<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" /><style type="text/css"><!--
#msg dl { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fc0 solid; padding: 6px; }
#msg ul, pre { overflow: auto; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<title>[BuddyPress] [2047] branches/1.1: Fixes #1223</title>
</head>
<body>
<div id="msg">
<dl>
<dt>Revision</dt> <dd>2047</dd>
<dt>Author</dt> <dd>apeatling</dd>
<dt>Date</dt> <dd>2009-10-22 12:01:36 +0000 (Thu, 22 Oct 2009)</dd>
</dl>
<h3>Log Message</h3>
<pre>Fixes #1223</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branches11bpblogsbpblogsclassesphp">branches/1.1/bp-blogs/bp-blogs-classes.php</a></li>
<li><a href="#branches11bpcorebpcoreclassesphp">branches/1.1/bp-core/bp-core-classes.php</a></li>
<li><a href="#branches11bpcorephp">branches/1.1/bp-core.php</a></li>
<li><a href="#branches11bpfriendsbpfriendsclassesphp">branches/1.1/bp-friends/bp-friends-classes.php</a></li>
<li><a href="#branches11bpgroupsbpgroupsclassesphp">branches/1.1/bp-groups/bp-groups-classes.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="branches11bpblogsbpblogsclassesphp"></a>
<div class="modfile"><h4>Modified: branches/1.1/bp-blogs/bp-blogs-classes.php (2046 => 2047)</h4>
<pre class="diff"><span>
<span class="info">--- branches/1.1/bp-blogs/bp-blogs-classes.php        2009-10-08 14:11:05 UTC (rev 2046)
+++ branches/1.1/bp-blogs/bp-blogs-classes.php        2009-10-22 12:01:36 UTC (rev 2047)
</span><span class="lines">@@ -180,7 +180,7 @@
</span><span class="cx">                 if ( !$bp->blogs )
</span><span class="cx">                         bp_blogs_setup_globals();
</span><span class="cx">                 
</span><del>-                like_escape($letter);
</del><ins>+                like_escape( $wpdb->escape( $letter ) );
</ins><span class="cx">                                 
</span><span class="cx">                 if ( $limit && $page ) {
</span><span class="cx">                         $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span><span class="lines">@@ -198,7 +198,7 @@
</span><span class="cx">                 if ( !$bp->blogs )
</span><span class="cx">                         bp_blogs_setup_globals();
</span><span class="cx">                 
</span><del>-                like_escape($filter);
</del><ins>+                like_escape( $wpdb->escape( $filter ) );
</ins><span class="cx">                 
</span><span class="cx">                 if ( $limit && $page ) {
</span><span class="cx">                         $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span></span></pre></div>
<a id="branches11bpcorebpcoreclassesphp"></a>
<div class="modfile"><h4>Modified: branches/1.1/bp-core/bp-core-classes.php (2046 => 2047)</h4>
<pre class="diff"><span>
<span class="info">--- branches/1.1/bp-core/bp-core-classes.php        2009-10-08 14:11:05 UTC (rev 2046)
+++ branches/1.1/bp-core/bp-core-classes.php        2009-10-22 12:01:36 UTC (rev 2047)
</span><span class="lines">@@ -219,7 +219,7 @@
</span><span class="cx">                 if ( strlen($letter) > 1 || is_numeric($letter) || !$letter )
</span><span class="cx">                         return false;
</span><span class="cx">                 
</span><del>-                like_escape($letter);
</del><ins>+                like_escape( $wpdb->escape( $letter ) );
</ins><span class="cx">
</span><span class="cx">                 $total_users_sql = apply_filters( 'bp_core_users_by_letter_count_sql', $wpdb->prepare( "SELECT DISTINCT count(u.ID) FROM " . CUSTOM_USER_TABLE . " u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id LEFT JOIN {$bp->profile->table_name_fields} pf ON pd.field_id = pf.id WHERE u.spam = 0 AND u.deleted = 0 AND u.user_status = 0 AND pf.name = %s AND pd.value LIKE '$letter%%' ORDER BY pd.value ASC", BP_XPROFILE_FULLNAME_FIELD_NAME ), $letter );
</span><span class="cx">                 $paged_users_sql = apply_filters( 'bp_core_users_by_letter_sql', $wpdb->prepare( "SELECT DISTINCT u.ID as user_id FROM " . CUSTOM_USER_TABLE . " u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id LEFT JOIN {$bp->profile->table_name_fields} pf ON pd.field_id = pf.id WHERE u.spam = 0 AND u.deleted = 0 AND u.user_status = 0 AND pf.name = %s AND pd.value LIKE '$letter%%' ORDER BY pd.value ASC{$pag_sql}", BP_XPROFILE_FULLNAME_FIELD_NAME ), $letter, $pag_sql );
</span><span class="lines">@@ -239,7 +239,7 @@
</span><span class="cx">                 if ( $limit && $page )
</span><span class="cx">                         $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span><span class="cx">                 
</span><del>-                like_escape($search_terms);        
</del><ins>+                like_escape( $wpdb->escape( $search_terms ) );        
</ins><span class="cx">
