Skip to:
Content

bbPress.org


Ignore:
Timestamp:
12/28/2016 04:24:52 AM (9 years ago)
Author:
johnjamesjacoby
Message:

Audit direct query and prepare() usages, and more tightly adhere to best practices.

  • No quotes around directives
  • Avoid concatenation, prefer variable parsing in double-quoted strings
  • Covers converters, helper functions, and tools
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/includes/topics/functions.php

    r6146 r6191  
    27952795        $post_status = "'" . implode( "','", $statuses ) . "'";
    27962796        $bbp_db      = bbp_db();
    2797         $query       = $bbp_db->prepare( "SELECT COUNT(ID) FROM {$bbp_db->posts} WHERE post_parent = %d AND post_status IN ( {$post_status} ) AND post_type = '%s';", $topic_id, bbp_get_reply_post_type() );
     2797        $query       = $bbp_db->prepare( "SELECT COUNT(ID) FROM {$bbp_db->posts} WHERE post_parent = %d AND post_status IN ( {$post_status} ) AND post_type = %s", $topic_id, bbp_get_reply_post_type() );
    27982798        $reply_count = $bbp_db->get_var( $query );
    27992799    }
     
    29702970    // Query the DB to get voices in this topic
    29712971    $bbp_db = bbp_db();
    2972     $query  = $bbp_db->prepare( "SELECT COUNT( DISTINCT post_author ) FROM {$bbp_db->posts} WHERE ( post_parent = %d AND post_status = '%s' AND post_type = '%s' ) OR ( ID = %d AND post_type = '%s' );", $topic_id, bbp_get_public_status_id(), bbp_get_reply_post_type(), $topic_id, bbp_get_topic_post_type() );
     2972    $query  = $bbp_db->prepare( "SELECT COUNT( DISTINCT post_author ) FROM {$bbp_db->posts} WHERE ( post_parent = %d AND post_status = %s AND post_type = %s ) OR ( ID = %d AND post_type = %s )", $topic_id, bbp_get_public_status_id(), bbp_get_reply_post_type(), $topic_id, bbp_get_topic_post_type() );
    29732973    $voices = (int) $bbp_db->get_var( $query );
    29742974
     
    30113011    // Query the DB to get anonymous replies in this topic
    30123012    $bbp_db  = bbp_db();
    3013     $query   = $bbp_db->prepare( "SELECT COUNT( ID ) FROM {$bbp_db->posts} WHERE ( post_parent = %d AND post_status = '%s' AND post_type = '%s' AND post_author = 0 ) OR ( ID = %d AND post_type = '%s' AND post_author = 0 );", $topic_id, bbp_get_public_status_id(), bbp_get_reply_post_type(), $topic_id, bbp_get_topic_post_type() );
     3013    $query   = $bbp_db->prepare( "SELECT COUNT( ID ) FROM {$bbp_db->posts} WHERE ( post_parent = %d AND post_status = %s AND post_type = %s AND post_author = 0 ) OR ( ID = %d AND post_type = %s AND post_author = 0 )", $topic_id, bbp_get_public_status_id(), bbp_get_reply_post_type(), $topic_id, bbp_get_topic_post_type() );
    30143014    $replies = (int) $bbp_db->get_var( $query );
    30153015
Note: See TracChangeset for help on using the changeset viewer.