is a new method, $wpdb->esc_like(),
which will be available only in WP 4.0. For this reason, and because the
return value of $wpdb->esc_like() will not always be identical to that of
like_escape(), BP cannot do a straight swap of the old function for the new
one. Instead, we introduce a wrapper function that uses the core method if
available, and otherwise reproduces the logic of that method (for earlier
versions of WordPress).

Fixes #5701
slightly different syntax in some cases

File:

• trunk/src/bp-core/bp-core-functions.php (modified) (1 diff)

trunk/src/bp-core/bp-core-functions.php

@@ -263 +263 @@
     $order = strtoupper( trim( $order ) );
     return 'DESC' === $order ? 'DESC' : 'ASC';
+}
+
+/**
+ * Escape special characters in a SQL LIKE clause.
+ *
+ * In WordPress 4.0, like_escape() was deprecated, due to incorrect
+ * documentation and improper sanitization leading to a history of misuse. To
+ * maintain compatibility with versions of WP before 4.0, we duplicate the
+ * logic of the replacement, wpdb::esc_like().
+ *
+ * @since BuddyPress (2.1.0)
+ *
+ * @see wpdb::esc_like() for more details on proper use.
+ *
+ * @param string $text The raw text to be escaped.
+ * @return string Text in the form of a LIKE phrase. Not SQL safe. Run through
+ *         wpdb::prepare() before use.
+ */
+function bp_esc_like( $text ) {
+    global $wpdb;
+
+    if ( method_exists( $wpdb, 'esc_like' ) ) {
+        return $wpdb->esc_like( $text );
+    } else {
+        return addcslashes( $text, '_%\\' );
+    }
 }