<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[BuddyPress][6575] branches/1.6: Query variable and prepare() usage audit.</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg > ul, #logmsg > ol { margin-left: 0; margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://buddypress.trac.wordpress.org/changeset/6575">6575</a></dd>
<dt>Author</dt> <dd>johnjamesjacoby</dd>
<dt>Date</dt> <dd>2012-12-10 06:07:53 +0000 (Mon, 10 Dec 2012)</dd>
</dl>
<h3>Log Message</h3>
<pre>Query variable and prepare() usage audit. See <a href="http://buddypress.trac.wordpress.org/ticket/4654">#4654</a>. (1.6 branch)</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branches16bpactivitybpactivityclassesphp">branches/1.6/bp-activity/bp-activity-classes.php</a></li>
<li><a href="#branches16bpcorebpcoreclassesphp">branches/1.6/bp-core/bp-core-classes.php</a></li>
<li><a href="#branches16bpforumsbpforumsfiltersphp">branches/1.6/bp-forums/bp-forums-filters.php</a></li>
<li><a href="#branches16bpforumsbpforumsfunctionsphp">branches/1.6/bp-forums/bp-forums-functions.php</a></li>
<li><a href="#branches16bpfriendsbpfriendsclassesphp">branches/1.6/bp-friends/bp-friends-classes.php</a></li>
<li><a href="#branches16bpgroupsbpgroupsclassesphp">branches/1.6/bp-groups/bp-groups-classes.php</a></li>
<li><a href="#branches16bpgroupsbpgroupsfunctionsphp">branches/1.6/bp-groups/bp-groups-functions.php</a></li>
<li><a href="#branches16bpmembersbpmembersfunctionsphp">branches/1.6/bp-members/bp-members-functions.php</a></li>
<li><a href="#branches16bpxprofilebpxprofilefunctionsphp">branches/1.6/bp-xprofile/bp-xprofile-functions.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="branches16bpactivitybpactivityclassesphp"></a>
<div class="modfile"><h4>Modified: branches/1.6/bp-activity/bp-activity-classes.php (6574 => 6575)</h4>
<pre class="diff"><span>
<span class="info">--- branches/1.6/bp-activity/bp-activity-classes.php 2012-12-10 05:45:24 UTC (rev 6574)
+++ branches/1.6/bp-activity/bp-activity-classes.php 2012-12-10 06:07:53 UTC (rev 6575)
</span><span class="lines">@@ -56,7 +56,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> function save() {
</span><del>- global $wpdb, $bp, $current_user;
</del><ins>+ global $wpdb, $bp;
</ins><span class="cx">
</span><span class="cx"> $this->id = apply_filters_ref_array( 'bp_activity_id_before_save', array( $this->id, &$this ) );
</span><span class="cx"> $this->item_id = apply_filters_ref_array( 'bp_activity_item_id_before_save', array( $this->item_id, &$this ) );
</span><span class="lines">@@ -83,21 +83,23 @@
</span><span class="cx"> $this->primary_link = bp_loggedin_user_domain();
</span><span class="cx">
</span><span class="cx"> // If we have an existing ID, update the activity item, otherwise insert it.
</span><del>- if ( $this->id )
</del><ins>+ if ( $this->id ) {
</ins><span class="cx"> $q = $wpdb->prepare( "UPDATE {$bp->activity->table_name} SET user_id = %d, component = %s, type = %s, action = %s, content = %s, primary_link = %s, date_recorded = %s, item_id = %d, secondary_item_id = %d, hide_sitewide = %d, is_spam = %d WHERE id = %d", $this->user_id, $this->component, $this->type, $this->action, $this->content, $this->primary_link, $this->date_recorded, $this->item_id, $this->secondary_item_id, $this->hide_sitewide, $this->is_spam, $this->id );
</span><del>- else
</del><ins>+ } else {
</ins><span class="cx"> $q = $wpdb->prepare( "INSERT INTO {$bp->activity->table_name} ( user_id, component, type, action, content, primary_link, date_recorded, item_id, secondary_item_id, hide_sitewide, is_spam ) VALUES ( %d, %s, %s, %s, %s, %s, %s, %d, %d, %d, %d )", $this->user_id, $this->component, $this->type, $this->action, $this->content, $this->primary_link, $this->date_recorded, $this->item_id, $this->secondary_item_id, $this->hide_sitewide, $this->is_spam );
</span><ins>+ }
</ins><span class="cx">
</span><span class="cx"> if ( false === $wpdb->query( $q ) )
</span><span class="cx"> return false;
</span><span class="cx">
</span><span class="cx"> // If this is a new activity item, set the $id property
</span><del>- if ( empty( $this->id ) )
</del><ins>+ if ( empty( $this->id ) ) {
</ins><span class="cx"> $this->id = $wpdb->insert_id;
</span><span class="cx">
</span><span class="cx"> // If an existing activity item, prevent any changes to the content generating new @mention notifications.
</span><del>- else
</del><ins>+ } else {
</ins><span class="cx"> add_filter( 'bp_activity_at_name_do_notifications', '__return_false' );
</span><ins>+ }
</ins><span class="cx">
</span><span class="cx"> do_action_ref_array( 'bp_activity_after_save', array( &$this ) );
</span><span class="cx">
</span></span></pre></div>
<a id="branches16bpcorebpcoreclassesphp"></a>
<div class="modfile"><h4>Modified: branches/1.6/bp-core/bp-core-classes.php (6574 => 6575)</h4>
<pre class="diff"><span>
<span class="info">--- branches/1.6/bp-core/bp-core-classes.php 2012-12-10 05:45:24 UTC (rev 6574)
+++ branches/1.6/bp-core/bp-core-classes.php 2012-12-10 06:07:53 UTC (rev 6575)
</span><span class="lines">@@ -415,8 +415,8 @@
</span><span class="cx">
</span><span class="cx"> $exclude_sql = ( !empty( $exclude ) ) ? " AND u.ID NOT IN ({$exclude})" : "";
</span><span class="cx">
</span><del>- $total_users_sql = apply_filters( 'bp_core_users_by_letter_count_sql', $wpdb->prepare( "SELECT COUNT(DISTINCT u.ID) FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id LEFT JOIN {$bp->profile->table_name_fields} pf ON pd.field_id = pf.id WHERE {$status_sql} AND pf.name = %s {$exclude_sql} AND pd.value LIKE '$letter%%' ORDER BY pd.value ASC", bp_xprofile_fullname_field_name() ), $letter );
- $paged_users_sql = apply_filters( 'bp_core_users_by_letter_sql', $wpdb->prepare( "SELECT DISTINCT u.ID as id, u.user_registered, u.user_nicename, u.user_login, u.user_email FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id LEFT JOIN {$bp->profile->table_name_fields} pf ON pd.field_id = pf.id WHERE {$status_sql} AND pf.name = %s {$exclude_sql} AND pd.value LIKE '$letter%%' ORDER BY pd.value ASC{$pag_sql}", bp_xprofile_fullname_field_name() ), $letter, $pag_sql );
</del><ins>+ $total_users_sql = apply_filters( 'bp_core_users_by_letter_count_sql', $wpdb->prepare( "SELECT COUNT(DISTINCT u.ID) FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id LEFT JOIN {$bp->profile->table_name_fields} pf ON pd.field_id = pf.id WHERE {$status_sql} AND pf.name = %s {$exclude_sql} AND pd.value LIKE '{$letter}%%' ORDER BY pd.value ASC", bp_xprofile_fullname_field_name() ), $letter );
+ $paged_users_sql = apply_filters( 'bp_core_users_by_letter_sql', $wpdb->prepare( "SELECT DISTINCT u.ID as id, u.user_registered, u.user_nicename, u.user_login, u.user_email FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id LEFT JOIN {$bp->profile->table_name_fields} pf ON pd.field_id = pf.id WHERE {$status_sql} AND pf.name = %s {$exclude_sql} AND pd.value LIKE '{$letter}%%' ORDER BY pd.value ASC{$pag_sql}", bp_xprofile_fullname_field_name() ), $letter, $pag_sql );
</ins><span class="cx">
</span><span class="cx"> $total_users = $wpdb->get_var( $total_users_sql );
</span><span class="cx"> $paged_users = $wpdb->get_results( $paged_users_sql );
</span><span class="lines">@@ -507,8 +507,8 @@
</span><span class="cx"> $search_terms = like_escape( $wpdb->escape( $search_terms ) );
</span><span class="cx"> $status_sql = bp_core_get_status_sql( 'u.' );
</span><span class="cx">
</span><del>- $total_users_sql = apply_filters( 'bp_core_search_users_count_sql', "SELECT COUNT(DISTINCT u.ID) as id FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id WHERE {$status_sql} AND pd.value LIKE '%%$search_terms%%' ORDER BY pd.value ASC", $search_terms );
- $paged_users_sql = apply_filters( 'bp_core_search_users_sql', "SELECT DISTINCT u.ID as id, u.user_registered, u.user_nicename, u.user_login, u.user_email FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id WHERE {$status_sql} AND pd.value LIKE '%%$search_terms%%' ORDER BY pd.value ASC{$pag_sql}", $search_terms, $pag_sql );
</del><ins>+ $total_users_sql = apply_filters( 'bp_core_search_users_count_sql', "SELECT COUNT(DISTINCT u.ID) as id FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id WHERE {$status_sql} AND pd.value LIKE '%%{$search_terms}%%' ORDER BY pd.value ASC", $search_terms );
+ $paged_users_sql = apply_filters( 'bp_core_search_users_sql', "SELECT DISTINCT u.ID as id, u.user_registered, u.user_nicename, u.user_login, u.user_email FROM {$wpdb->users} u LEFT JOIN {$bp->profile->table_name_data} pd ON u.ID = pd.user_id WHERE {$status_sql} AND pd.value LIKE '%%{$search_terms}%%' ORDER BY pd.value ASC{$pag_sql}", $search_terms, $pag_sql );
