fix phpcs and sanitizing bugs
Some checks are pending
PHP_CodeSniffer / phpcs (push) Waiting to run
Unit Testing / phpunit (5.6, 6.2) (push) Waiting to run
Unit Testing / phpunit (7.0) (push) Waiting to run
Unit Testing / phpunit (7.2) (push) Waiting to run
Unit Testing / phpunit (7.3) (push) Waiting to run
Unit Testing / phpunit (7.4) (push) Waiting to run
Unit Testing / phpunit (8.0) (push) Waiting to run
Unit Testing / phpunit (8.1) (push) Waiting to run
Unit Testing / phpunit (8.2) (push) Waiting to run
Unit Testing / phpunit (latest) (push) Waiting to run
Some checks are pending
PHP_CodeSniffer / phpcs (push) Waiting to run
Unit Testing / phpunit (5.6, 6.2) (push) Waiting to run
Unit Testing / phpunit (7.0) (push) Waiting to run
Unit Testing / phpunit (7.2) (push) Waiting to run
Unit Testing / phpunit (7.3) (push) Waiting to run
Unit Testing / phpunit (7.4) (push) Waiting to run
Unit Testing / phpunit (8.0) (push) Waiting to run
Unit Testing / phpunit (8.1) (push) Waiting to run
Unit Testing / phpunit (8.2) (push) Waiting to run
Unit Testing / phpunit (latest) (push) Waiting to run
This commit is contained in:
parent
16a1745735
commit
7d853dfec9
2 changed files with 7 additions and 5 deletions
|
@ -30,10 +30,10 @@ class Follow_Requests {
|
||||||
public static function get_follow_requests_for_user( $user_id, $per_page, $page_num, $args ) {
|
public static function get_follow_requests_for_user( $user_id, $per_page, $page_num, $args ) {
|
||||||
$order = isset( $args['order'] ) && strtolower( $args['order'] ) === 'asc' ? 'ASC' : 'DESC';
|
$order = isset( $args['order'] ) && strtolower( $args['order'] ) === 'asc' ? 'ASC' : 'DESC';
|
||||||
$orderby = isset( $args['orderby'] ) ? sanitize_text_field( $args['orderby'] ) : 'published';
|
$orderby = isset( $args['orderby'] ) ? sanitize_text_field( $args['orderby'] ) : 'published';
|
||||||
$search = isset( $args['s'] ) ? sanitize_text_field( $args['s'] ) : '';
|
$search = isset( $args['s'] ) ? sanitize_text_field( $args['s'] ) : '';
|
||||||
|
|
||||||
$offset = (int) $per_page * ( (int) $page_num - 1 );
|
$offset = (int) $per_page * ( (int) $page_num - 1 );
|
||||||
|
|
||||||
global $wpdb;
|
global $wpdb;
|
||||||
$follow_requests = $wpdb->get_results(
|
$follow_requests = $wpdb->get_results(
|
||||||
$wpdb->prepare(
|
$wpdb->prepare(
|
||||||
|
@ -42,16 +42,18 @@ class Follow_Requests {
|
||||||
LEFT JOIN {$wpdb->posts} AS follower ON follow_request.post_parent = follower.ID
|
LEFT JOIN {$wpdb->posts} AS follower ON follow_request.post_parent = follower.ID
|
||||||
LEFT JOIN {$wpdb->postmeta} AS meta ON follow_request.ID = meta.post_id
|
LEFT JOIN {$wpdb->postmeta} AS meta ON follow_request.ID = meta.post_id
|
||||||
WHERE follow_request.post_type = 'ap_follow_request'
|
WHERE follow_request.post_type = 'ap_follow_request'
|
||||||
AND (follower.post_title LIKE '%{$wpdb->esc_like( $search )}%' OR follower.guid LIKE '%{$wpdb->esc_like( $search )}%')
|
AND (follower.post_title LIKE %s OR follower.guid LIKE %s)
|
||||||
AND meta.meta_key = 'activitypub_user_id'
|
AND meta.meta_key = 'activitypub_user_id'
|
||||||
AND meta.meta_value = %s
|
AND meta.meta_value = %s
|
||||||
ORDER BY %s %s
|
ORDER BY %s %s
|
||||||
LIMIT %d OFFSET %d",
|
LIMIT %d OFFSET %d",
|
||||||
|
'%' . $wpdb->esc_like( $search ) . '%',
|
||||||
|
'%' . $wpdb->esc_like( $search ) . '%',
|
||||||
$user_id,
|
$user_id,
|
||||||
$orderby,
|
$orderby,
|
||||||
$order,
|
$order,
|
||||||
$per_page,
|
$per_page,
|
||||||
$offset,
|
$offset
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
$current_total_items = $wpdb->get_var( 'SELECT FOUND_ROWS()' );
|
$current_total_items = $wpdb->get_var( 'SELECT FOUND_ROWS()' );
|
||||||
|
|
|
@ -182,7 +182,7 @@ class Follow_Requests extends WP_List_Table {
|
||||||
global $_REQUEST;
|
global $_REQUEST;
|
||||||
$follow_action = isset( $_REQUEST['follow_action'] ) ? sanitize_title( wp_unslash( $_REQUEST['follow_action'] ) ) : null;
|
$follow_action = isset( $_REQUEST['follow_action'] ) ? sanitize_title( wp_unslash( $_REQUEST['follow_action'] ) ) : null;
|
||||||
$follow_request_id = isset( $_REQUEST['follow_request'] ) ? (int) $_REQUEST['follow_request'] : null;
|
$follow_request_id = isset( $_REQUEST['follow_request'] ) ? (int) $_REQUEST['follow_request'] : null;
|
||||||
$wp_nonce = isset( $_REQUEST['_wpnonce'] ) ? (string) $_REQUEST['_wpnonce'] : null;
|
$wp_nonce = isset( $_REQUEST['_wpnonce'] ) ? sanitize_title( wp_unslash( $_REQUEST['_wpnonce'] ) ) : null;
|
||||||
if ( ! $follow_action || ! $follow_request_id || ! $wp_nonce ) {
|
if ( ! $follow_action || ! $follow_request_id || ! $wp_nonce ) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue