Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
06/19/2014 01:36:57 AM (11 years ago)
Author:
boonebgorges
Message:

Refactor all uses of like_escape() to use bp_esc_like()

WordPress 4.0 will deprecate like_escape(), due to a history of inconsistent
documentation and usage. Its replacement is a new method, $wpdb->esc_like(),
which will be available only in WP 4.0. For this reason, and because the
return value of $wpdb->esc_like() will not always be identical to that of
like_escape(), BP cannot do a straight swap of the old function for the new
one. Instead, we introduce a wrapper function that uses the core method if
available, and otherwise reproduces the logic of that method (for earlier
versions of WordPress).

Fixes #5701
slightly different syntax in some cases

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/bp-groups/bp-groups-classes.php

    r8537 r8541  
    446446            $user_id = bp_displayed_user_id();
    447447
    448         $filter = esc_sql( like_escape( $filter ) );
     448        $search_terms_like = bp_esc_like( $filter ) . '%';
    449449
    450450        $pag_sql = $order_sql = $hidden_sql = '';
     
    461461        $gids = esc_sql( implode( ',', wp_parse_id_list( $gids['groups'] ) ) );
    462462
    463         $paged_groups = $wpdb->get_results( "SELECT id as group_id FROM {$bp->groups->table_name} WHERE ( name LIKE '{$filter}%%' OR description LIKE '{$filter}%%' ) AND id IN ({$gids}) {$pag_sql}" );
    464         $total_groups = $wpdb->get_var( "SELECT COUNT(id) FROM {$bp->groups->table_name} WHERE ( name LIKE '{$filter}%%' OR description LIKE '{$filter}%%' ) AND id IN ({$gids})" );
     463        $paged_groups = $wpdb->get_results( $wpdb->prepare( "SELECT id as group_id FROM {$bp->groups->table_name} WHERE ( name LIKE %s OR description LIKE %s ) AND id IN ({$gids}) {$pag_sql}", $search_terms_like, $search_terms_like ) );
     464        $total_groups = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(id) FROM {$bp->groups->table_name} WHERE ( name LIKE %s OR description LIKE %s ) AND id IN ({$gids})", $search_terms_like, $search_terms_like ) );
    465465
    466466        return array( 'groups' => $paged_groups, 'total' => $total_groups );
     
    487487        global $wpdb, $bp;
    488488
    489         $filter = esc_sql( like_escape( $filter ) );
     489        $search_terms_like = '%' . bp_esc_like( $filter ) . '%';
    490490
    491491        $pag_sql = $order_sql = $hidden_sql = '';
     
    503503            $hidden_sql = "AND status != 'hidden'";
    504504
    505         $paged_groups = $wpdb->get_results( "SELECT id as group_id FROM {$bp->groups->table_name} WHERE ( name LIKE '%%{$filter}%%' OR description LIKE '%%{$filter}%%' ) {$hidden_sql} {$order_sql} {$pag_sql}" );
    506         $total_groups = $wpdb->get_var( "SELECT COUNT(id) FROM {$bp->groups->table_name} WHERE ( name LIKE '%%{$filter}%%' OR description LIKE '%%{$filter}%%' ) {$hidden_sql}" );
     505        $paged_groups = $wpdb->get_results( $wpdb->prepare( "SELECT id as group_id FROM {$bp->groups->table_name} WHERE ( name LIKE %s OR description LIKE %s ) {$hidden_sql} {$order_sql} {$pag_sql}", $search_terms_like, $search_terms_like ) );
     506        $total_groups = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(id) FROM {$bp->groups->table_name} WHERE ( name LIKE %s OR description LIKE %s ) {$hidden_sql}", $search_terms_like, $search_terms_like ) );
    507507
    508508        return array( 'groups' => $paged_groups, 'total' => $total_groups );
     
    703703
    704704        if ( ! empty( $r['search_terms'] ) ) {
    705             $search_terms = esc_sql( like_escape( $r['search_terms'] ) );
    706             $sql['search'] = " AND ( g.name LIKE '%%{$search_terms}%%' OR g.description LIKE '%%{$search_terms}%%' )";
     705            $search_terms_like = '%' . bp_esc_like( $r['search_terms'] ) . '%';
     706            $sql['search'] = $wpdb->prepare( " AND ( g.name LIKE %s OR g.description LIKE %s )", $search_terms_like, $search_terms_like );
    707707        }
    708708
     