</ins><span class="cx">
</span><span class="cx"> $total_users = $wpdb->get_var( $total_users_sql );
</span><span class="cx"> $paged_users = $wpdb->get_results( $paged_users_sql );
</span><span class="lines">@@ -625,7 +625,7 @@
</span><span class="cx"> function get_core_userdata( $user_id ) {
</span><span class="cx"> global $wpdb;
</span><span class="cx">
</span><del>- if ( !$user = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->users WHERE ID = %d LIMIT 1", $user_id ) ) )
</del><ins>+ if ( !$user = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->users} WHERE ID = %d LIMIT 1", $user_id ) ) )
</ins><span class="cx"> return false;
</span><span class="cx">
</span><span class="cx"> return $user;
</span></span></pre></div>
<a id="branches16bpforumsbpforumsfiltersphp"></a>
<div class="modfile"><h4>Modified: branches/1.6/bp-forums/bp-forums-filters.php (6574 => 6575)</h4>
<pre class="diff"><span>
<span class="info">--- branches/1.6/bp-forums/bp-forums-filters.php 2012-12-10 05:45:24 UTC (rev 6574)
+++ branches/1.6/bp-forums/bp-forums-filters.php 2012-12-10 06:07:53 UTC (rev 6575)
</span><span class="lines">@@ -155,8 +155,6 @@
</span><span class="cx"> * @return string $sql
</span><span class="cx"> */
</span><span class="cx"> function bp_forums_add_replied_distinct_sql( $sql ) {
</span><del>- global $wpdb;
-
</del><span class="cx"> $sql = "DISTINCT t.topic_id, ";
</span><span class="cx">
</span><span class="cx"> return $sql;
</span><span class="lines">@@ -176,7 +174,7 @@
</span><span class="cx"> * @return string $sql
</span><span class="cx"> */
</span><span class="cx"> function bp_forums_add_replied_join_sql( $sql ) {
</span><del>- global $bbdb, $wpdb;
</del><ins>+ global $bbdb;
</ins><span class="cx">
</span><span class="cx"> $sql .= " LEFT JOIN $bbdb->posts p ON p.topic_id = t.topic_id ";
</span><span class="cx">
</span></span></pre></div>
<a id="branches16bpforumsbpforumsfunctionsphp"></a>
<div class="modfile"><h4>Modified: branches/1.6/bp-forums/bp-forums-functions.php (6574 => 6575)</h4>
<pre class="diff"><span>
<span class="info">--- branches/1.6/bp-forums/bp-forums-functions.php 2012-12-10 05:45:24 UTC (rev 6574)
+++ branches/1.6/bp-forums/bp-forums-functions.php 2012-12-10 06:07:53 UTC (rev 6575)
</span><span class="lines">@@ -332,7 +332,7 @@
</span><span class="cx"> $groups_table_sql = '';
</span><span class="cx"> $groups_where_sql = "t.topic_status = 0";
</span><span class="cx"> }
</span><del>- $count = $bbdb->get_results( $bbdb->prepare( "SELECT t.topic_id FROM {$bbdb->topics} AS t {$groups_table_sql} WHERE {$groups_where_sql}" ) );
</del><ins>+ $count = $bbdb->get_results( "SELECT t.topic_id FROM {$bbdb->topics} AS t {$groups_table_sql} WHERE {$groups_where_sql}" );
</ins><span class="cx"> $count = count( (array) $count );
</span><span class="cx"> } else {
</span><span class="cx"> $count = 0;
</span></span></pre></div>
<a id="branches16bpfriendsbpfriendsclassesphp"></a>
<div class="modfile"><h4>Modified: branches/1.6/bp-friends/bp-friends-classes.php (6574 => 6575)</h4>
<pre class="diff"><span>
<span class="info">--- branches/1.6/bp-friends/bp-friends-classes.php 2012-12-10 05:45:24 UTC (rev 6574)
+++ branches/1.6/bp-friends/bp-friends-classes.php 2012-12-10 06:07:53 UTC (rev 6575)
</span><span class="lines">@@ -91,7 +91,7 @@
</span><span class="cx"> $friend_sql = $wpdb->prepare ( " WHERE (initiator_user_id = %d OR friend_user_id = %d)", $user_id, $user_id );
</span><span class="cx"> }
</span><span class="cx">
</span><del>- $friends = $wpdb->get_results( "SELECT friend_user_id, initiator_user_id FROM {$bp->friends->table_name} $friend_sql $oc_sql ORDER BY date_created DESC" );
</del><ins>+ $friends = $wpdb->get_results( "SELECT friend_user_id, initiator_user_id FROM {$bp->friends->table_name} {$friend_sql} {$oc_sql} ORDER BY date_created DESC" );
</ins><span class="cx"> $fids = array();
</span><span class="cx">
</span><span class="cx"> for ( $i = 0, $count = count( $friends ); $i < $count; ++$i ) {
</span><span class="lines">@@ -160,11 +160,11 @@
</span><span class="cx">
</span><span class="cx"> // filter the user_ids based on the search criteria.
</span><span class="cx"> if ( bp_is_active( 'xprofile' ) ) {
</span><del>- $sql = "SELECT DISTINCT user_id FROM {$bp->profile->table_name_data} WHERE user_id IN ($fids) AND value LIKE '$filter%%' {$pag_sql}";
- $total_sql = "SELECT COUNT(DISTINCT user_id) FROM {$bp->profile->table_name_data} WHERE user_id IN ($fids) AND value LIKE '$filter%%'";
</del><ins>+ $sql = "SELECT DISTINCT user_id FROM {$bp->profile->table_name_data} WHERE user_id IN ({$fids}) AND value LIKE '{$filter}%%' {$pag_sql}";
+ $total_sql = "SELECT COUNT(DISTINCT user_id) FROM {$bp->profile->table_name_data} WHERE user_id IN ({$fids}) AND value LIKE '{$filter}%%'";
</ins><span class="cx"> } else {
</span><del>- $sql = "SELECT DISTINCT user_id FROM {$wpdb->usermeta} WHERE user_id IN ($fids) AND meta_key = 'nickname' AND meta_value LIKE '$filter%%' {$pag_sql}";
- $total_sql = "SELECT COUNT(DISTINCT user_id) FROM {$wpdb->usermeta} WHERE user_id IN ($fids) AND meta_key = 'nickname' AND meta_value LIKE '$filter%%'";
</del><ins>+ $sql = "SELECT DISTINCT user_id FROM {$wpdb->usermeta} WHERE user_id IN ({$fids}) AND meta_key = 'nickname' AND meta_value LIKE '{$filter}%%' {$pag_sql}";
+ $total_sql = "SELECT COUNT(DISTINCT user_id) FROM {$wpdb->usermeta} WHERE user_id IN ({$fids}) AND meta_key = 'nickname' AND meta_value LIKE '{$filter}%%'";
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> $filtered_friend_ids = $wpdb->get_col( $sql );
</span><span class="lines">@@ -220,7 +220,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> function search_users( $filter, $user_id, $limit = null, $page = null ) {
</span><del>- global $wpdb;
</del><ins>+ global $wpdb, $bp;
</ins><span class="cx">
</span><span class="cx"> $filter = like_escape( $wpdb->escape( $filter ) );
</span><span class="cx">
</span><span class="lines">@@ -232,9 +232,9 @@
</span><span class="cx">
</span><span class="cx"> // filter the user_ids based on the search criteria.
</span><span class="cx"> if ( bp_is_active( 'xprofile' ) ) {
</span><del>- $sql = "SELECT DISTINCT d.user_id as id FROM {$bp->profile->table_name_data} d, $users_table u WHERE d.user_id = u.id AND d.value LIKE '$filter%%' ORDER BY d.value DESC $pag_sql";
</del><ins>+ $sql = "SELECT DISTINCT d.user_id as id FROM {$bp->profile->table_name_data} d, {$users_table} u WHERE d.user_id = u.id AND d.value LIKE '{$filter}%%' ORDER BY d.value DESC {$pag_sql}";
</ins><span class="cx"> } else {
</span><del>- $sql = "SELECT DISTINCT user_id as id FROM $usermeta_table WHERE meta_value LIKE '$filter%%' ORDER BY d.value DESC $pag_sql";
</del><ins>+ $sql = "SELECT DISTINCT user_id as id FROM {$usermeta_table} WHERE meta_value LIKE '{$filter}%%' ORDER BY d.value DESC {$pag_sql}";
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> $filtered_fids = $wpdb->get_col($sql);
</span><span class="lines">@@ -255,9 +255,9 @@
</span><span class="cx">
</span><span class="cx"> // filter the user_ids based on the search criteria.
