Changeset 9073
- Timestamp:
- 10/08/2014 02:14:29 PM (10 years ago)
- Location:
- trunk
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/bp-core/bp-core-filters.php
r9001 r9073 604 604 */ 605 605 function bp_filter_metaid_column_name( $q ) { 606 return str_replace( 'meta_id', 'id', $q ); 606 /* 607 * Replace quoted content with __QUOTE__ to avoid false positives. 608 * This regular expression will match nested quotes. 609 */ 610 $quoted_regex = "/'[^'\\\\]*(?:\\\\.[^'\\\\]*)*'/s"; 611 preg_match_all( $quoted_regex, $q, $quoted_matches ); 612 $q = preg_replace( $quoted_regex, '__QUOTE__', $q ); 613 614 $q = str_replace( 'meta_id', 'id', $q ); 615 616 // Put quoted content back into the string. 617 if ( ! empty( $quoted_matches[0] ) ) { 618 for ( $i = 0; $i < count( $quoted_matches[0] ); $i++ ) { 619 $quote_pos = strpos( $q, '__QUOTE__' ); 620 $q = substr_replace( $q, $quoted_matches[0][ $i ], $quote_pos, 9 ); 621 } 622 } 623 624 return $q; 607 625 } 608 626 -
trunk/src/bp-xprofile/bp-xprofile-filters.php
r8815 r9073 336 336 global $wpdb; 337 337 338 $raw_q = $q; 339 340 /* 341 * Replace quoted content with __QUOTE__ to avoid false positives. 342 * This regular expression will match nested quotes. 343 */ 344 $quoted_regex = "/'[^'\\\\]*(?:\\\\.[^'\\\\]*)*'/s"; 345 preg_match_all( $quoted_regex, $q, $quoted_matches ); 346 $q = preg_replace( $quoted_regex, '__QUOTE__', $q ); 347 338 348 // Get the first word of the command 339 349 preg_match( '/^(\S+)/', $q, $first_word_matches ); 340 350 341 351 if ( empty( $first_word_matches[0] ) ) { 342 return $ q;352 return $raw_q; 343 353 } 344 354 … … 347 357 348 358 if ( empty( $matches[0] ) || empty( $matches[1] ) ) { 349 return $ q;359 return $raw_q; 350 360 } 351 361 … … 416 426 } 417 427 428 // Put quoted content back into the string. 429 if ( ! empty( $quoted_matches[0] ) ) { 430 for ( $i = 0; $i < count( $quoted_matches[0] ); $i++ ) { 431 $quote_pos = strpos( $q, '__QUOTE__' ); 432 $q = substr_replace( $q, $quoted_matches[0][ $i ], $quote_pos, 9 ); 433 } 434 } 435 418 436 return $q; 419 437 } -
trunk/tests/phpunit/testcases/xprofile/functions.php
r8987 r9073 474 474 /** 475 475 * @group xprofilemeta 476 * @group bp_xprofile_update_meta 477 * @ticket BP5919 478 */ 479 public function test_bp_xprofile_update_meta_where_sql_filter_keywords_are_in_quoted_value() { 480 $g = $this->factory->xprofile_group->create(); 481 $value = "SELECT object_id FROM wp_bp_xprofile_groups WHERE \"foo\" VALUES (foo = 'bar'"; 482 bp_xprofile_add_meta( $g, 'group', 'foo', 'bar' ); 483 bp_xprofile_update_meta( $g, 'group', 'foo', $value ); 484 $this->assertSame( $value, bp_xprofile_get_meta( $g, 'group', 'foo' ) ); 485 } 486 487 /** 488 * @group xprofilemeta 489 * @group bp_xprofile_update_meta 490 * @ticket BP5919 491 */ 492 public function test_bp_xprofile_update_meta_where_meta_id_is_in_quoted_value() { 493 $g = $this->factory->xprofile_group->create(); 494 $value = "foo meta_id bar"; 495 bp_xprofile_add_meta( $g, 'group', 'foo', 'bar' ); 496 bp_xprofile_update_meta( $g, 'group', 'foo', $value ); 497 $this->assertSame( $value, bp_xprofile_get_meta( $g, 'group', 'foo' ) ); 498 } 499 500 /** 501 * @group xprofilemeta 476 502 * @group bp_xprofile_add_meta 477 503 */
Note: See TracChangeset
for help on using the changeset viewer.