Skip to:
Content

BuddyPress.org

Opened 5 years ago

Closed 3 years ago

Last modified 3 years ago

#6157 closed defect (bug) (fixed)

Notice: wpdb::escape is deprecated since version 3.6! Use wpdb::prepare() or esc_sql() instead.

Reported by: spenser4551 Owned by: djpaul
Milestone: 2.7 Priority: low
Severity: normal Version: 1.1
Component: Forums Keywords: needs-patch good-first-bug
Cc:

Description

File: wp-content/plugins/buddypress/bp-forums/bp-forums-bbpress-sa.php

                 /**
		 * Stub for escape_deep() compatibility.
		 *
		 * @see WPDB::escape_deep() for description of parameters and
		 *      return values.
		 *
		 * @param mixed $data See {@link WPDB::escape_deep()}.
		 * @return mixed $data See {@link WPDB::escape_deep()}.
		 */
		function escape_deep( $data ) {
			return $this->escape( $data );
		}

Change History (9)

#1 @spenser4551
5 years ago

Change to:

function escape_deep( $data ) {
    return esc_sql( $data );
}

#2 @johnjamesjacoby
5 years ago

  • Keywords reporter-feedback added
  • Milestone changed from Awaiting Review to 2.3
  • Priority changed from normal to low
  • Severity changed from normal to major
  • Version changed from 2.0.3 to 1.1

Can you confirm that the retired forums still function with this change? I recall esc_sql() not being functionally equivalent to WPDB::escape_deep().

This is going to be a low priority fix for us, but I'd like to get it resolved in 2.3 so it's safe.

#3 @thebrandonallen
5 years ago

Just to throw this out there. This is one of many deprecation and PHP notices that show up with the legacy forums component. A good number of them are related to the bbPress 1.x branch. I say we either fix them all (which I'll be happy to work on), or leave them as-is. Unless, of course, they're bringing upon the wrath of the white screen.

Can you confirm that the retired forums still function with this change? I recall esc_sql() not being functionally equivalent to WPDB::escape_deep().

They are functionally equivalent, but I haven't tested yet to be sure.

#4 @spenser4551
5 years ago

Same functionally equivalent, I have changed it on my dev server and so far no errors, but I am fairly new to Buddypress so not sure if I am hitting of its use cases. Also it's not causing a white screen, however on the development and production server we make sure there are no errors happening, even notices due to our SLA and for debugging/ error capturing. Since if there is an error log we know it's actually a problem and not juse notices.

#5 @DJPaul
5 years ago

Our bbdb class extends wpdb, and we implement wpdb->escape_deep -- which calls wpdb->escape -> _weak_escape -> addslashes -- because old bbPress' original bbdb class had the method.

wpdb->escape's documentation says to use either wpdb->prepare or esc_sql. I agree that esc_sql is appropriate here.

#6 @DJPaul
5 years ago

  • Keywords good-first-bug added

[]

#7 @DJPaul
4 years ago

  • Keywords reporter-feedback removed
  • Milestone changed from 2.3 to Future Release
  • Severity changed from major to normal

#8 @djpaul
3 years ago

  • Owner set to djpaul
  • Resolution set to fixed
  • Status changed from new to closed

In 10957:

Forums: fix use of deprecated SQL escaping function in legacy forums integration code.

Fixes #6157

Props spenser4551

#9 @DJPaul
3 years ago

  • Milestone changed from Future Release to 2.7
Note: See TracTickets for help on using tickets.