<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" /><style type="text/css"><!--
#msg dl { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fc0 solid; padding: 6px; }
#msg ul, pre { overflow: auto; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<title>[BuddyPress] [2052] branches/1.1: Fixes #1223 props DJPaul</title>
</head>
<body>
<div id="msg">
<dl>
<dt>Revision</dt> <dd>2052</dd>
<dt>Author</dt> <dd>apeatling</dd>
<dt>Date</dt> <dd>2009-10-22 17:06:04 +0000 (Thu, 22 Oct 2009)</dd>
</dl>
<h3>Log Message</h3>
<pre>Fixes #1223 props DJPaul</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branches11bpactivitybpactivityfiltersphp">branches/1.1/bp-activity/bp-activity-filters.php</a></li>
<li><a href="#branches11bpactivitybpactivitytemplatetagsphp">branches/1.1/bp-activity/bp-activity-templatetags.php</a></li>
<li><a href="#branches11bpblogsbpblogsclassesphp">branches/1.1/bp-blogs/bp-blogs-classes.php</a></li>
<li><a href="#branches11bpcorebpcoreclassesphp">branches/1.1/bp-core/bp-core-classes.php</a></li>
<li><a href="#branches11bpfriendsbpfriendsclassesphp">branches/1.1/bp-friends/bp-friends-classes.php</a></li>
<li><a href="#branches11bpgroupsbpgroupsclassesphp">branches/1.1/bp-groups/bp-groups-classes.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="branches11bpactivitybpactivityfiltersphp"></a>
<div class="modfile"><h4>Modified: branches/1.1/bp-activity/bp-activity-filters.php (2051 => 2052)</h4>
<pre class="diff"><span>
<span class="info">--- branches/1.1/bp-activity/bp-activity-filters.php        2009-10-22 12:39:39 UTC (rev 2051)
+++ branches/1.1/bp-activity/bp-activity-filters.php        2009-10-22 17:06:04 UTC (rev 2052)
</span><span class="lines">@@ -2,6 +2,8 @@
</span><span class="cx">
</span><span class="cx"> /* Apply WordPress defined filters */
</span><span class="cx"> add_filter( 'bp_get_activity_content', 'bp_activity_filter_kses', 1 );
</span><ins>+add_filter( 'bp_get_activity_content', 'bp_activity_filter_kses', 1 );
+
</ins><span class="cx"> add_filter( 'bp_get_activity_content', 'force_balance_tags' );
</span><span class="cx"> add_filter( 'bp_get_activity_content', 'wptexturize' );
</span><span class="cx"> add_filter( 'bp_get_activity_content', 'convert_smilies' );
</span></span></pre></div>
<a id="branches11bpactivitybpactivitytemplatetagsphp"></a>
<div class="modfile"><h4>Modified: branches/1.1/bp-activity/bp-activity-templatetags.php (2051 => 2052)</h4>
<pre class="diff"><span>
<span class="info">--- branches/1.1/bp-activity/bp-activity-templatetags.php        2009-10-22 12:39:39 UTC (rev 2051)
+++ branches/1.1/bp-activity/bp-activity-templatetags.php        2009-10-22 17:06:04 UTC (rev 2052)
</span><span class="lines">@@ -351,6 +351,8 @@
</span><span class="cx">                                 $selected = ' class="selected"';
</span><span class="cx">                         else
</span><span class="cx">                                 unset($selected);
</span><ins>+                        
+                        $component_name = attribute_escape( $component_name );
</ins><span class="cx">
</span><span class="cx">                         switch ( $style ) {
</span><span class="cx">                                 case 'list':
</span><span class="lines">@@ -378,13 +380,13 @@
</span><span class="cx">                         /* Make sure all core internal component names are translatable */
</span><span class="cx">                         $translatable_component_names = array( __( 'profile', 'buddypress'), __( 'friends', 'buddypress' ), __( 'groups', 'buddypress' ), __( 'status', 'buddypress' ), __( 'blogs', 'buddypress' ) );
</span><span class="cx">                         
</span><del>-                        $component_links[] = $before . '<a href="' . $link . '">' . ucwords( __( $component_name, 'buddypress' ) ) . '</a>' . $after;
</del><ins>+                        $component_links[] = $before . '<a href="' . attribute_escape( $link ) . '">' . ucwords( __( $component_name, 'buddypress' ) ) . '</a>' . $after;
</ins><span class="cx">                 }
</span><span class="cx">
</span><span class="cx">                 $link = remove_query_arg( 'afilter' , $link );
</span><span class="cx">
</span><span class="cx">                 if ( isset( $_GET['afilter'] ) )
</span><del>-                        $component_links[] = '<' . $tag . ' id="afilter-clear"><a href="' . $link . '"">' . __( 'Clear Filter', 'buddypress' ) . '</a></' . $tag . '>';
</del><ins>+                        $component_links[] = '<' . $tag . ' id="afilter-clear"><a href="' . attribute_escape( $link ) . '"">' . __( 'Clear Filter', 'buddypress' ) . '</a></' . $tag . '>';
</ins><span class="cx">                 
</span><span class="cx">                 return apply_filters( 'bp_get_activity_filter_links', implode( "\n", $component_links ) );
</span><span class="cx">         }
</span></span></pre></div>
<a id="branches11bpblogsbpblogsclassesphp"></a>
<div class="modfile"><h4>Modified: branches/1.1/bp-blogs/bp-blogs-classes.php (2051 => 2052)</h4>
<pre class="diff"><span>
<span class="info">--- branches/1.1/bp-blogs/bp-blogs-classes.php        2009-10-22 12:39:39 UTC (rev 2051)
+++ branches/1.1/bp-blogs/bp-blogs-classes.php        2009-10-22 17:06:04 UTC (rev 2052)
</span><span class="lines">@@ -180,7 +180,7 @@
</span><span class="cx">                 if ( !$bp->blogs )
</span><span class="cx">                         bp_blogs_setup_globals();
</span><span class="cx">                 
</span><del>-                like_escape( $wpdb->escape( $letter ) );
</del><ins>+                $letter = like_escape( $wpdb->escape( $letter ) );
</ins><span class="cx">                                 
</span><span class="cx">                 if ( $limit && $page ) {
</span><span class="cx">                         $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span><span class="lines">@@ -198,7 +198,7 @@
</span><span class="cx">                 if ( !$bp->blogs )
</span><span class="cx">                         bp_blogs_setup_globals();
</span><span class="cx">                 
</span><del>-                like_escape( $wpdb->escape( $filter ) );
</del><ins>+                $filter = like_escape( $wpdb->escape( $filter ) );
</ins><span class="cx">                 
</span><span class="cx">                 if ( $limit && $page ) {
</span><span class="cx">                         $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span></span></pre></div>
<a id="branches11bpcorebpcoreclassesphp"></a>
<div class="modfile"><h4>Modified: branches/1.1/bp-core/bp-core-classes.php (2051 => 2052)</h4>
<pre class="diff"><span>
<span class="info">--- branches/1.1/bp-core/bp-core-classes.php        2009-10-22 12:39:39 UTC (rev 2051)
+++ branches/1.1/bp-core/bp-core-classes.php        2009-10-22 17:06:04 UTC (rev 2052)
</span><span class="lines">@@ -219,7 +219,7 @@
</span><span class="cx">                 if ( strlen($letter) > 1 || is_numeric($letter) || !$letter )
</span><span class="cx">                         return false;
</span><span class="cx">                 
</span><del>-                like_escape( $wpdb->escape( $letter ) );
</del><ins>+                $letter = like_escape( $wpdb->escape( $letter ) );
</ins><span class="cx">
</span><span class="cx">                 $total_users_sql = apply_filters( 'bp_core_users_by_letter_count_sql', $wpdb->prepare( "SELECT DISTINCT count(u.ID) FROM " . CUSTOM_USER_TABLE . " u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id LEFT JOIN {$bp->profile->table_name_fields} pf ON pd.field_id = pf.id WHERE u.spam = 0 AND u.deleted = 0 AND u.user_status = 0 AND pf.name = %s AND pd.value LIKE '$letter%%' ORDER BY pd.value ASC", BP_XPROFILE_FULLNAME_FIELD_NAME ), $letter );
</span><span class="cx">                 $paged_users_sql = apply_filters( 'bp_core_users_by_letter_sql', $wpdb->prepare( "SELECT DISTINCT u.ID as user_id FROM " . CUSTOM_USER_TABLE . " u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id LEFT JOIN {$bp->profile->table_name_fields} pf ON pd.field_id = pf.id WHERE u.spam = 0 AND u.deleted = 0 AND u.user_status = 0 AND pf.name = %s AND pd.value LIKE '$letter%%' ORDER BY pd.value ASC{$pag_sql}", BP_XPROFILE_FULLNAME_FIELD_NAME ), $letter, $pag_sql );
</span><span class="lines">@@ -239,7 +239,7 @@
</span><span class="cx">                 if ( $limit && $page )
</span><span class="cx">                         $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span><span class="cx">                 
</span><del>-                like_escape( $wpdb->escape( $search_terms ) );        
