<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[BuddyPress][7024] trunk: Improved sanitization for Core component database methods</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://buddypress.trac.wordpress.org/changeset/7024">7024</a></dd>
<dt>Author</dt> <dd>boonebgorges</dd>
<dt>Date</dt> <dd>2013-05-08 20:27:22 +0000 (Wed, 08 May 2013)</dd>
</dl>

<h3>Log Message</h3>
<pre>Improved sanitization for Core component database methods

All constructed IN clauses for integer values are now run through
wp_parse_id_list().

Also adds tests for the relevant methods.

Fixes <a href="http://buddypress.trac.wordpress.org/ticket/4992">#4992</a>

Props johnjamesjacoby, DJPaul</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkbpcorebpcorecachephp">trunk/bp-core/bp-core-cache.php</a></li>
<li><a href="#trunkbpcorebpcoreclassesphp">trunk/bp-core/bp-core-classes.php</a></li>
<li><a href="#trunkbpcorebpcorefiltersphp">trunk/bp-core/bp-core-filters.php</a></li>
<li><a href="#trunkbpcorebpcorefunctionsphp">trunk/bp-core/bp-core-functions.php</a></li>
</ul>

<h3>Added Paths</h3>
<ul>
<li><a href="#trunkteststestcasescoreclassbpcoreuserphp">trunk/tests/testcases/core/class-bp-core-user.php</a></li>
<li><a href="#trunkteststestcasescoreclassbpuserqueryphp">trunk/tests/testcases/core/class-bp-user-query.php</a></li>
</ul>

<h3>Removed Paths</h3>
<ul>
<li><a href="#trunkteststestcasescoreclassesphp">trunk/tests/testcases/core/classes.php</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkbpcorebpcorecachephp"></a>
<div class="modfile"><h4>Modified: trunk/bp-core/bp-core-cache.php (7023 => 7024)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/bp-core/bp-core-cache.php  2013-05-08 03:35:26 UTC (rev 7023)
+++ trunk/bp-core/bp-core-cache.php     2013-05-08 20:27:22 UTC (rev 7024)
</span><span class="lines">@@ -92,13 +92,8 @@
</span><span class="cx">          $object_column = $object_type . '_id';
</span><span class="cx">  }
</span><span class="cx"> 
</span><del>-       if ( !is_array( $object_ids ) ) {
-               $object_ids = preg_replace( '|[^0-9,]|', '', $object_ids );
-               $object_ids = explode( ',', $object_ids );
-       }
</del><ins>+        $object_ids = wp_parse_id_list( $object_ids );
</ins><span class="cx"> 
</span><del>-       $object_ids = array_map( 'intval', $object_ids );
-
</del><span class="cx">   $cache = array();
</span><span class="cx"> 
</span><span class="cx">  // Get meta info
</span></span></pre></div>
<a id="trunkbpcorebpcoreclassesphp"></a>
<div class="modfile"><h4>Modified: trunk/bp-core/bp-core-classes.php (7023 => 7024)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/bp-core/bp-core-classes.php        2013-05-08 03:35:26 UTC (rev 7023)
+++ trunk/bp-core/bp-core-classes.php   2013-05-08 20:27:22 UTC (rev 7024)
</span><span class="lines">@@ -299,7 +299,7 @@
</span><span class="cx">          // @todo remove need for bp_is_active() check
</span><span class="cx">          if ( ! empty( $user_id ) && bp_is_active( 'friends' ) ) {
</span><span class="cx">                  $friend_ids = friends_get_friend_user_ids( $user_id );
</span><del>-                       $friend_ids = $wpdb->escape( implode( ',', (array) $friend_ids ) );
</del><ins>+                        $friend_ids = implode( ',', wp_parse_id_list( $friend_ids ) );
</ins><span class="cx"> 
</span><span class="cx">                  if ( ! empty( $friend_ids ) ) {
</span><span class="cx">                          $sql['where'][] = "u.{$this->uid_name} IN ({$friend_ids})";
</span><span class="lines">@@ -805,6 +805,7 @@
</span><span class="cx">          }
</span><span class="cx"> 
</span><span class="cx">          if ( !empty( $exclude ) ) {
</span><ins>+                       $exclude              = implode( ',', wp_parse_id_list( $exclude ) );
</ins><span class="cx">                   $sql['where_exclude'] = "AND u.ID NOT IN ({$exclude})";
</span><span class="cx">          }
</span><span class="cx"> 
</span><span class="lines">@@ -814,20 +815,13 @@
</span><span class="cx">                  $sql['where_users'] = "AND 0 = 1";
</span><span class="cx">          } else {
</span><span class="cx">                  if ( !empty( $include ) ) {
