bbPress - Version 2.2.4

Version Description

  • Prepare converter queries
  • Improve validation and sanitization of form values
Download this release

Release Info

Developer johnjamesjacoby
Plugin Icon 128x128 bbPress
Version 2.2.4
Comparing to
See all releases

Code changes from version 2.2.3 to 2.2.4

Files changed (5) hide show
  1. bbpress.php +4 -4
  2. includes/admin/converter.php +22 -22
  3. includes/topics/template-tags.php +8 -6
  4. includes/users/functions.php +1 -1
  5. readme.txt +5 -1
bbpress.php CHANGED
@@ -5,7 +5,7 @@
5
  *
6
  * bbPress is forum software with a twist from the creators of WordPress.
7
  *
8
- * $Id: bbpress.php 4567 2012-12-11 09:20:41Z johnjamesjacoby $
9
  *
10
  * @package bbPress
11
  * @subpackage Main
@@ -17,7 +17,7 @@
17
  * Description: bbPress is forum software with a twist from the creators of WordPress.
18
  * Author: The bbPress Community
19
  * Author URI: http://bbpress.org
20
- * Version: 2.2.3
21
  * Text Domain: bbpress
22
  * Domain Path: /languages/
23
  */
@@ -180,8 +180,8 @@ final class bbPress {
180
 
181
  /** Versions **********************************************************/
182
 
183
- $this->version = '2.2.3';
184
- $this->db_version = '223';
185
 
186
  /** Paths *************************************************************/
187
 
5
  *
6
  * bbPress is forum software with a twist from the creators of WordPress.
7
  *
8
+ * $Id: bbpress.php 4711 2013-01-24 16:57:02Z johnjamesjacoby $
9
  *
10
  * @package bbPress
11
  * @subpackage Main
17
  * Description: bbPress is forum software with a twist from the creators of WordPress.
18
  * Author: The bbPress Community
19
  * Author URI: http://bbpress.org
20
+ * Version: 2.2.4
21
  * Text Domain: bbpress
22
  * Domain Path: /languages/
23
  */
180
 
181
  /** Versions **********************************************************/
182
 
183
+ $this->version = '2.2.4';
184
+ $this->db_version = '224';
185
 
186
  /** Paths *************************************************************/
187
 
includes/admin/converter.php CHANGED
@@ -977,9 +977,9 @@ abstract class BBP_Converter_Base {
977
  $has_update = false;
978
 
979
  if ( !empty( $this->sync_table ) )
980
- $query = 'SELECT value_id, meta_value FROM ' . $this->sync_table_name . ' WHERE meta_key = "_bbp_forum_parent_id" AND meta_value > 0 LIMIT ' . $start . ', ' . $this->max_rows;
981
  else
982
- $query = 'SELECT post_id AS value_id, meta_value FROM ' . $this->wpdb->postmeta . ' WHERE meta_key = "_bbp_forum_parent_id" AND meta_value > 0 LIMIT ' . $start . ', ' . $this->max_rows;
983
 
984
  update_option( '_bbp_converter_query', $query );
985
 
@@ -987,7 +987,7 @@ abstract class BBP_Converter_Base {
987
 
988
  foreach ( (array) $forum_array as $row ) {
989
  $parent_id = $this->callback_forumid( $row->meta_value );
990
- $this->wpdb->query( 'UPDATE ' . $this->wpdb->posts . ' SET post_parent = "' . $parent_id . '" WHERE ID = "' . $row->value_id . '" LIMIT 1' );
991
  $has_update = true;
992
  }
993
 
@@ -1005,9 +1005,9 @@ abstract class BBP_Converter_Base {
1005
  /** Delete bbconverter topics/forums/posts ****************************/
1006
 
1007
  if ( true === $this->sync_table )
1008
- $query = 'SELECT value_id FROM ' . $this->sync_table_name . ' INNER JOIN ' . $this->wpdb->posts . ' ON(value_id = ID) WHERE meta_key LIKE "_bbp_%" AND value_type = "post" GROUP BY value_id ORDER BY value_id DESC LIMIT ' . $this->max_rows;
1009
  else
1010
- $query = 'SELECT post_id AS value_id FROM ' . $this->wpdb->postmeta . ' WHERE meta_key LIKE "_bbp_%" GROUP BY post_id ORDER BY post_id DESC LIMIT ' . $this->max_rows;
1011
 
1012
  update_option( '_bbp_converter_query', $query );
1013
 
@@ -1023,9 +1023,9 @@ abstract class BBP_Converter_Base {
1023
  /** Delete bbconverter users ******************************************/
1024
 
1025
  if ( true === $this->sync_table )
1026
- $query = 'SELECT value_id FROM ' . $this->sync_table_name . ' INNER JOIN ' . $this->wpdb->users . ' ON(value_id = ID) WHERE meta_key = "_bbp_user_id" AND value_type = "user" LIMIT ' . $this->max_rows;
1027
  else
1028
- $query = 'SELECT user_id AS value_id FROM ' . $this->wpdb->usermeta . ' WHERE meta_key = "_bbp_user_id" LIMIT ' . $this->max_rows;
1029
 
1030
  update_option( '_bbp_converter_query', $query );
1031
 
@@ -1055,7 +1055,7 @@ abstract class BBP_Converter_Base {
1055
 
1056
  /** Delete bbconverter passwords **************************************/
1057
 