</del><ins>+                $search_terms = like_escape( $wpdb->escape( $search_terms ) );        
</ins><span class="cx">
</span><span class="cx">                 $total_users_sql = apply_filters( 'bp_core_search_users_count_sql', "SELECT DISTINCT count(u.ID) as user_id FROM " . CUSTOM_USER_TABLE . " u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id WHERE u.spam = 0 AND u.deleted = 0 AND u.user_status = 0 AND pd.value LIKE '%%$search_terms%%' ORDER BY pd.value ASC", $search_terms );
</span><span class="cx">                 $paged_users_sql = apply_filters( 'bp_core_search_users_sql', "SELECT DISTINCT u.ID as user_id FROM " . CUSTOM_USER_TABLE . " u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id WHERE u.spam = 0 AND u.deleted = 0 AND u.user_status = 0 AND pd.value LIKE '%%$search_terms%%' ORDER BY pd.value ASC{$pag_sql}", $search_terms, $pag_sql );
</span></span></pre></div>
<a id="branches11bpfriendsbpfriendsclassesphp"></a>
<div class="modfile"><h4>Modified: branches/1.1/bp-friends/bp-friends-classes.php (2051 => 2052)</h4>
<pre class="diff"><span>
<span class="info">--- branches/1.1/bp-friends/bp-friends-classes.php        2009-10-22 12:39:39 UTC (rev 2051)
+++ branches/1.1/bp-friends/bp-friends-classes.php        2009-10-22 17:06:04 UTC (rev 2052)
</span><span class="lines">@@ -149,7 +149,7 @@
</span><span class="cx">                 if ( !$user_id )
</span><span class="cx">                         $user_id = $bp->loggedin_user->id;
</span><span class="cx">                 
</span><del>-                like_escape( $wpdb->escape( $filter ) );
</del><ins>+                $filter = like_escape( $wpdb->escape( $filter ) );
</ins><span class="cx">                 
</span><span class="cx">                 if ( $limit && $page )
</span><span class="cx">                         $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span><span class="lines">@@ -221,7 +221,7 @@
</span><span class="cx">         function search_users( $filter, $user_id, $limit = null, $page = null ) {
</span><span class="cx">                 global $wpdb, $bp;
</span><span class="cx">                 
</span><del>-                like_escape( $wpdb->escape( $filter ) );
</del><ins>+                $filter = like_escape( $wpdb->escape( $filter ) );
</ins><span class="cx">                 $usermeta_table = $wpdb->base_prefix . 'usermeta';
</span><span class="cx">                 $users_table = $wpdb->base_prefix . 'users';
</span><span class="cx">
</span><span class="lines">@@ -246,7 +246,7 @@
</span><span class="cx">         function search_users_count( $filter ) {
</span><span class="cx">                 global $wpdb, $bp;
</span><span class="cx">                 
</span><del>-                like_escape( $wpdb->escape( $filter ) );
</del><ins>+                $filter = like_escape( $wpdb->escape( $filter ) );
</ins><span class="cx">                 $usermeta_table = $wpdb->prefix . 'usermeta';
</span><span class="cx">                 $users_table = $wpdb->base_prefix . 'users';
</span><span class="cx">                 
</span></span></pre></div>
<a id="branches11bpgroupsbpgroupsclassesphp"></a>
<div class="modfile"><h4>Modified: branches/1.1/bp-groups/bp-groups-classes.php (2051 => 2052)</h4>
<pre class="diff"><span>
<span class="info">--- branches/1.1/bp-groups/bp-groups-classes.php        2009-10-22 12:39:39 UTC (rev 2051)
+++ branches/1.1/bp-groups/bp-groups-classes.php        2009-10-22 17:06:04 UTC (rev 2052)
</span><span class="lines">@@ -246,7 +246,7 @@
</span><span class="cx">                 if ( !$user_id )
</span><span class="cx">                         $user_id = $bp->displayed_user->id;
</span><span class="cx">                 
</span><del>-                like_escape( $wpdb->escape( $filter ) );
</del><ins>+                $filter = like_escape( $wpdb->escape( $filter ) );
</ins><span class="cx">                 
</span><span class="cx">                 if ( $limit && $page )
</span><span class="cx">                         $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span><span class="lines">@@ -268,7 +268,7 @@
</span><span class="cx">         function search_groups( $filter, $limit = null, $page = null, $sort_by = false, $order = false ) {
</span><span class="cx">                 global $wpdb, $bp;
</span><span class="cx">                 
