Skip to:
Content

BuddyPress.org

Opened 15 years ago

Closed 15 years ago

#1551 closed defect (bug) (fixed)

's' search term breaks groups search

Reported by: dpolant's profile dpolant Owned by:
Milestone: 1.2 Priority: major
Severity: Version:
Component: Keywords: letter, group, search
Cc:

Description

Search terms in the group search that start with 's' are breaking the search. I believe what is happening is that the part that on line 285 %%$filter%% is becoming %s and so $wpdb->prepare() is breaking when it can't find an argument to throw into that string placeholder.

I have detected this problem on testbp.org and what I believe is a clean installation of 1.1.3.

Change History (4)

#1 @dpolant
15 years ago

Changing the search_groups method as shown below solved this problem for me. I had to take out $wpdb->prepare(), but I think it is still secure code because of $wpdb->escape on the $filter variable. Essentially it mirrors the search_users method found in bp-core-classes.

function search_groups( $filter, $limit = null, $page = null, $sort_by = false, $order = false ) {
		global $wpdb, $bp;

		$filter = like_escape( $wpdb->escape( $filter ) );

		if ( $limit && $page )
			$pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );

		if ( $sort_by && $order ) {
			$sort_by = $wpdb->escape( $sort_by );
			$order = $wpdb->escape( $order );
			$order_sql = "ORDER BY $sort_by $order";
		}

		if ( !is_site_admin() )
			$hidden_sql = "AND status != 'hidden'";
			
		$paged_groups_sql = apply_filters( 'bp_groups_search_groups_paged_sql', "SELECT id as group_id FROM {$bp->groups->table_name} WHERE ( name LIKE '%%$filter%%' OR description LIKE '%%$filter%%' ) {$hidden_sql} {$order_sql} {$pag_sql}", $filter );
		$total_groups_sql = apply_filters( 'bp_groups_search_groups_total_sql', "SELECT COUNT(id) FROM {$bp->groups->table_name} WHERE ( name LIKE '%%$filter%%' OR description LIKE '%%$filter%%' ) {$hidden_sql}", $filter );
		
		$paged_groups = $wpdb->get_results( $paged_groups_sql );
		$total_groups = $wpdb->get_var( $total_groups_sql );

		return array( 'groups' => $paged_groups, 'total' => $total_groups );
	}

Does everyone agree that this is secure enough?

#2 @apeatling
15 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [2324]) Fixes #1551 - 's' search term breaks search

#3 @haloid
15 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

Still can't search. Examples: "see", "support", "some", "source"

#4 @apeatling
15 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [2576]) Fixes #1551 - also safeguarded all foreach loops with an array typecast.

Note: See TracTickets for help on using tickets.