fix phpcs and sanitizing bugs
Some checks are pending
PHP_CodeSniffer / phpcs (push) Waiting to run
Unit Testing / phpunit (5.6, 6.2) (push) Waiting to run
Unit Testing / phpunit (7.0) (push) Waiting to run
Unit Testing / phpunit (7.2) (push) Waiting to run
Unit Testing / phpunit (7.3) (push) Waiting to run
Unit Testing / phpunit (7.4) (push) Waiting to run
Unit Testing / phpunit (8.0) (push) Waiting to run
Unit Testing / phpunit (8.1) (push) Waiting to run
Unit Testing / phpunit (8.2) (push) Waiting to run
Unit Testing / phpunit (latest) (push) Waiting to run

This commit is contained in:
André Menrath 2023-12-26 15:55:14 +01:00
parent 16a1745735
commit 7d853dfec9
2 changed files with 7 additions and 5 deletions

View file

@ -42,16 +42,18 @@ class Follow_Requests {
LEFT JOIN {$wpdb->posts} AS follower ON follow_request.post_parent = follower.ID LEFT JOIN {$wpdb->posts} AS follower ON follow_request.post_parent = follower.ID
LEFT JOIN {$wpdb->postmeta} AS meta ON follow_request.ID = meta.post_id LEFT JOIN {$wpdb->postmeta} AS meta ON follow_request.ID = meta.post_id
WHERE follow_request.post_type = 'ap_follow_request' WHERE follow_request.post_type = 'ap_follow_request'
AND (follower.post_title LIKE '%{$wpdb->esc_like( $search )}%' OR follower.guid LIKE '%{$wpdb->esc_like( $search )}%') AND (follower.post_title LIKE %s OR follower.guid LIKE %s)
AND meta.meta_key = 'activitypub_user_id' AND meta.meta_key = 'activitypub_user_id'
AND meta.meta_value = %s AND meta.meta_value = %s
ORDER BY %s %s ORDER BY %s %s
LIMIT %d OFFSET %d", LIMIT %d OFFSET %d",
'%' . $wpdb->esc_like( $search ) . '%',
'%' . $wpdb->esc_like( $search ) . '%',
$user_id, $user_id,
$orderby, $orderby,
$order, $order,
$per_page, $per_page,
$offset, $offset
) )
); );
$current_total_items = $wpdb->get_var( 'SELECT FOUND_ROWS()' ); $current_total_items = $wpdb->get_var( 'SELECT FOUND_ROWS()' );

View file

@ -182,7 +182,7 @@ class Follow_Requests extends WP_List_Table {
global $_REQUEST; global $_REQUEST;
$follow_action = isset( $_REQUEST['follow_action'] ) ? sanitize_title( wp_unslash( $_REQUEST['follow_action'] ) ) : null; $follow_action = isset( $_REQUEST['follow_action'] ) ? sanitize_title( wp_unslash( $_REQUEST['follow_action'] ) ) : null;
$follow_request_id = isset( $_REQUEST['follow_request'] ) ? (int) $_REQUEST['follow_request'] : null; $follow_request_id = isset( $_REQUEST['follow_request'] ) ? (int) $_REQUEST['follow_request'] : null;
$wp_nonce = isset( $_REQUEST['_wpnonce'] ) ? (string) $_REQUEST['_wpnonce'] : null; $wp_nonce = isset( $_REQUEST['_wpnonce'] ) ? sanitize_title( wp_unslash( $_REQUEST['_wpnonce'] ) ) : null;
if ( ! $follow_action || ! $follow_request_id || ! $wp_nonce ) { if ( ! $follow_action || ! $follow_request_id || ! $wp_nonce ) {
return; return;
} }