</span><span class="cx"> if ( bp_is_active( 'xprofile' ) ) {
</span><del>- $sql = "SELECT COUNT(DISTINCT d.user_id) FROM {$bp->profile->table_name_data} d, $users_table u WHERE d.user_id = u.id AND d.value LIKE '$filter%%'";
</del><ins>+ $sql = "SELECT COUNT(DISTINCT d.user_id) FROM {$bp->profile->table_name_data} d, {$users_table} u WHERE d.user_id = u.id AND d.value LIKE '{$filter}%%'";
</ins><span class="cx"> } else {
</span><del>- $sql = "SELECT COUNT(DISTINCT user_id) FROM $usermeta_table WHERE meta_value LIKE '$filter%%'";
</del><ins>+ $sql = "SELECT COUNT(DISTINCT user_id) FROM {$usermeta_table} WHERE meta_value LIKE '{$filter}%%'";
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> $user_count = $wpdb->get_col($sql);
</span></span></pre></div>
<a id="branches16bpgroupsbpgroupsclassesphp"></a>
<div class="modfile"><h4>Modified: branches/1.6/bp-groups/bp-groups-classes.php (6574 => 6575)</h4>
<pre class="diff"><span>
<span class="info">--- branches/1.6/bp-groups/bp-groups-classes.php 2012-12-10 05:45:24 UTC (rev 6574)
+++ branches/1.6/bp-groups/bp-groups-classes.php 2012-12-10 06:07:53 UTC (rev 6575)
</span><span class="lines">@@ -1134,9 +1134,9 @@
</span><span class="cx">
</span><span class="cx"> // If the user is logged in and viewing their random groups, we can show hidden and private groups
</span><span class="cx"> if ( bp_is_my_profile() ) {
</span><del>- return $wpdb->get_col( $wpdb->prepare( "SELECT DISTINCT group_id FROM {$bp->groups->table_name_members} WHERE user_id = %d AND is_confirmed = 1 AND is_banned = 0 ORDER BY rand() LIMIT $total_groups", $user_id ) );
</del><ins>+ return $wpdb->get_col( $wpdb->prepare( "SELECT DISTINCT group_id FROM {$bp->groups->table_name_members} WHERE user_id = %d AND is_confirmed = 1 AND is_banned = 0 ORDER BY rand() LIMIT {$total_groups}", $user_id ) );
</ins><span class="cx"> } else {
</span><del>- return $wpdb->get_col( $wpdb->prepare( "SELECT DISTINCT m.group_id FROM {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE m.group_id = g.id AND g.status != 'hidden' AND m.user_id = %d AND m.is_confirmed = 1 AND m.is_banned = 0 ORDER BY rand() LIMIT $total_groups", $user_id ) );
</del><ins>+ return $wpdb->get_col( $wpdb->prepare( "SELECT DISTINCT m.group_id FROM {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE m.group_id = g.id AND g.status != 'hidden' AND m.user_id = %d AND m.is_confirmed = 1 AND m.is_banned = 0 ORDER BY rand() LIMIT {$total_groups}", $user_id ) );
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="branches16bpgroupsbpgroupsfunctionsphp"></a>
<div class="modfile"><h4>Modified: branches/1.6/bp-groups/bp-groups-functions.php (6574 => 6575)</h4>
<pre class="diff"><span>
<span class="info">--- branches/1.6/bp-groups/bp-groups-functions.php 2012-12-10 05:45:24 UTC (rev 6574)
+++ branches/1.6/bp-groups/bp-groups-functions.php 2012-12-10 06:07:53 UTC (rev 6575)
</span><span class="lines">@@ -917,11 +917,11 @@
</span><span class="cx"> $meta_value = trim( $meta_value );
</span><span class="cx">
</span><span class="cx"> if ( !$meta_key )
</span><del>- $wpdb->query( $wpdb->prepare( "DELETE FROM " . $bp->groups->table_name_groupmeta . " WHERE group_id = %d", $group_id ) );
</del><ins>+ $wpdb->query( $wpdb->prepare( "DELETE FROM {$bp->groups->table_name_groupmeta} WHERE group_id = %d", $group_id ) );
</ins><span class="cx"> else if ( $meta_value )
</span><del>- $wpdb->query( $wpdb->prepare( "DELETE FROM " . $bp->groups->table_name_groupmeta . " WHERE group_id = %d AND meta_key = %s AND meta_value = %s", $group_id, $meta_key, $meta_value ) );
</del><ins>+ $wpdb->query( $wpdb->prepare( "DELETE FROM {$bp->groups->table_name_groupmeta} WHERE group_id = %d AND meta_key = %s AND meta_value = %s", $group_id, $meta_key, $meta_value ) );
</ins><span class="cx"> else
</span><del>- $wpdb->query( $wpdb->prepare( "DELETE FROM " . $bp->groups->table_name_groupmeta . " WHERE group_id = %d AND meta_key = %s", $group_id, $meta_key ) );
</del><ins>+ $wpdb->query( $wpdb->prepare( "DELETE FROM {$bp->groups->table_name_groupmeta} WHERE group_id = %d AND meta_key = %s", $group_id, $meta_key ) );
</ins><span class="cx">