</span><span class="cx">                 $total_users_sql = apply_filters( 'bp_core_search_users_count_sql', "SELECT DISTINCT count(u.ID) as user_id FROM " . CUSTOM_USER_TABLE . " u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id WHERE u.spam = 0 AND u.deleted = 0 AND u.user_status = 0 AND pd.value LIKE '%%$search_terms%%' ORDER BY pd.value ASC", $search_terms );
</span><span class="cx">                 $paged_users_sql = apply_filters( 'bp_core_search_users_sql', "SELECT DISTINCT u.ID as user_id FROM " . CUSTOM_USER_TABLE . " u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id WHERE u.spam = 0 AND u.deleted = 0 AND u.user_status = 0 AND pd.value LIKE '%%$search_terms%%' ORDER BY pd.value ASC{$pag_sql}", $search_terms, $pag_sql );
</span></span></pre></div>
<a id="branches11bpcorephp"></a>
<div class="modfile"><h4>Modified: branches/1.1/bp-core.php (2046 => 2047)</h4>
<pre class="diff"><span>
<span class="info">--- branches/1.1/bp-core.php        2009-10-08 14:11:05 UTC (rev 2046)
+++ branches/1.1/bp-core.php        2009-10-22 12:01:36 UTC (rev 2047)
</span><span class="lines">@@ -65,6 +65,10 @@
</span><span class="cx"> /* Define the slug for the search page */
</span><span class="cx"> if ( !defined( 'BP_HOME_BLOG_SLUG' ) )
</span><span class="cx">         define( 'BP_HOME_BLOG_SLUG', 'blog' );
</span><ins>+        
+/* Register BuddyPress themes contained within the theme folder */
+if ( function_exists( 'register_theme_folder' ) )
+        register_theme_folder( 'buddypress/bp-themes' );
</ins><span class="cx">
</span><span class="cx">
</span><span class="cx"> /* "And now for something completely different" .... */
</span></span></pre></div>
<a id="branches11bpfriendsbpfriendsclassesphp"></a>
<div class="modfile"><h4>Modified: branches/1.1/bp-friends/bp-friends-classes.php (2046 => 2047)</h4>
<pre class="diff"><span>
<span class="info">--- branches/1.1/bp-friends/bp-friends-classes.php        2009-10-08 14:11:05 UTC (rev 2046)
+++ branches/1.1/bp-friends/bp-friends-classes.php        2009-10-22 12:01:36 UTC (rev 2047)
</span><span class="lines">@@ -149,7 +149,7 @@
</span><span class="cx">                 if ( !$user_id )
</span><span class="cx">                         $user_id = $bp->loggedin_user->id;
</span><span class="cx">                 
</span><del>-                like_escape($filter);
</del><ins>+                like_escape( $wpdb->escape( $filter ) );
</ins><span class="cx">                 
</span><span class="cx">                 if ( $limit && $page )
</span><span class="cx">                         $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span><span class="lines">@@ -221,7 +221,7 @@
</span><span class="cx">         function search_users( $filter, $user_id, $limit = null, $page = null ) {
</span><span class="cx">                 global $wpdb, $bp;
</span><span class="cx">                 
</span><del>-                like_escape($filter);
</del><ins>+                like_escape( $wpdb->escape( $filter ) );
</ins><span class="cx">                 $usermeta_table = $wpdb->base_prefix . 'usermeta';
</span><span class="cx">                 $users_table = $wpdb->base_prefix . 'users';
</span><span class="cx">
</span><span class="lines">@@ -246,7 +246,7 @@
</span><span class="cx">         function search_users_count( $filter ) {
</span><span class="cx">                 global $wpdb, $bp;
</span><span class="cx">                 
</span><del>-                like_escape($filter);
</del><ins>+                like_escape( $wpdb->escape( $filter ) );
</ins><span class="cx">                 $usermeta_table = $wpdb->prefix . 'usermeta';
</span><span class="cx">                 $users_table = $wpdb->base_prefix . 'users';
</span><span class="cx">                 
</span></span></pre></div>
<a id="branches11bpgroupsbpgroupsclassesphp"></a>
<div class="modfile"><h4>Modified: branches/1.1/bp-groups/bp-groups-classes.php (2046 => 2047)</h4>
<pre class="diff"><span>
<span class="info">--- branches/1.1/bp-groups/bp-groups-classes.php        2009-10-08 14:11:05 UTC (rev 2046)
+++ branches/1.1/bp-groups/bp-groups-classes.php        2009-10-22 12:01:36 UTC (rev 2047)
</span><span class="lines">@@ -246,7 +246,7 @@
</span><span class="cx">                 if ( !$user_id )
</span><span class="cx">                         $user_id = $bp->displayed_user->id;
</span><span class="cx">                 
</span><del>-                like_escape($filter);
</del><ins>+                like_escape( $wpdb->escape( $filter ) );
</ins><span class="cx">                 
</span><span class="cx">                 if ( $limit && $page )
</span><span class="cx">                         $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span><span class="lines">@@ -268,7 +268,7 @@
