[buddypress-trac] [BuddyPress Trac] #9017: `BP_Activity_Query::get_sql_for_clause()` can wrongly use `$wpdb->prepare()`
buddypress-trac
noreply at wordpress.org
Sat Nov 4 13:56:26 UTC 2023
#9017: `BP_Activity_Query::get_sql_for_clause()` can wrongly use
`$wpdb->prepare()`
--------------------------+-------------------------
Reporter: imath | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 12.0.0
Component: Activity | Version:
Severity: normal | Keywords: needs-patch
--------------------------+-------------------------
I wasn't able to find which part of the code is trying to query activities
comparing `hide_sitewide` to `[ 0, 1 ]`, but this is causing a doing it
wrong notice with `$wpdb->prepare()`.
To avoid it, I believe we simply need to make sure the placeholder used
with `$wpdb->prepare()` is an integer as expected.
I'll suggest a PR asap.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/9017>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list