</span><span class="cx"> // Delete the cached object
</span><span class="cx"> wp_cache_delete( 'bp_groups_groupmeta_' . $group_id . '_' . $meta_key, 'bp' );
</span><span class="lines">@@ -942,11 +942,11 @@
</span><span class="cx">
</span><span class="cx"> $metas = wp_cache_get( 'bp_groups_groupmeta_' . $group_id . '_' . $meta_key, 'bp' );
</span><span class="cx"> if ( false === $metas ) {
</span><del>- $metas = $wpdb->get_col( $wpdb->prepare("SELECT meta_value FROM " . $bp->groups->table_name_groupmeta . " WHERE group_id = %d AND meta_key = %s", $group_id, $meta_key) );
</del><ins>+ $metas = $wpdb->get_col( $wpdb->prepare("SELECT meta_value FROM {$bp->groups->table_name_groupmeta} WHERE group_id = %d AND meta_key = %s", $group_id, $meta_key) );
</ins><span class="cx"> wp_cache_set( 'bp_groups_groupmeta_' . $group_id . '_' . $meta_key, $metas, 'bp' );
</span><span class="cx"> }
</span><span class="cx"> } else {
</span><del>- $metas = $wpdb->get_col( $wpdb->prepare("SELECT meta_value FROM " . $bp->groups->table_name_groupmeta . " WHERE group_id = %d", $group_id) );
</del><ins>+ $metas = $wpdb->get_col( $wpdb->prepare("SELECT meta_value FROM {$bp->groups->table_name_groupmeta} WHERE group_id = %d", $group_id) );
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if ( empty( $metas ) ) {
</span><span class="lines">@@ -977,12 +977,12 @@
</span><span class="cx">
</span><span class="cx"> $meta_value = maybe_serialize( $meta_value );
</span><span class="cx">
</span><del>- $cur = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM " . $bp->groups->table_name_groupmeta . " WHERE group_id = %d AND meta_key = %s", $group_id, $meta_key ) );
</del><ins>+ $cur = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$bp->groups->table_name_groupmeta} WHERE group_id = %d AND meta_key = %s", $group_id, $meta_key ) );
</ins><span class="cx">
</span><span class="cx"> if ( !$cur )
</span><del>- $wpdb->query( $wpdb->prepare( "INSERT INTO " . $bp->groups->table_name_groupmeta . " ( group_id, meta_key, meta_value ) VALUES ( %d, %s, %s )", $group_id, $meta_key, $meta_value ) );
</del><ins>+ $wpdb->query( $wpdb->prepare( "INSERT INTO {$bp->groups->table_name_groupmeta} ( group_id, meta_key, meta_value ) VALUES ( %d, %s, %s )", $group_id, $meta_key, $meta_value ) );
</ins><span class="cx"> else if ( $cur->meta_value != $meta_value )
</span><del>- $wpdb->query( $wpdb->prepare( "UPDATE " . $bp->groups->table_name_groupmeta . " SET meta_value = %s WHERE group_id = %d AND meta_key = %s", $meta_value, $group_id, $meta_key ) );
</del><ins>+ $wpdb->query( $wpdb->prepare( "UPDATE {$bp->groups->table_name_groupmeta} SET meta_value = %s WHERE group_id = %d AND meta_key = %s", $meta_value, $group_id, $meta_key ) );
</ins><span class="cx"> else
</span><span class="cx"> return false;
</span><span class="cx">
</span></span></pre></div>
<a id="branches16bpmembersbpmembersfunctionsphp"></a>
<div class="modfile"><h4>Modified: branches/1.6/bp-members/bp-members-functions.php (6574 => 6575)</h4>
<pre class="diff"><span>
<span class="info">--- branches/1.6/bp-members/bp-members-functions.php 2012-12-10 05:45:24 UTC (rev 6574)
+++ branches/1.6/bp-members/bp-members-functions.php 2012-12-10 06:07:53 UTC (rev 6575)
</span><span class="lines">@@ -504,7 +504,7 @@
</span><span class="cx"> $exclude_users = $wpdb->get_col( $sql );
</span><span class="cx"> $exclude_users_sql = !empty( $exclude_users ) ? "AND user_id NOT IN (" . implode( ',', wp_parse_id_list( $exclude_users ) ) . ")" : '';
</span><span class="cx">
</span><del>- $count = (int) $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(user_id) FROM $wpdb->usermeta WHERE meta_key = %s {$exclude_users_sql}", bp_get_user_meta_key( 'last_activity' ) ) );
</del><ins>+ $count = (int) $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(user_id) FROM {$wpdb->usermeta} WHERE meta_key = %s {$exclude_users_sql}", bp_get_user_meta_key( 'last_activity' ) ) );
</ins><span class="cx"> set_transient( 'bp_active_member_count', $count );
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -770,7 +770,7 @@
</span><span class="cx"> if ( empty( $user_id ) )