</span><del>-                               if ( is_array( $include ) ) {
-                                       $uids = $wpdb->escape( implode( ',', (array) $include ) );
-                               } else {
-                                       $uids = $wpdb->escape( $include );
-                               }
-
-                               if ( !empty( $uids ) ) {
-                                       $sql['where_users'] = "AND u.ID IN ({$uids})";
-                               }
</del><ins>+                                $include = implode( ',',  wp_parse_id_list( $include ) );
+                               $sql['where_users'] = "AND u.ID IN ({$include})";
</ins><span class="cx">                   } elseif ( !empty( $user_id ) && bp_is_active( 'friends' ) ) {
</span><span class="cx">                          $friend_ids = friends_get_friend_user_ids( $user_id );
</span><del>-                               $friend_ids = $wpdb->escape( implode( ',', (array) $friend_ids ) );
</del><span class="cx"> 
</span><span class="cx">                          if ( !empty( $friend_ids ) ) {
</span><ins>+                                       $friend_ids = implode( ',', wp_parse_id_list( $friend_ids ) );
</ins><span class="cx">                                   $sql['where_friends'] = "AND u.ID IN ({$friend_ids})";
</span><span class="cx"> 
</span><span class="cx">                          // User has no friends, return false since there will be no users to fetch.
</span><span class="lines">@@ -913,8 +907,6 @@
</span><span class="cx">                          $user_ids[] = $user->id;
</span><span class="cx">                  }
</span><span class="cx"> 
</span><del>-                       $user_ids = $wpdb->escape( join( ',', (array) $user_ids ) );
-
</del><span class="cx">                   // Add additional data to the returned results
</span><span class="cx">                  $paged_users = BP_Core_User::get_user_extras( $paged_users, $user_ids, $type );
</span><span class="cx">          }
</span><span class="lines">@@ -959,8 +951,7 @@
</span><span class="cx">          $status_sql = bp_core_get_status_sql( 'u.' );
</span><span class="cx"> 
</span><span class="cx">          if ( !empty( $exclude ) ) {
</span><del>-                       $exclude     = wp_parse_id_list( $r['exclude'] );
-                       $exclude     = $wpdb->escape( implode( ',', $exclude ) );
</del><ins>+                        $exclude     = implode( ',', wp_parse_id_list( $r['exclude'] ) );
</ins><span class="cx">                   $exclude_sql = " AND u.id NOT IN ({$exclude})";
</span><span class="cx">          } else {
</span><span class="cx">                  $exclude_sql = '';
</span><span class="lines">@@ -981,10 +972,8 @@
</span><span class="cx">           */
</span><span class="cx">          $user_ids = array();
</span><span class="cx">          foreach ( (array) $paged_users as $user )
</span><del>-                       $user_ids[] = $user->id;
</del><ins>+                        $user_ids[] = (int) $user->id;
</ins><span class="cx"> 
</span><del>-               $user_ids = $wpdb->escape( join( ',', (array) $user_ids ) );
-
</del><span class="cx">           // Add additional data to the returned results
</span><span class="cx">          if ( $populate_extras ) {
</span><span class="cx">                  $paged_users = BP_Core_User::get_user_extras( $paged_users, $user_ids );
</span><span class="lines">@@ -1011,10 +1000,11 @@
</span><span class="cx">          if ( $limit && $page )
</span><span class="cx">                  $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
</span><span class="cx"> 
</span><ins>+               $user_ids   = implode( ',', wp_parse_id_list( $user_ids ) );
</ins><span class="cx">           $status_sql = bp_core_get_status_sql();
</span><span class="cx"> 
</span><del>-               $total_users_sql = apply_filters( 'bp_core_get_specific_users_count_sql', "SELECT COUNT(DISTINCT ID) FROM {$wpdb->users} WHERE {$status_sql} AND ID IN ( " . $wpdb->escape( $user_ids ) . " ) " );
-               $paged_users_sql = apply_filters( 'bp_core_get_specific_users_count_sql', "SELECT DISTINCT ID as id, user_registered, user_nicename, user_login, user_email FROM {$wpdb->users} WHERE {$status_sql} AND ID IN ( " . $wpdb->escape( $user_ids ) . " ) {$pag_sql}" );
</del><ins>+                $total_users_sql = apply_filters( 'bp_core_get_specific_users_count_sql', "SELECT COUNT(DISTINCT ID) FROM {$wpdb->users} WHERE {$status_sql} AND ID IN ({$user_ids})" );
+               $paged_users_sql = apply_filters( 'bp_core_get_specific_users_count_sql', "SELECT DISTINCT ID as id, user_registered, user_nicename, user_login, user_email FROM {$wpdb->users} WHERE {$status_sql} AND ID IN ({$user_ids}) {$pag_sql}" );
</ins><span class="cx"> 
</span><span class="cx">          $total_users = $wpdb->get_var( $total_users_sql );
</span><span class="cx">          $paged_users = $wpdb->get_results( $paged_users_sql );
</span><span class="lines">@@ -1069,8 +1059,6 @@
</span><span class="cx">          foreach ( (array) $paged_users as $user )
</span><span class="cx">                  $user_ids[] = $user->id;
</span><span class="cx"> 
</span><del>-               $user_ids = $wpdb->escape( join( ',', (array) $user_ids ) );
-
</del><span class="cx">           // Add additional data to the returned results
</span><span class="cx">          if ( $populate_extras )
</span><span class="cx">                  $paged_users = BP_Core_User::get_user_extras( $paged_users, $user_ids );
</span><span class="lines">@@ -1097,6 +1085,9 @@
</span><span class="cx">          if ( empty( $user_ids ) )
</span><span class="cx">                  return $paged_users;
</span><span class="cx"> 
</span><ins>+               // Sanitize user IDs
+               $user_ids = implode( ',', wp_parse_id_list( $user_ids ) );
+
</ins><span class="cx">           // Fetch the user's full name
</span><span class="cx">          if ( bp_is_active( 'xprofile' ) && 'alphabetical' != $type ) {
</span><span class="cx">                  $names = $wpdb->get_results( $wpdb->prepare( "SELECT pd.user_id as id, pd.value as fullname FROM {$bp->profile->table_name_fields} pf, {$bp->profile->table_name_data} pd WHERE pf.id = pd.field_id AND pf.name = %s AND pd.user_id IN ( {$user_ids} )", bp_xprofile_fullname_field_name() ) );
</span></span></pre></div>
<a id="trunkbpcorebpcorefiltersphp"></a>
<div class="modfile"><h4>Modified: trunk/bp-core/bp-core-filters.php (7023 => 7024)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/bp-core/bp-core-filters.php        2013-05-08 03:35:26 UTC (rev 7023)
+++ trunk/bp-core/bp-core-filters.php   2013-05-08 20:27:22 UTC (rev 7024)
</span><span class="lines">@@ -130,7 +130,7 @@
</span><span class="cx">  if ( empty( $user_ids ) )
</span><span class="cx">          return $comments;
</span><span class="cx"> 
</span><del>-       $user_ids = implode( ',', $user_ids );
</del><ins>+        $user_ids = implode( ',', wp_parse_id_list( $user_ids ) );
</ins><span class="cx"> 
</span><span class="cx">  if ( !$userdata = $wpdb->get_results( "SELECT ID as user_id, user_login, user_nicename FROM {$wpdb->users} WHERE ID IN ({$user_ids})" ) )
</span><span class="cx">          return $comments;
</span></span></pre></div>
<a id="trunkbpcorebpcorefunctionsphp"></a>
<div class="modfile"><h4>Modified: trunk/bp-core/bp-core-functions.php (7023 => 7024)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/bp-core/bp-core-functions.php      2013-05-08 03:35:26 UTC (rev 7023)
+++ trunk/bp-core/bp-core-functions.php 2013-05-08 20:27:22 UTC (rev 7024)
</span><span class="lines">@@ -141,7 +141,7 @@
</span><span class="cx">          // Always get page data from the root blog, except on multiblog mode, when it comes
</span><span class="cx">          // from the current blog
</span><span class="cx">          $posts_table_name = bp_is_multiblog_mode() ? $wpdb->posts : $wpdb->get_blog_prefix( bp_get_root_blog_id() ) . 'posts';
</span><del>-               $page_ids_sql     = implode( ',', (array) $page_ids );
</del><ins>+                $page_ids_sql     = implode( ',', wp_parse_id_list( $page_ids ) );
</ins><span class="cx">           $page_names       = $wpdb->get_results( "SELECT ID, post_name, post_parent, post_title FROM {$posts_table_name} WHERE ID IN ({$page_ids_sql}) AND post_status = 'publish' " );
</span><span class="cx"> 