    785785
    786786        if ( ! empty( $sql['search'] ) ) {
    787             $total_sql['where'][] = "( g.name LIKE '%%{$search_terms}%%' OR g.description LIKE '%%{$search_terms}%%' )";
     787            $total_sql['where'][] = $wpdb->prepare( "( g.name LIKE %s OR g.description LIKE %s )", $search_terms_like, $search_terms_like );
    788788        }
    789789
     
    10301030
    10311031        if ( !empty( $search_terms ) ) {
    1032             $search_terms = esc_sql( like_escape( $search_terms ) );
    1033             $search_sql = " AND ( g.name LIKE '%%{$search_terms}%%' OR g.description LIKE '%%{$search_terms}%%' )";
     1032            $search_terms_like = '%' . bp_esc_like( $search_terms ) . '%';
     1033            $search_sql        = $wpdb->prepare( ' AND ( g.name LIKE %s OR g.description LIKE %s ) ', $search_terms_like, $search_terms_like );
    10341034        }
    10351035
     
    10941094
    10951095        if ( !empty( $search_terms ) ) {
    1096             $search_terms = esc_sql( like_escape( $search_terms ) );
    1097             $search_sql = " AND ( g.name LIKE '%%{$search_terms}%%' OR g.description LIKE '%%{$search_terms}%%' )";
     1096            $search_terms_like = '%' . bp_esc_like( $search_terms ) . '%';
     1097            $search_sql        = $wpdb->prepare( ' AND ( g.name LIKE %s OR g.description LIKE %s ) ', $search_terms_like, $search_terms_like );
    10981098        }
    10991099
     
    11651165            $hidden_sql = " AND status != 'hidden'";
    11661166
    1167         $letter = esc_sql( like_escape( $letter ) );
     1167        $letter_like = bp_esc_like( $letter ) . '%';
    11681168
    11691169        if ( !empty( $limit ) && !empty( $page ) ) {
     
    11711171        }
    11721172
    1173         $total_groups = $wpdb->get_var( "SELECT COUNT(DISTINCT g.id) FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name} g WHERE g.id = gm1.group_id AND g.id = gm2.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND g.name LIKE '{$letter}%%' {$hidden_sql} {$exclude_sql}" );
    1174 
    1175         $paged_groups = $wpdb->get_results( "SELECT g.*, gm1.meta_value as total_member_count, gm2.meta_value as last_activity FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name} g WHERE g.id = gm1.group_id AND g.id = gm2.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND g.name LIKE '{$letter}%%' {$hidden_sql} {$exclude_sql} ORDER BY g.name ASC {$pag_sql}" );
     1173        $total_groups = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(DISTINCT g.id) FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name} g WHERE g.id = gm1.group_id AND g.id = gm2.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND g.name LIKE %s {$hidden_sql} {$exclude_sql}", $letter_like ) );
     1174
     1175        $paged_groups = $wpdb->get_results( $wpdb->prepare( "SELECT g.*, gm1.meta_value as total_member_count, gm2.meta_value as last_activity FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name} g WHERE g.id = gm1.group_id AND g.id = gm2.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND g.name LIKE %s {$hidden_sql} {$exclude_sql} ORDER BY g.name ASC {$pag_sql}", $letter_like ) );
    11761176
    11771177        if ( !empty( $populate_extras ) ) {
     
    12211221
    12221222        if ( !empty( $search_terms ) ) {
    1223             $search_terms = esc_sql( like_escape( $search_terms ) );
    1224             $search_sql = " AND ( g.name LIKE '%%{$search_terms}%%' OR g.description LIKE '%%{$search_terms}%%' )";
     1223            $search_terms_like = '%' . bp_esc_like( $search_terms ) . '%';
     1224            $search_sql = $wpdb->prepare( " AND ( g.name LIKE %s OR g.description LIKE %s )", $search_terms_like, $search_terms_like );
    12251225        }
    12261226
     
    14381438
    14391439        if ( !empty( $search_terms ) ) {
    1440             $st = esc_sql( like_escape( $search_terms ) );
    1441             $sql['where'] .= " AND (  t.topic_title LIKE '%{$st}%' )";
     1440            $search_terms_like = '%' . bp_esc_like( $search_terms ) . '%';
     1441            $sql['where'] .= $wpdb->prepare( " AND ( t.topic_title LIKE %s )", $search_terms_like );
    14421442        }
    14431443
     
