Context Navigation

← Previous Ticket
Next Ticket →

#8576 closed enhancement (fixed)

Sanitize all possible Sort/Order variables

Reported by:	espellcaste	Owned by:	espellcaste
Milestone:	10.0.0	Priority:	normal
Severity:	normal	Version:
Component:	Core	Keywords:	has-patch has-unit-tests commit
Cc:

Description

BuddyPress is not consistent on how it escapes ORDER BY (ASC/DESC) values provided by the developers/users. This ticket changes that by using the bp_esc_sql_order helper function where possible.

Attachments (1)

8576.diff (17.4 KB) - added by espellcaste 3 years ago.

Download all attachments as: .zip

Change History (3)

@espellcaste
3 years ago

Attachment 8576.diff added

#1 @imath
3 years ago

Keywords commit added

Looks good! Thanks for your work on it 👏

#2 @espellcaste
3 years ago

Resolution set to fixed
Status changed from assigned to closed

In 13147:

Sanitize all ORDER BY (ASC/DESC) values using the bp_esc_sql_order helper function where possible.

BuddyPress is not consistent on how it escapes ORDER BY (ASC/DESC) values provided by the developers/users. This commit improves that by using the bp_esc_sql_order helper function where possible.

Props imath

Fixes #8576

Note: See TracTickets for help on using tickets.

Trac UI Preferences

Download in other formats:

BuddyPress.org