</span><span class="cx">          foreach ( (array) $page_ids as $component_id => $page_id ) {
</span></span></pre></div>
<a id="trunkteststestcasescoreclassbpcoreuserphp"></a>
<div class="addfile"><h4>Added: trunk/tests/testcases/core/class-bp-core-user.php (0 => 7024)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/tests/testcases/core/class-bp-core-user.php                                (rev 0)
+++ trunk/tests/testcases/core/class-bp-core-user.php   2013-05-08 20:27:22 UTC (rev 7024)
</span><span class="lines">@@ -0,0 +1,106 @@
</span><ins>+<?php
+
+/**
+ * @group core
+ */
+class BP_Tests_BP_Core_User_TestCases extends BP_UnitTestCase {
+       protected $old_current_user = 0;
+
+       public function setUp() {
+               parent::setUp();
+
+               $this->old_current_user = get_current_user_id();
+               wp_set_current_user( $this->factory->user->create( array( 'role' => 'subscriber' ) ) );
+       }
+
+       public function tearDown() {
+               parent::tearDown();
+               wp_set_current_user( $this->old_current_user );
+       }
+
+       public function test_get_users_with_exclude_querystring() {
+               $u1 = $this->create_user();
+               $u2 = $this->create_user();
+               $u3 = $this->create_user();
+
+               $exclude_qs = $u1 . ',junkstring,' . $u3;
+
+               $users = BP_Core_User::get_users( 'active', 0, 1, 0, false, false, true, $exclude_qs );
+               $user_ids = wp_list_pluck( $users['users'], 'id' );
+
+               $this->assertEquals( array( $u2 ), $user_ids );
+       }
+
+       public function test_get_users_with_exclude_array() {
+               $u1 = $this->create_user();
+               $u2 = $this->create_user();
+               $u3 = $this->create_user();
+
+               $exclude_array = array(
+                       $u1,
+                       'junkstring',
+                       $u3,
+               );
+
+               $users = BP_Core_User::get_users( 'active', 0, 1, 0, false, false, true, $exclude_array );
+               $user_ids = wp_list_pluck( $users['users'], 'id' );
+
+               $this->assertEquals( array( $u2 ), $user_ids );
+       }
+
+       public function test_get_users_with_include_querystring() {
+               $u1 = $this->create_user();
+               $u2 = $this->create_user();
+               $u3 = $this->create_user();
+
+               $include_qs = $u1 . ',junkstring,' . $u3;
+
+               $users = BP_Core_User::get_users( 'active', 0, 1, 0, $include_qs );
+               $user_ids = wp_list_pluck( $users['users'], 'id' );
+
+               $this->assertEquals( array( $u1, $u3 ), $user_ids );
+       }
+
+       public function test_get_users_with_include_array() {
+               $u1 = $this->create_user();
+               $u2 = $this->create_user();
+               $u3 = $this->create_user();
+
+               $include_array = array(
+                       $u1,
+                       'junkstring',
+                       $u3,
+               );
+
+               $users = BP_Core_User::get_users( 'active', 0, 1, 0, $include_array );
+               $user_ids = wp_list_pluck( $users['users'], 'id' );
+
+               // typecast...ugh
+               $user_ids = array_map( 'intval', $user_ids );
+
+               $this->assertEquals( array( $u1, $u3 ), $user_ids );
+       }
+
+       public function test_get_specific_users() {
+               $u1 = $this->create_user();
+               $u2 = $this->create_user();
+               $u3 = $this->create_user();
+
+               $include_array = array(
+                       $u1,
+                       'junkstring',
+                       $u3,
+               );
+
+               $users = BP_Core_User::get_specific_users( $include_array );
+               $user_ids = wp_list_pluck( $users['users'], 'id' );
+
+               // sort...ugh
+               sort( $user_ids );
+
+               $this->assertEquals( array( $u1, $u3 ), $user_ids );
+       }
+
+
+
+}
</ins></span></pre></div>
<a id="trunkteststestcasescoreclassbpuserqueryphpfromrev7022trunkteststestcasescoreclassesphp"></a>
