[buddypress-trac] [BuddyPress Trac] #5649: Missing argument 2 in bp-xprofile-classes
buddypress-trac
noreply at wordpress.org
Sun May 18 11:03:26 UTC 2014
#5649: Missing argument 2 in bp-xprofile-classes
--------------------------+------------------
Reporter: danbp | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.1
Component: XProfile | Version: 1.5
Severity: normal | Resolution:
Keywords: has-patch |
--------------------------+------------------
Changes (by imath):
* keywords: => has-patch
* version: => 1.5
* component: Members => XProfile
* milestone: 2.0.1 => 2.1
Comment:
Thanks danbp for the feedback.
The problem is $wpdb->prepare is waiting for a placeholder. For instance,
if you want to prepare a query that has a string as argument, you need to
use the {{{%s}}} placeholder, for an integer it's {{{%d}}}. An example is
line 154 of the file you're referring to. The placeholder is {{{%d}}}
because we're looking for a specific profile group id :
{{{$where_sql = $wpdb->prepare( 'WHERE g.id = %d', $profile_group_id );}}}
So your patch will send a notice because you don't include the
placeholder.
Now in the case of 'exclude groups' it's a comma separated list of profile
group ids. So i think we should sanitize it in another way using
{{{wp_parse_id_list()}}} see patch 5649.patch.
This was already there in 1.5, so it's not a regression introduced in 2.0.
I suggest to fix this in 2.1.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/5649#comment:2>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list