Skip to:
Content

bbPress.org

Changeset 6665


Ignore:
Timestamp:
08/20/2017 11:22:09 PM (7 years ago)
Author:
johnjamesjacoby
Message:

Converter: use esc_like() to avoid debug notice when cleaning users.

This change runs the _bbp_ meta_key prefix through esc_like(), ensuring that the subsequent prepare() call has a value passed into it.

Trunk, for 2.6.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/includes/admin/classes/class-bbp-converter-base.php

    r6638 r6665  
    821821        $query = ! empty( $this->sync_table )
    822822            ? $this->wpdb->prepare( "SELECT value_id FROM {$this->sync_table_name} INNER JOIN {$this->wpdb->posts} ON(value_id = ID) WHERE meta_key LIKE '_bbp_%' AND value_type = %s GROUP BY value_id ORDER BY value_id DESC LIMIT {$this->max_rows}", 'post' )
    823             : $this->wpdb->prepare( "SELECT post_id AS value_id FROM {$this->wpdb->postmeta} WHERE meta_key LIKE '_bbp_%' GROUP BY post_id ORDER BY post_id DESC LIMIT {$this->max_rows}" );
     823            : $this->wpdb->prepare( "SELECT post_id AS value_id FROM {$this->wpdb->postmeta} WHERE meta_key LIKE %s GROUP BY post_id ORDER BY post_id DESC LIMIT {$this->max_rows}", $this->wpdb->esc_like( '_bbp_' ) . '%' );
    824824
    825825        $posts = $this->get_results( $query, ARRAY_A );
Note: See TracChangeset for help on using the changeset viewer.