<div class="copfile"><h4>Copied: trunk/tests/testcases/core/class-bp-user-query.php (from rev 7022, trunk/tests/testcases/core/classes.php) (0 => 7024)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/tests/testcases/core/class-bp-user-query.php                               (rev 0)
+++ trunk/tests/testcases/core/class-bp-user-query.php  2013-05-08 20:27:22 UTC (rev 7024)
</span><span class="lines">@@ -0,0 +1,151 @@
</span><ins>+<?php
+
+/**
+ * @group core
+ */
+class BP_Tests_BP_User_Query_TestCases extends BP_UnitTestCase {
+       protected $old_current_user = 0;
+
+       public function setUp() {
+               parent::setUp();
+
+               $this->old_current_user = get_current_user_id();
+               wp_set_current_user( $this->factory->user->create( array( 'role' => 'administrator' ) ) );
+       }
+
+       public function tearDown() {
+               parent::tearDown();
+               wp_set_current_user( $this->old_current_user );
+       }
+
+       /**
+        * Checks that user_id returns friends
+        */
+       public function test_bp_user_query_friends() {
+               $u1 = $this->create_user();
+               $u2 = $this->create_user();
+               $u3 = $this->create_user();
+               friends_add_friend( $u1, $u2, true );
+
+               $q = new BP_User_Query( array(
+                       'user_id' => $u2,
+               ) );
+
+               $friends = is_array( $q->results ) ? array_values( $q->results ) : array();
+               $friend_ids = wp_list_pluck( $friends, 'ID' );
+               $this->assertEquals( $friend_ids, array( $u1 ) );
+       }
+
+       /**
+        * @ticket 4938
+        */
+       public function test_bp_user_query_friends_with_include() {
+               $u1 = $this->create_user();
+               $u2 = $this->create_user();
+               $u3 = $this->create_user();
+               $u4 = $this->create_user();
+               friends_add_friend( $u1, $u2, true );
+               friends_add_friend( $u1, $u3, true );
+
+               $q = new BP_User_Query( array(
+                       'user_id' => $u1,
+
+                       // Represents an independent filter passed by a plugin
+                       // u4 is not a friend of u1 and should not be returned
+                       'include' => array( $u2, $u4 ),
+               ) );
+
+               $friends = is_array( $q->results ) ? array_values( $q->results ) : array();
+               $friend_ids = wp_list_pluck( $friends, 'ID' );
+               $this->assertEquals( $friend_ids, array( $u2 ) );
+       }
+
+       public function test_bp_user_query_friends_with_include_but_zero_friends() {
+               $u1 = $this->create_user();
+               $u2 = $this->create_user();
+               $u3 = $this->create_user();
+               $u4 = $this->create_user();
+
+               $q = new BP_User_Query( array(
+                       'user_id' => $u1,
+
+                       // Represents an independent filter passed by a plugin
+                       // u4 is not a friend of u1 and should not be returned
+                       'include' => array( $u2, $u4 ),
+               ) );
+
+               $friends = is_array( $q->results ) ? array_values( $q->results ) : array();
+               $friend_ids = wp_list_pluck( $friends, 'ID' );
+               $this->assertEquals( $friend_ids, array() );
+       }
+
+       public function test_bp_user_query_sort_by_popular() {
+               $u1 = $this->create_user();
+               $u2 = $this->create_user();
+               $u3 = $this->create_user();
+               $u4 = $this->create_user();
+
+               bp_update_user_meta( $u1, bp_get_user_meta_key( 'total_friend_count' ), '5' );
+               bp_update_user_meta( $u2, bp_get_user_meta_key( 'total_friend_count' ), '90' );
+               bp_update_user_meta( $u3, bp_get_user_meta_key( 'total_friend_count' ), '101' );
+               bp_update_user_meta( $u4, bp_get_user_meta_key( 'total_friend_count' ), '3002' );
+
+               $q = new BP_User_Query( array(
+                       'type' => 'popular',
+               ) );
+
+               $users = is_array( $q->results ) ? array_values( $q->results ) : array();
+               $user_ids = wp_parse_id_list( wp_list_pluck( $users, 'ID' ) );
