Skip to:
Content

bbPress.org


Ignore:
Timestamp:
12/28/2016 04:24:52 AM (9 years ago)
Author:
johnjamesjacoby
Message:

Audit direct query and prepare() usages, and more tightly adhere to best practices.

  • No quotes around directives
  • Avoid concatenation, prefer variable parsing in double-quoted strings
  • Covers converters, helper functions, and tools
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/includes/common/functions.php

    r6141 r6191  
    17581758        $post_status = "'" . implode( "', '", $post_status ) . "'";
    17591759        $bbp_db      = bbp_db();
    1760         $query       = $bbp_db->prepare( "SELECT ID FROM {$bbp_db->posts} WHERE post_parent = %d AND post_status IN ( {$post_status} ) AND post_type = '%s' ORDER BY ID DESC;", $parent_id, $post_type );
     1760        $query       = $bbp_db->prepare( "SELECT ID FROM {$bbp_db->posts} WHERE post_parent = %d AND post_status IN ( {$post_status} ) AND post_type = %s ORDER BY ID DESC", $parent_id, $post_type );
    17611761        $child_ids   = (array) $bbp_db->get_col( $query );
    17621762
Note: See TracChangeset for help on using the changeset viewer.