Changeset 8928 for trunk/src/bp-xprofile/bp-xprofile-functions.php

Timestamp:

08/16/2014 12:03:53 PM (11 years ago)

Author:

imath

Message:

Make sure BP_User_Query returns correct results when search term contains the Ampersand character

1. Search terms containing this character was problematic as the "&" is a query var delimiter used in bp_legacy_theme_ajax_querystring() to build the ajax querystring

2. When a xProfile field is saved, the value is sanitized using the xprofile_filter_kses() filter which is converting "&" to "&" before inserting the value in database.

Urlencoding the search terms in bp_legacy_theme_ajax_querystring() and applying wp_kses_normalize_entities() to search terms in BP_User_Query & in bp_xprofile_bp_user_query_search() make sure the correct results are returned to the user.

Fixes #5694

File:

• trunk/src/bp-xprofile/bp-xprofile-functions.php (modified) (1 diff)

trunk/src/bp-xprofile/bp-xprofile-functions.php

@@ -686 +686 @@
     $bp = buddypress();
 
-    $search_terms_clean = bp_esc_like( $query->query_vars['search_terms'] );
+    $search_terms_clean = bp_esc_like( wp_kses_normalize_entities( $query->query_vars['search_terms'] ) );
 
     if ( $query->query_vars['search_wildcard'] === 'left' ) {