+
+               $expected = array( $u4, $u3, $u2, $u1 );
+               $this->assertEquals( $expected, $user_ids );
+       }
+
+       public function test_bp_user_query_search_with_apostrophe() {
+               // Apostrophe. Search_terms must escaped to mimic POST payload
+               $user_id = $this->create_user();
+               xprofile_set_field_data( 1, $user_id, "Foo'Bar" );
+               $q = new BP_User_Query( array( 'search_terms' => "oo\'Ba", ) );
+
+               $found_user_id = null;
+               if ( ! empty( $q->results ) ) {
+                       $found_user = array_pop( $q->results );
+                       $found_user_id = $found_user->ID;
+               }
+
+               $this->assertEquals( $user_id, $found_user_id );
+       }
+
+       public function test_bp_user_query_search_with_percent_sign() {
+
+               // LIKE special character: %
+               $user_id = $this->create_user();
+               xprofile_set_field_data( 1, $user_id, "Foo%Bar" );
+               $q = new BP_User_Query( array( 'search_terms' => "oo%Bar", ) );
+
+               $found_user_id = null;
+               if ( ! empty( $q->results ) ) {
+                       $found_user = array_pop( $q->results );
+                       $found_user_id = $found_user->ID;
+               }
+
+               $this->assertEquals( $user_id, $found_user_id );
+
+       }
+
+       public function test_bp_user_query_search_with_underscore() {
+
+               // LIKE special character: _
+               $user_id = $this->create_user();
+               xprofile_set_field_data( 1, $user_id, "Foo_Bar" );
+               $q = new BP_User_Query( array( 'search_terms' => "oo_Bar", ) );
+
+               $found_user_id = null;
+               if ( ! empty( $q->results ) ) {
+                       $found_user = array_pop( $q->results );
+                       $found_user_id = $found_user->ID;
+               }
+
+               $this->assertEquals( $user_id, $found_user_id );
+       }
+}
</ins></span></pre></div>
<a id="trunkteststestcasescoreclassesphp"></a>
<div class="delfile"><h4>Deleted: trunk/tests/testcases/core/classes.php (7023 => 7024)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/tests/testcases/core/classes.php   2013-05-08 03:35:26 UTC (rev 7023)
+++ trunk/tests/testcases/core/classes.php      2013-05-08 20:27:22 UTC (rev 7024)
</span><span class="lines">@@ -1,153 +0,0 @@
</span><del>-<?php
-
-/**
- * @group core
- */
-class BP_Tests_Core_Classes extends BP_UnitTestCase {
-       protected $old_current_user = 0;
-
-       public function setUp() {
-               parent::setUp();
-
-               $this->old_current_user = get_current_user_id();
-               wp_set_current_user( $this->factory->user->create( array( 'role' => 'administrator' ) ) );
-       }
-
-       public function tearDown() {
-               parent::tearDown();
-               wp_set_current_user( $this->old_current_user );
-       }
-
-       /**
-        * Checks that user_id returns friends
-        */
-       public function test_bp_user_query_friends() {
-               $u1 = $this->create_user();
-               $u2 = $this->create_user();
-               $u3 = $this->create_user();
-               friends_add_friend( $u1, $u2, true );
-
-               $q = new BP_User_Query( array(
-                       'user_id' => $u2,
-               ) );
-
-               $friends = is_array( $q->results ) ? array_values( $q->results ) : array();
-               $friend_ids = wp_list_pluck( $friends, 'ID' );
-               $this->assertEquals( $friend_ids, array( $u1 ) );
-       }
-
-       /**
-        * @ticket 4938
-        */
-       public function test_bp_user_query_friends_with_include() {
-               $u1 = $this->create_user();
-               $u2 = $this->create_user();
-               $u3 = $this->create_user();
-               $u4 = $this->create_user();
-               friends_add_friend( $u1, $u2, true );
-               friends_add_friend( $u1, $u3, true );
-
-               $q = new BP_User_Query( array(
-                       'user_id' => $u1,
-
-                       // Represents an independent filter passed by a plugin