</span><del>-                like_escape( $wpdb->escape( $filter ) );
</del><ins>+                $filter = like_escape( $wpdb->escape( $filter ) );
</ins><span class="cx">                 
</span><span class="cx">                 if ( $limit && $page )
</span><span class="cx">                         $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span><span class="lines">@@ -462,8 +462,8 @@
</span><span class="cx">                 if ( !is_site_admin() )
</span><span class="cx">                         $hidden_sql = $wpdb->prepare( " AND status != 'hidden'");
</span><span class="cx">                 
</span><del>-                like_escape( $wpdb->escape( $letter ) );
-                                
</del><ins>+                $letter = like_escape( $wpdb->escape( $letter ) );
+
</ins><span class="cx">                 if ( $limit && $page ) {
</span><span class="cx">                         $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span><span class="cx">                         $total_groups = $wpdb->get_var( $wpdb->prepare( "SELECT count(id) FROM {$bp->groups->table_name} WHERE name LIKE '$letter%%' {$hidden_sql} ORDER BY name ASC" ) );
</span><span class="lines">@@ -698,7 +698,7 @@
</span><span class="cx">                         $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span><span class="cx">
</span><span class="cx">                 if ( $filter ) {
</span><del>-                        like_escape( $wpdb->escape( $filter ) );
</del><ins>+                        $filter = like_escape( $wpdb->escape( $filter ) );
</ins><span class="cx">                         $filter_sql = " AND ( g.name LIKE '{$filter}%%' OR g.description LIKE '{$filter}%%' )";                        
</span><span class="cx">                 }
</span><span class="cx">
</span><span class="lines">@@ -738,7 +738,7 @@
</span><span class="cx">                         $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span><span class="cx">                         
</span><span class="cx">                 if ( $filter ) {
</span><del>-                        like_escape( $wpdb->escape( $filter ) );
</del><ins>+                        $filter = like_escape( $wpdb->escape( $filter ) );
</ins><span class="cx">                         $filter_sql = " AND ( g.name LIKE '{$filter}%%' OR g.description LIKE '{$filter}%%' )";                        
</span><span class="cx">                 }
</span><span class="cx">
</span><span class="lines">@@ -758,7 +758,7 @@
</span><span class="cx">                         $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span><span class="cx">
</span><span class="cx">                 if ( $filter ) {
</span><del>-                        like_escape( $wpdb->escape( $filter ) );
</del><ins>+                        $filter = like_escape( $wpdb->escape( $filter ) );
</ins><span class="cx">                         $filter_sql = " AND ( g.name LIKE '{$filter}%%' OR g.description LIKE '{$filter}%%' )";                        
</span><span class="cx">                 }
</span><span class="cx">
</span><span class="lines">@@ -778,7 +778,7 @@
</span><span class="cx">                         $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span><span class="cx">
</span><span class="cx">                 if ( $filter ) {
</span><del>-                        like_escape( $wpdb->escape( $filter ) );
</del><ins>+                        $filter = like_escape( $wpdb->escape( $filter ) );
</ins><span class="cx">                         $filter_sql = " AND ( g.name LIKE '{$filter}%%' OR g.description LIKE '{$filter}%%' )";                        
</span><span class="cx">                 }
</span><span class="cx">
</span><span class="lines">@@ -798,7 +798,7 @@
</span><span class="cx">                         $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span><span class="cx">
</span><span class="cx">                 if ( $filter ) {
</span><del>-                        like_escape( $wpdb->escape( $filter ) );
</del><ins>+                        $filter = like_escape( $wpdb->escape( $filter ) );
</ins><span class="cx">                         $filter_sql = " AND ( g.name LIKE '{$filter}%%' OR g.description LIKE '{$filter}%%' )";                        
</span><span class="cx">                 }
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>