</span><span class="cx"> $user_id = bp_displayed_user_id();
</span><span class="cx">
</span><del>- return apply_filters( 'bp_core_get_all_posts_for_user', $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_author = %d AND post_status = 'publish' AND post_type = 'post'", $user_id ) ) );
</del><ins>+ return apply_filters( 'bp_core_get_all_posts_for_user', $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM {$wpdb->posts} WHERE post_author = %d AND post_status = 'publish' AND post_type = 'post'", $user_id ) ) );
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -1123,7 +1123,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // Update the user status to '2' which we will use as 'not activated' (0 = active, 1 = spam, 2 = not active)
</span><del>- $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->users SET user_status = 2 WHERE ID = %d", $user_id ) );
</del><ins>+ $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->users} SET user_status = 2 WHERE ID = %d", $user_id ) );
</ins><span class="cx">
</span><span class="cx"> // Set any profile data
</span><span class="cx"> if ( bp_is_active( 'xprofile' ) ) {
</span><span class="lines">@@ -1213,13 +1213,13 @@
</span><span class="cx"> } else {
</span><span class="cx">
</span><span class="cx"> // Get the user_id based on the $key
</span><del>- $user_id = $wpdb->get_var( $wpdb->prepare( "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = 'activation_key' AND meta_value = %s", $key ) );
</del><ins>+ $user_id = $wpdb->get_var( $wpdb->prepare( "SELECT user_id FROM {$wpdb->usermeta} WHERE meta_key = 'activation_key' AND meta_value = %s", $key ) );
</ins><span class="cx">
</span><span class="cx"> if ( empty( $user_id ) )
</span><span class="cx"> return new WP_Error( 'invalid_key', __( 'Invalid activation key', 'buddypress' ) );
</span><span class="cx">
</span><span class="cx"> // Change the user's status so they become active
</span><del>- if ( !$wpdb->query( $wpdb->prepare( "UPDATE $wpdb->users SET user_status = 0 WHERE ID = %d", $user_id ) ) )
</del><ins>+ if ( !$wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->users} SET user_status = 0 WHERE ID = %d", $user_id ) ) )
</ins><span class="cx"> return new WP_Error( 'invalid_key', __( 'Invalid activation key', 'buddypress' ) );
</span><span class="cx">
</span><span class="cx"> // Notify the site admin of a new user registration
</span><span class="lines">@@ -1234,7 +1234,7 @@
</span><span class="cx">
</span><span class="cx"> // Set the password on multisite installs
</span><span class="cx"> if ( is_multisite() && !empty( $user['meta']['password'] ) )
</span><del>- $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->users SET user_pass = %s WHERE ID = %d", $user['meta']['password'], $user_id ) );
</del><ins>+ $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->users} SET user_pass = %s WHERE ID = %d", $user['meta']['password'], $user_id ) );
</ins><span class="cx">
</span><span class="cx"> do_action( 'bp_core_activated_user', $user_id, $key, $user );
</span><span class="cx">
</span></span></pre></div>
<a id="branches16bpxprofilebpxprofilefunctionsphp"></a>
<div class="modfile"><h4>Modified: branches/1.6/bp-xprofile/bp-xprofile-functions.php (6574 => 6575)</h4>
<pre class="diff"><span>
<span class="info">--- branches/1.6/bp-xprofile/bp-xprofile-functions.php 2012-12-10 05:45:24 UTC (rev 6574)
+++ branches/1.6/bp-xprofile/bp-xprofile-functions.php 2012-12-10 06:07:53 UTC (rev 6575)
</span><span class="lines">@@ -513,11 +513,11 @@
</span><span class="cx"> $meta_value = trim( $meta_value );
</span><span class="cx">
</span><span class="cx"> if ( !$meta_key )
</span><del>- $wpdb->query( $wpdb->prepare( "DELETE FROM " . $bp->profile->table_name_meta . " WHERE object_id = %d AND object_type = %s", $object_id, $object_type ) );
</del><ins>+ $wpdb->query( $wpdb->prepare( "DELETE FROM {$bp->profile->table_name_meta} WHERE object_id = %d AND object_type = %s", $object_id, $object_type ) );
</ins><span class="cx"> else if ( $meta_value )