-                       // u4 is not a friend of u1 and should not be returned
-                       'include' => array( $u2, $u4 ),
-               ) );
-
-               $friends = is_array( $q->results ) ? array_values( $q->results ) : array();
-               $friend_ids = wp_list_pluck( $friends, 'ID' );
-               $this->assertEquals( $friend_ids, array( $u2 ) );
-       }
-
-       public function test_bp_user_query_friends_with_include_but_zero_friends() {
-               $u1 = $this->create_user();
-               $u2 = $this->create_user();
-               $u3 = $this->create_user();
-               $u4 = $this->create_user();
-
-               $q = new BP_User_Query( array(
-                       'user_id' => $u1,
-
-                       // Represents an independent filter passed by a plugin
-                       // u4 is not a friend of u1 and should not be returned
-                       'include' => array( $u2, $u4 ),
-               ) );
-
-               $friends = is_array( $q->results ) ? array_values( $q->results ) : array();
-               $friend_ids = wp_list_pluck( $friends, 'ID' );
-               $this->assertEquals( $friend_ids, array() );
-       }
-
-       public function test_bp_user_query_sort_by_popular() {
-               $u1 = $this->create_user();
-               $u2 = $this->create_user();
-               $u3 = $this->create_user();
-               $u4 = $this->create_user();
-
-               bp_update_user_meta( $u1, bp_get_user_meta_key( 'total_friend_count' ), '5' );
-               bp_update_user_meta( $u2, bp_get_user_meta_key( 'total_friend_count' ), '90' );
-               bp_update_user_meta( $u3, bp_get_user_meta_key( 'total_friend_count' ), '101' );
-               bp_update_user_meta( $u4, bp_get_user_meta_key( 'total_friend_count' ), '3002' );
-
-               $q = new BP_User_Query( array(
-                       'type' => 'popular',
-               ) );
-
-               $users = is_array( $q->results ) ? array_values( $q->results ) : array();
-               $user_ids = wp_parse_id_list( wp_list_pluck( $users, 'ID' ) );
-
-               $expected = array( $u4, $u3, $u2, $u1 );
-               $this->assertEquals( $expected, $user_ids );
-       }
-
-       public function test_bp_user_query_search_with_apostrophe() {
-               // Apostrophe. Search_terms must escaped to mimic POST payload
-               $user_id = $this->create_user();
-               xprofile_set_field_data( 1, $user_id, "Foo'Bar" );
-               $q = new BP_User_Query( array( 'search_terms' => "oo\'Ba", ) );
-
-               $found_user_id = null;
-               if ( ! empty( $q->results ) ) {
-                       $found_user = array_pop( $q->results );
-                       $found_user_id = $found_user->ID;
-               }
-
-               $this->assertEquals( $user_id, $found_user_id );
-       }
-
-       public function test_bp_user_query_search_with_percent_sign() {
-
-               // LIKE special character: %
-               $user_id = $this->create_user();
-               xprofile_set_field_data( 1, $user_id, "Foo%Bar" );
-               $q = new BP_User_Query( array( 'search_terms' => "oo%Bar", ) );
-
-               $found_user_id = null;
-               if ( ! empty( $q->results ) ) {
-                       $found_user = array_pop( $q->results );
-                       $found_user_id = $found_user->ID;
-               }
-
-               $this->assertEquals( $user_id, $found_user_id );
-
-       }
-
-       public function test_bp_user_query_search_with_underscore() {
-
-               // LIKE special character: _
-               $user_id = $this->create_user();
-               xprofile_set_field_data( 1, $user_id, "Foo_Bar" );
-               $q = new BP_User_Query( array( 'search_terms' => "oo_Bar", ) );
-
-               $found_user_id = null;
-               if ( ! empty( $q->results ) ) {
-                       $found_user = array_pop( $q->results );
-                       $found_user_id = $found_user->ID;
-               }
-
-               $this->assertEquals( $user_id, $found_user_id );
-
-       }
-
-}
</del></span></pre>
</div>
</div>

</body>
</html>