fix phpcs and sanitizing bugs
Some checks are pending
PHP_CodeSniffer / phpcs (push) Waiting to run
Unit Testing / phpunit (5.6, 6.2) (push) Waiting to run
Unit Testing / phpunit (7.0) (push) Waiting to run
Unit Testing / phpunit (7.2) (push) Waiting to run
Unit Testing / phpunit (7.3) (push) Waiting to run
Unit Testing / phpunit (7.4) (push) Waiting to run
Unit Testing / phpunit (8.0) (push) Waiting to run
Unit Testing / phpunit (8.1) (push) Waiting to run
Unit Testing / phpunit (8.2) (push) Waiting to run
Unit Testing / phpunit (latest) (push) Waiting to run

This commit is contained in:
André Menrath 2023-12-26 15:55:14 +01:00
parent 16a1745735
commit 7d853dfec9
2 changed files with 7 additions and 5 deletions

View file

@ -30,10 +30,10 @@ class Follow_Requests {
public static function get_follow_requests_for_user( $user_id, $per_page, $page_num, $args ) { public static function get_follow_requests_for_user( $user_id, $per_page, $page_num, $args ) {
$order = isset( $args['order'] ) && strtolower( $args['order'] ) === 'asc' ? 'ASC' : 'DESC'; $order = isset( $args['order'] ) && strtolower( $args['order'] ) === 'asc' ? 'ASC' : 'DESC';
$orderby = isset( $args['orderby'] ) ? sanitize_text_field( $args['orderby'] ) : 'published'; $orderby = isset( $args['orderby'] ) ? sanitize_text_field( $args['orderby'] ) : 'published';
$search = isset( $args['s'] ) ? sanitize_text_field( $args['s'] ) : ''; $search = isset( $args['s'] ) ? sanitize_text_field( $args['s'] ) : '';
$offset = (int) $per_page * ( (int) $page_num - 1 ); $offset = (int) $per_page * ( (int) $page_num - 1 );
global $wpdb; global $wpdb;
$follow_requests = $wpdb->get_results( $follow_requests = $wpdb->get_results(
$wpdb->prepare( $wpdb->prepare(
@ -42,16 +42,18 @@ class Follow_Requests {
LEFT JOIN {$wpdb->posts} AS follower ON follow_request.post_parent = follower.ID LEFT JOIN {$wpdb->posts} AS follower ON follow_request.post_parent = follower.ID
LEFT JOIN {$wpdb->postmeta} AS meta ON follow_request.ID = meta.post_id LEFT JOIN {$wpdb->postmeta} AS meta ON follow_request.ID = meta.post_id
WHERE follow_request.post_type = 'ap_follow_request' WHERE follow_request.post_type = 'ap_follow_request'
AND (follower.post_title LIKE '%{$wpdb->esc_like( $search )}%' OR follower.guid LIKE '%{$wpdb->esc_like( $search )}%') AND (follower.post_title LIKE %s OR follower.guid LIKE %s)
AND meta.meta_key = 'activitypub_user_id' AND meta.meta_key = 'activitypub_user_id'
AND meta.meta_value = %s AND meta.meta_value = %s
ORDER BY %s %s ORDER BY %s %s
LIMIT %d OFFSET %d", LIMIT %d OFFSET %d",
'%' . $wpdb->esc_like( $search ) . '%',
'%' . $wpdb->esc_like( $search ) . '%',
$user_id, $user_id,
$orderby, $orderby,
$order, $order,
$per_page, $per_page,
$offset, $offset
) )
); );
$current_total_items = $wpdb->get_var( 'SELECT FOUND_ROWS()' ); $current_total_items = $wpdb->get_var( 'SELECT FOUND_ROWS()' );

View file

@ -182,7 +182,7 @@ class Follow_Requests extends WP_List_Table {
global $_REQUEST; global $_REQUEST;
$follow_action = isset( $_REQUEST['follow_action'] ) ? sanitize_title( wp_unslash( $_REQUEST['follow_action'] ) ) : null; $follow_action = isset( $_REQUEST['follow_action'] ) ? sanitize_title( wp_unslash( $_REQUEST['follow_action'] ) ) : null;
$follow_request_id = isset( $_REQUEST['follow_request'] ) ? (int) $_REQUEST['follow_request'] : null; $follow_request_id = isset( $_REQUEST['follow_request'] ) ? (int) $_REQUEST['follow_request'] : null;
$wp_nonce = isset( $_REQUEST['_wpnonce'] ) ? (string) $_REQUEST['_wpnonce'] : null; $wp_nonce = isset( $_REQUEST['_wpnonce'] ) ? sanitize_title( wp_unslash( $_REQUEST['_wpnonce'] ) ) : null;
if ( ! $follow_action || ! $follow_request_id || ! $wp_nonce ) { if ( ! $follow_action || ! $follow_request_id || ! $wp_nonce ) {
return; return;
} }