Changeset 8541 for trunk/src/bp-friends/bp-friends-classes.php

Timestamp:

06/19/2014 01:36:57 AM (12 years ago)

Author:

boonebgorges

Message:

Refactor all uses of like_escape() to use bp_esc_like()

WordPress 4.0 will deprecate like_escape(), due to a history of inconsistent
documentation and usage. Its replacement is a new method, $wpdb->esc_like(),
which will be available only in WP 4.0. For this reason, and because the
return value of $wpdb->esc_like() will not always be identical to that of
like_escape(), BP cannot do a straight swap of the old function for the new
one. Instead, we introduce a wrapper function that uses the core method if
available, and otherwise reproduces the logic of that method (for earlier
versions of WordPress).

Fixes #5701
slightly different syntax in some cases

File:

• trunk/src/bp-friends/bp-friends-classes.php (modified) (6 diffs)

trunk/src/bp-friends/bp-friends-classes.php

@@ -291 +291 @@
             $user_id = bp_loggedin_user_id();
 
-        $filter = esc_sql( like_escape( $filter ) );
+        // Only search for matching strings at the beginning of the
+        // name (@todo - figure out why this restriction)
+        $search_terms_like = bp_esc_like( $filter ) . '%';
 
         $pag_sql = '';
@@ -308 +310 @@
         // filter the user_ids based on the search criteria.
         if ( bp_is_active( 'xprofile' ) ) {
-            $sql       = "SELECT DISTINCT user_id FROM {$bp->profile->table_name_data} WHERE user_id IN ({$fids}) AND value LIKE '{$filter}%%' {$pag_sql}";
-            $total_sql = "SELECT COUNT(DISTINCT user_id) FROM {$bp->profile->table_name_data} WHERE user_id IN ({$fids}) AND value LIKE '{$filter}%%'";
+            $sql       = $wpdb->prepare( "SELECT DISTINCT user_id FROM {$bp->profile->table_name_data} WHERE user_id IN ({$fids}) AND value LIKE %s {$pag_sql}", $search_terms_like );
+            $total_sql = $wpdb->prepare( "SELECT COUNT(DISTINCT user_id) FROM {$bp->profile->table_name_data} WHERE user_id IN ({$fids}) AND value LIKE %s", $search_terms_like );
         } else {
-            $sql       = "SELECT DISTINCT user_id FROM {$wpdb->usermeta} WHERE user_id IN ({$fids}) AND meta_key = 'nickname' AND meta_value LIKE '{$filter}%%' {$pag_sql}";
-            $total_sql = "SELECT COUNT(DISTINCT user_id) FROM {$wpdb->usermeta} WHERE user_id IN ({$fids}) AND meta_key = 'nickname' AND meta_value LIKE '{$filter}%%'";
+            $sql       = $wpdb->prepare( "SELECT DISTINCT user_id FROM {$wpdb->usermeta} WHERE user_id IN ({$fids}) AND meta_key = 'nickname' AND meta_value LIKE %s' {$pag_sql}", $search_terms_like );
+            $total_sql = $wpdb->prepare( "SELECT COUNT(DISTINCT user_id) FROM {$wpdb->usermeta} WHERE user_id IN ({$fids}) AND meta_key = 'nickname' AND meta_value LIKE %s", $search_terms_like );
         }
 
@@ -444 +446 @@
         global $wpdb, $bp;
 
-        $filter = esc_sql( like_escape( $filter ) );
+        // Only search for matching strings at the beginning of the
+        // name (@todo - figure out why this restriction)
+        $search_terms_like = bp_esc_like( $filter ) . '%';
 
         $usermeta_table = $wpdb->base_prefix . 'usermeta';
@@ -455 +459 @@
         // filter the user_ids based on the search criteria.
         if ( bp_is_active( 'xprofile' ) ) {
-            $sql = "SELECT DISTINCT d.user_id as id FROM {$bp->profile->table_name_data} d, {$users_table} u WHERE d.user_id = u.id AND d.value LIKE '{$filter}%%' ORDER BY d.value DESC {$pag_sql}";
+            $sql = $wpdb->prepare( "SELECT DISTINCT d.user_id as id FROM {$bp->profile->table_name_data} d, {$users_table} u WHERE d.user_id = u.id AND d.value LIKE %s ORDER BY d.value DESC {$pag_sql}", $search_terms_like );
         } else {
-            $sql = "SELECT DISTINCT user_id as id FROM {$usermeta_table} WHERE meta_value LIKE '{$filter}%%' ORDER BY d.value DESC {$pag_sql}";
+            $sql = $wpdb->prepare( "SELECT DISTINCT user_id as id FROM {$usermeta_table} WHERE meta_value LIKE %s ORDER BY d.value DESC {$pag_sql}", $search_terms_like );
         }
 
@@ -479 +483 @@
         global $wpdb, $bp;
 
-        $filter = esc_sql( like_escape( $filter ) );
+        // Only search for matching strings at the beginning of the
+        // name (@todo - figure out why this restriction)
+        $search_terms_like = bp_esc_like( $filter ) . '%';
 
         $usermeta_table = $wpdb->prefix . 'usermeta';
@@ -486 +492 @@
         // filter the user_ids based on the search criteria.
         if ( bp_is_active( 'xprofile' ) ) {
-            $sql = "SELECT COUNT(DISTINCT d.user_id) FROM {$bp->profile->table_name_data} d, {$users_table} u WHERE d.user_id = u.id AND d.value LIKE '{$filter}%%'";
+            $sql = $wpdb->prepare( "SELECT COUNT(DISTINCT d.user_id) FROM {$bp->profile->table_name_data} d, {$users_table} u WHERE d.user_id = u.id AND d.value LIKE %s", $search_terms_like );
         } else {
-            $sql = "SELECT COUNT(DISTINCT user_id) FROM {$usermeta_table} WHERE meta_value LIKE '{$filter}%%'";
+            $sql = $wpdb->prepare( "SELECT COUNT(DISTINCT user_id) FROM {$usermeta_table} WHERE meta_value LIKE %s", $search_terms_like );
         }