    22622262        global $wpdb, $bp;
    22632263
    2264         $pag_sql = $hidden_sql = $filter_sql = '';
     2264        $user_id_sql = $pag_sql = $hidden_sql = $filter_sql = '';
     2265
     2266        $user_id_sql = $wpdb->prepare( 'm.user_id = %d', $user_id );
    22652267
    22662268        if ( !empty( $limit ) && !empty( $page ) )
     
    22682270
    22692271        if ( !empty( $filter ) ) {
    2270             $filter     = esc_sql( like_escape( $filter ) );
    2271             $filter_sql = " AND ( g.name LIKE '%%{$filter}%%' OR g.description LIKE '%%{$filter}%%' )";
     2272            $search_terms_like = '%' . bp_esc_like( $filter ) . '%';
     2273            $filter_sql = $wpdb->prepare( " AND ( g.name LIKE %s OR g.description LIKE %s )", $search_terms_like, $search_terms_like );
    22722274        }
    22732275
     
    22752277            $hidden_sql = " AND g.status != 'hidden'";
    22762278
    2277         $paged_groups = $wpdb->get_results( $wpdb->prepare( "SELECT g.*, gm1.meta_value as total_member_count, gm2.meta_value as last_activity FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE g.id = m.group_id AND g.id = gm1.group_id AND g.id = gm2.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count'{$hidden_sql}{$filter_sql} AND m.user_id = %d AND m.is_confirmed = 1 AND m.is_banned = 0 ORDER BY m.date_modified DESC {$pag_sql}", $user_id ) );
    2278         $total_groups = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(DISTINCT m.group_id) FROM {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE m.group_id = g.id{$hidden_sql}{$filter_sql} AND m.user_id = %d AND m.is_banned = 0 AND m.is_confirmed = 1 ORDER BY m.date_modified DESC", $user_id ) );
     2279        $paged_groups = $wpdb->get_results( "SELECT g.*, gm1.meta_value as total_member_count, gm2.meta_value as last_activity FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE g.id = m.group_id AND g.id = gm1.group_id AND g.id = gm2.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count'{$hidden_sql}{$filter_sql} AND {$user_id_sql} AND m.is_confirmed = 1 AND m.is_banned = 0 ORDER BY m.date_modified DESC {$pag_sql}" );
     2280        $total_groups = $wpdb->get_var( "SELECT COUNT(DISTINCT m.group_id) FROM {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE m.group_id = g.id{$hidden_sql}{$filter_sql} AND {$user_id_sql} AND m.is_banned = 0 AND m.is_confirmed = 1 ORDER BY m.date_modified DESC" );
    22792281
    22802282        return array( 'groups' => $paged_groups, 'total' => $total_groups );
     
    22992301        global $wpdb, $bp;
    23002302
    2301         $pag_sql = $hidden_sql = $filter_sql = '';
     2303        $user_id_sql = $pag_sql = $hidden_sql = $filter_sql = '';
     2304
     2305        $user_id_sql = $wpdb->prepare( 'm.user_id = %d', $user_id );
    23022306
    23032307        if ( !empty( $limit ) && !empty( $page ) )
     
    23052309
    23062310        if ( !empty( $filter ) ) {
    2307             $filter     = esc_sql( like_escape( $filter ) );
    2308             $filter_sql = " AND ( g.name LIKE '%%{$filter}%%' OR g.description LIKE '%%{$filter}%%' )";
     2311            $search_terms_like = '%' . bp_esc_like( $filter ) . '%';
     2312            $filter_sql = $wpdb->prepare( " AND ( g.name LIKE %s OR g.description LIKE %s )", $search_terms_like, $search_terms_like );
    23092313        }
    23102314
     