</span><del>- $wpdb->query( $wpdb->prepare( "DELETE FROM " . $bp->profile->table_name_meta . " WHERE object_id = %d AND object_type = %s AND meta_key = %s AND meta_value = %s", $object_id, $object_type, $meta_key, $meta_value ) );
</del><ins>+ $wpdb->query( $wpdb->prepare( "DELETE FROM {$bp->profile->table_name_meta} WHERE object_id = %d AND object_type = %s AND meta_key = %s AND meta_value = %s", $object_id, $object_type, $meta_key, $meta_value ) );
</ins><span class="cx"> else
</span><del>- $wpdb->query( $wpdb->prepare( "DELETE FROM " . $bp->profile->table_name_meta . " WHERE object_id = %d AND object_type = %s AND meta_key = %s", $object_id, $object_type, $meta_key ) );
</del><ins>+ $wpdb->query( $wpdb->prepare( "DELETE FROM {$bp->profile->table_name_meta} WHERE object_id = %d AND object_type = %s AND meta_key = %s", $object_id, $object_type, $meta_key ) );
</ins><span class="cx">
</span><span class="cx"> // Delete the cached object
</span><span class="cx"> wp_cache_delete( 'bp_xprofile_meta_' . $object_type . '_' . $object_id . '_' . $meta_key, 'bp' );
</span><span class="lines">@@ -543,11 +543,11 @@
</span><span class="cx"> $meta_key = preg_replace( '|[^a-z0-9_]|i', '', $meta_key );
</span><span class="cx">
</span><span class="cx"> if ( !$metas = wp_cache_get( 'bp_xprofile_meta_' . $object_type . '_' . $object_id . '_' . $meta_key, 'bp' ) ) {
</span><del>- $metas = $wpdb->get_col( $wpdb->prepare( "SELECT meta_value FROM " . $bp->profile->table_name_meta . " WHERE object_id = %d AND object_type = %s AND meta_key = %s", $object_id, $object_type, $meta_key ) );
</del><ins>+ $metas = $wpdb->get_col( $wpdb->prepare( "SELECT meta_value FROM {$bp->profile->table_name_meta} WHERE object_id = %d AND object_type = %s AND meta_key = %s", $object_id, $object_type, $meta_key ) );
</ins><span class="cx"> wp_cache_set( 'bp_xprofile_meta_' . $object_type . '_' . $object_id . '_' . $meta_key, $metas, 'bp' );
</span><span class="cx"> }
</span><span class="cx"> } else {
</span><del>- $metas = $wpdb->get_col( $wpdb->prepare( "SELECT meta_value FROM " . $bp->profile->table_name_meta . " WHERE object_id = %d AND object_type = %s", $object_id, $object_type ) );
</del><ins>+ $metas = $wpdb->get_col( $wpdb->prepare( "SELECT meta_value FROM {$bp->profile->table_name_meta} WHERE object_id = %d AND object_type = %s", $object_id, $object_type ) );
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if ( empty( $metas ) ) {
</span><span class="lines">@@ -590,12 +590,12 @@
</span><span class="cx"> if ( empty( $meta_value ) )
</span><span class="cx"> return bp_xprofile_delete_meta( $object_id, $object_type, $meta_key );
</span><span class="cx">
</span><del>- $cur = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM " . $bp->profile->table_name_meta . " WHERE object_id = %d AND object_type = %s AND meta_key = %s", $object_id, $object_type, $meta_key ) );
</del><ins>+ $cur = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$bp->profile->table_name_meta} WHERE object_id = %d AND object_type = %s AND meta_key = %s", $object_id, $object_type, $meta_key ) );
</ins><span class="cx">
</span><span class="cx"> if ( empty( $cur ) )
</span><del>- $wpdb->query( $wpdb->prepare( "INSERT INTO " . $bp->profile->table_name_meta . " ( object_id, object_type, meta_key, meta_value ) VALUES ( %d, %s, %s, %s )", $object_id, $object_type, $meta_key, $meta_value ) );
</del><ins>+ $wpdb->query( $wpdb->prepare( "INSERT INTO {$bp->profile->table_name_meta} ( object_id, object_type, meta_key, meta_value ) VALUES ( %d, %s, %s, %s )", $object_id, $object_type, $meta_key, $meta_value ) );
</ins><span class="cx"> else if ( $cur->meta_value != $meta_value )
</span><del>- $wpdb->query( $wpdb->prepare( "UPDATE " . $bp->profile->table_name_meta . " SET meta_value = %s WHERE object_id = %d AND object_type = %s AND meta_key = %s", $meta_value, $object_id, $object_type, $meta_key ) );
</del><ins>+ $wpdb->query( $wpdb->prepare( "UPDATE {$bp->profile->table_name_meta} SET meta_value = %s WHERE object_id = %d AND object_type = %s AND meta_key = %s", $meta_value, $object_id, $object_type, $meta_key ) );
</ins><span class="cx"> else
</span><span class="cx"> return false;
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>