</span><span class="cx">         function search_groups( $filter, $limit = null, $page = null, $sort_by = false, $order = false ) {
</span><span class="cx">                 global $wpdb, $bp;
</span><span class="cx">                 
</span><del>-                like_escape($filter);
</del><ins>+                like_escape( $wpdb->escape( $filter ) );
</ins><span class="cx">                 
</span><span class="cx">                 if ( $limit && $page )
</span><span class="cx">                         $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span><span class="lines">@@ -462,7 +462,7 @@
</span><span class="cx">                 if ( !is_site_admin() )
</span><span class="cx">                         $hidden_sql = $wpdb->prepare( " AND status != 'hidden'");
</span><span class="cx">                 
</span><del>-                like_escape($letter);
</del><ins>+                like_escape( $wpdb->escape( $letter ) );
</ins><span class="cx">                                 
</span><span class="cx">                 if ( $limit && $page ) {
</span><span class="cx">                         $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span><span class="lines">@@ -698,7 +698,7 @@
</span><span class="cx">                         $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span><span class="cx">
</span><span class="cx">                 if ( $filter ) {
</span><del>-                        like_escape($filter);
</del><ins>+                        like_escape( $wpdb->escape( $filter ) );
</ins><span class="cx">                         $filter_sql = " AND ( g.name LIKE '{$filter}%%' OR g.description LIKE '{$filter}%%' )";                        
</span><span class="cx">                 }
</span><span class="cx">
</span><span class="lines">@@ -718,7 +718,7 @@
</span><span class="cx">                         $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span><span class="cx">
</span><span class="cx">                 if ( $filter ) {
</span><del>-                        like_escape($filter);
</del><ins>+                        like_escape( $wpdb->escape( $filter ) );
</ins><span class="cx">                         $filter_sql = " AND ( g.name LIKE '{$filter}%%' OR g.description LIKE '{$filter}%%' )";                        
</span><span class="cx">                 }
</span><span class="cx">
</span><span class="lines">@@ -738,7 +738,7 @@
</span><span class="cx">                         $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span><span class="cx">                         
</span><span class="cx">                 if ( $filter ) {
</span><del>-                        like_escape($filter);
</del><ins>+                        like_escape( $wpdb->escape( $filter ) );
</ins><span class="cx">                         $filter_sql = " AND ( g.name LIKE '{$filter}%%' OR g.description LIKE '{$filter}%%' )";                        
</span><span class="cx">                 }
</span><span class="cx">
</span><span class="lines">@@ -758,7 +758,7 @@
</span><span class="cx">                         $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span><span class="cx">
</span><span class="cx">                 if ( $filter ) {
</span><del>-                        like_escape($filter);
</del><ins>+                        like_escape( $wpdb->escape( $filter ) );
</ins><span class="cx">                         $filter_sql = " AND ( g.name LIKE '{$filter}%%' OR g.description LIKE '{$filter}%%' )";                        
</span><span class="cx">                 }
</span><span class="cx">
</span><span class="lines">@@ -778,7 +778,7 @@
</span><span class="cx">                         $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span><span class="cx">
</span><span class="cx">                 if ( $filter ) {
</span><del>-                        like_escape($filter);
</del><ins>+                        like_escape( $wpdb->escape( $filter ) );
</ins><span class="cx">                         $filter_sql = " AND ( g.name LIKE '{$filter}%%' OR g.description LIKE '{$filter}%%' )";                        
</span><span class="cx">                 }
</span><span class="cx">
</span><span class="lines">@@ -798,7 +798,7 @@
</span><span class="cx">                         $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span><span class="cx">
</span><span class="cx">                 if ( $filter ) {
</span><del>-                        like_escape($filter);
</del><ins>+                        like_escape( $wpdb->escape( $filter ) );
</ins><span class="cx">                         $filter_sql = " AND ( g.name LIKE '{$filter}%%' OR g.description LIKE '{$filter}%%' )";                        
</span><span class="cx">                 }
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>