    23122316            $hidden_sql = " AND g.status != 'hidden'";
    23132317
    2314         $paged_groups = $wpdb->get_results( $wpdb->prepare( "SELECT g.*, gm1.meta_value as total_member_count, gm2.meta_value as last_activity FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE g.id = m.group_id AND g.id = gm1.group_id AND g.id = gm2.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count'{$hidden_sql}{$filter_sql} AND m.user_id = %d AND m.is_confirmed = 1 AND m.is_banned = 0 AND m.is_admin = 1 ORDER BY m.date_modified ASC {$pag_sql}", $user_id ) );
    2315         $total_groups = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(DISTINCT m.group_id) FROM {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE m.group_id = g.id{$hidden_sql}{$filter_sql} AND m.user_id = %d AND m.is_confirmed = 1 AND m.is_banned = 0 AND m.is_admin = 1 ORDER BY date_modified ASC", $user_id ) );
     2318        $paged_groups = $wpdb->get_results( "SELECT g.*, gm1.meta_value as total_member_count, gm2.meta_value as last_activity FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE g.id = m.group_id AND g.id = gm1.group_id AND g.id = gm2.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count'{$hidden_sql}{$filter_sql} AND {$user_id_sql} AND m.is_confirmed = 1 AND m.is_banned = 0 AND m.is_admin = 1 ORDER BY m.date_modified ASC {$pag_sql}" );
     2319        $total_groups = $wpdb->get_var( "SELECT COUNT(DISTINCT m.group_id) FROM {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE m.group_id = g.id{$hidden_sql}{$filter_sql} AND {$user_id_sql} AND m.is_confirmed = 1 AND m.is_banned = 0 AND m.is_admin = 1 ORDER BY date_modified ASC" );
    23162320
    23172321        return array( 'groups' => $paged_groups, 'total' => $total_groups );
     
    23362340        global $wpdb, $bp;
    23372341
    2338         $pag_sql = $hidden_sql = $filter_sql = '';
     2342        $user_id_sql = $pag_sql = $hidden_sql = $filter_sql = '';
     2343
     2344        $user_id_sql = $wpdb->prepare( 'm.user_id = %d', $user_id );
    23392345
    23402346        if ( !empty( $limit ) && !empty( $page ) )
     
    23422348
    23432349        if ( !empty( $filter ) ) {
    2344             $filter     = esc_sql( like_escape( $filter ) );
    2345             $filter_sql = " AND ( g.name LIKE '%%{$filter}%%' OR g.description LIKE '%%{$filter}%%' )";
     2350            $search_terms_like = '%' . bp_esc_like( $filter ) . '%';
     2351            $filter_sql = $wpdb->prepare( " AND ( g.name LIKE %s OR g.description LIKE %s )", $search_terms_like, $search_terms_like );
    23462352        }
    23472353
     
    23492355            $hidden_sql = " AND g.status != 'hidden'";
    23502356
    2351         $paged_groups = $wpdb->get_results( $wpdb->prepare( "SELECT g.*, gm1.meta_value as total_member_count, gm2.meta_value as last_activity FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE g.id = m.group_id AND g.id = gm1.group_id AND g.id = gm2.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count'{$hidden_sql}{$filter_sql} AND m.user_id = %d AND m.is_confirmed = 1 AND m.is_banned = 0 AND m.is_mod = 1 ORDER BY m.date_modified ASC {$pag_sql}", $user_id ) );
    2352         $total_groups = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(DISTINCT m.group_id) FROM {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE m.group_id = g.id{$hidden_sql}{$filter_sql} AND m.user_id = %d AND m.is_confirmed = 1 AND m.is_banned = 0 AND m.is_mod = 1 ORDER BY date_modified ASC", $user_id ) );
     2357        $paged_groups = $wpdb->get_results( "SELECT g.*, gm1.meta_value as total_member_count, gm2.meta_value as last_activity FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE g.id = m.group_id AND g.id = gm1.group_id AND g.id = gm2.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count'{$hidden_sql}{$filter_sql} AND {$user_id_sql} AND m.is_confirmed = 1 AND m.is_banned = 0 AND m.is_mod = 1 ORDER BY m.date_modified ASC {$pag_sql}" );
     2358        $total_groups = $wpdb->get_var( "SELECT COUNT(DISTINCT m.group_id) FROM {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE m.group_id = g.id{$hidden_sql}{$filter_sql} AND {$user_id_sql} AND m.is_confirmed = 1 AND m.is_banned = 0 AND m.is_mod = 1 ORDER BY date_modified ASC" );
    23532359
    23542360        return array( 'groups' => $paged_groups, 'total' => $total_groups );
Note: See TracChangeset for help on using the changeset viewer.