Context Navigation

← Previous Changeset
Next Changeset →

Changeset 8928

Timestamp:

08/16/2014 12:03:53 PM (10 years ago)

Author:

imath

Message:

Make sure BP_User_Query returns correct results when search term contains the Ampersand character

Search terms containing this character was problematic as the "&" is a query var delimiter used in bp_legacy_theme_ajax_querystring() to build the ajax querystring

When a xProfile field is saved, the value is sanitized using the xprofile_filter_kses() filter which is converting "&" to "&" before inserting the value in database.

Urlencoding the search terms in bp_legacy_theme_ajax_querystring() and applying wp_kses_normalize_entities() to search terms in BP_User_Query & in bp_xprofile_bp_user_query_search() make sure the correct results are returned to the user.

Fixes #5694

Location:

trunk

Files:

: 4 edited

src/bp-core/bp-core-classes.php (modified) (1 diff)
src/bp-templates/bp-legacy/buddypress-functions.php (modified) (1 diff)
src/bp-xprofile/bp-xprofile-functions.php (modified) (1 diff)
tests/phpunit/testcases/core/class-bp-user-query.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/src/bp-core/bp-core-classes.php

r8796	r8928
369	369	// xprofile field matches happen in bp_xprofile_bp_user_query_search()
370	370	if ( false !== $search_terms ) {
371		$search_terms = bp_esc_like( ~~$search_terms~~ );
	371	$search_terms = bp_esc_like( wp_kses_normalize_entities( $search_terms ) );
372	372
373	373	if ( $search_wildcard === 'left' ) {

trunk/src/bp-templates/bp-legacy/buddypress-functions.php

r8828	r8928
537	537	$object_search_text = bp_get_search_default_text( $object );
538	538	if ( ! empty( $_POST['search_terms'] ) && $object_search_text != $_POST['search_terms'] && 'false' != $_POST['search_terms'] && 'undefined' != $_POST['search_terms'] )
539		$qs[] = 'search_terms=' . ~~$_POST['search_terms']~~;
	539	$qs[] = 'search_terms=' . urlencode( $_POST['search_terms'] );
540	540
541	541	// Now pass the querystring to override default values.

trunk/src/bp-xprofile/bp-xprofile-functions.php

r8811	r8928
686	686	$bp = buddypress();
687	687
688		$search_terms_clean = bp_esc_like( ~~$query->query_vars['search_terms']~~ );
	688	$search_terms_clean = bp_esc_like( wp_kses_normalize_entities( $query->query_vars['search_terms'] ) );
689	689
690	690	if ( $query->query_vars['search_wildcard'] === 'left' ) {

trunk/tests/phpunit/testcases/core/class-bp-user-query.php

-                      r8675
+                      r8928
+    }
+    public function test_bp_user_query_search_with_ampersand_sign() {
+        // LIKE special character: &
+        $user_id = $this->create_user();
+        xprofile_set_field_data( 1, $user_id, "a&mpersand" );
+        $q = new BP_User_Query( array( 'search_terms' => "a&m", ) );
+        $found_user_id = null;
+        if ( ! empty( $q->results ) ) {
+            $found_user = array_pop( $q->results );
+            $found_user_id = $found_user->ID;
+        }
+        $this->assertEquals( $user_id, $found_user_id );
+    }
     /**
      * @group search_terms

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

BuddyPress.org