1058
- $query = 'SELECT user_id, meta_value FROM ' . $this->wpdb->usermeta . ' WHERE meta_key = "_bbp_password" LIMIT ' . $start . ', ' . $this->max_rows;
1059
  update_option( '_bbp_converter_query', $query );
1060
 
1061
  $bbconverter = $this->wpdb->get_results( $query, ARRAY_A );
@@ -1064,10 +1064,10 @@ abstract class BBP_Converter_Base {
1064
 
1065
  foreach ( $bbconverter as $value ) {
1066
  if ( is_serialized( $value['meta_value'] ) ) {
1067
- $this->wpdb->query( 'UPDATE ' . $this->wpdb->users . ' ' . 'SET user_pass = "" ' . 'WHERE ID = "' . $value['user_id'] . '"' );
1068
  } else {
1069
- $this->wpdb->query( 'UPDATE ' . $this->wpdb->users . ' ' . 'SET user_pass = "' . $value['meta_value'] . '" ' . 'WHERE ID = "' . $value['user_id'] . '"' );
1070
- $this->wpdb->query( 'DELETE FROM ' . $this->wpdb->usermeta . ' WHERE meta_key = "_bbp_password" AND user_id = "' . $value['user_id'] . '"' );
1071
  }
1072
  }
1073
  $has_delete = true;
@@ -1119,14 +1119,14 @@ abstract class BBP_Converter_Base {
1119
  * @param string $password
1120
  */
1121
  public function callback_pass( $username, $password ) {
1122
- $user = $this->wpdb->get_row( 'SELECT * FROM ' . $this->wpdb->users . ' WHERE user_login = "' . $username . '" AND user_pass = "" LIMIT 1' );
1123
  if ( !empty( $user ) ) {
1124
- $usermeta = $this->wpdb->get_row( 'SELECT * FROM ' . $this->wpdb->usermeta . ' WHERE meta_key = "_bbp_password" AND user_id = "' . $user->ID . '" LIMIT 1' );
1125
 
1126
  if ( !empty( $usermeta ) ) {
1127
  if ( $this->authenticate_pass( $password, $usermeta->meta_value ) ) {
1128
- $this->wpdb->query( 'UPDATE ' . $this->wpdb->users . ' ' . 'SET user_pass = "' . wp_hash_password( $password ) . '" ' . 'WHERE ID = "' . $user->ID . '"' );
1129
- $this->wpdb->query( 'DELETE FROM ' . $this->wpdb->usermeta . ' WHERE meta_key = "_bbp_password" AND user_id = "' . $user->ID . '"' );
1130
  }
1131
  }
1132
  }
@@ -1141,9 +1141,9 @@ abstract class BBP_Converter_Base {
1141
  private function callback_forumid( $field ) {
1142
  if ( !isset( $this->map_forumid[$field] ) ) {
1143
  if ( !empty( $this->sync_table ) ) {
1144
- $row = $this->wpdb->get_row( 'SELECT value_id, meta_value FROM ' . $this->sync_table_name . ' WHERE meta_key = "_bbp_forum_id" AND meta_value = "' . $field . '" LIMIT 1' );
1145
  } else {
1146
- $row = $this->wpdb->get_row( 'SELECT post_id AS value_id FROM ' . $this->wpdb->postmeta . ' WHERE meta_key = "_bbp_forum_id" AND meta_value = "' . $field . '" LIMIT 1' );
1147
  }
1148
 
1149
  if ( !is_null( $row ) ) {
@@ -1164,9 +1164,9 @@ abstract class BBP_Converter_Base {
1164
  private function callback_topicid( $field ) {
1165
  if ( !isset( $this->map_topicid[$field] ) ) {
1166
  if ( !empty( $this->sync_table ) ) {
1167
- $row = $this->wpdb->get_row( 'SELECT value_id, meta_value FROM ' . $this->sync_table_name . ' WHERE meta_key = "_bbp_old_topic_id" AND meta_value = "' . $field . '" LIMIT 1' );
1168
  } else {
1169
- $row = $this->wpdb->get_row( 'SELECT post_id AS value_id FROM ' . $this->wpdb->postmeta . ' WHERE meta_key = "_bbp_old_topic_id" AND meta_value = "' . $field . '" LIMIT 1' );
1170
  }
1171
 
1172
  if ( !is_null( $row ) ) {
@@ -1187,9 +1187,9 @@ abstract class BBP_Converter_Base {
1187
  private function callback_userid( $field ) {
1188
  if ( !isset( $this->map_userid[$field] ) ) {
1189
  if ( !empty( $this->sync_table ) ) {
1190
- $row = $this->wpdb->get_row( 'SELECT value_id, meta_value FROM ' . $this->sync_table_name . ' WHERE meta_key = "_bbp_user_id" AND meta_value = "' . $field . '" LIMIT 1' );
1191
  } else {
1192
- $row = $this->wpdb->get_row( 'SELECT user_id AS value_id FROM ' . $this->wpdb->usermeta . ' WHERE meta_key = "_bbp_user_id" AND meta_value = "' . $field . '" LIMIT 1' );
1193
  }
1194
 
1195
  if ( !is_null( $row ) ) {
@@ -1216,7 +1216,7 @@ abstract class BBP_Converter_Base {
1216
  if ( empty( $topicid ) ) {
1217
  $this->map_topicid_to_forumid[$topicid] = 0;
1218
  } elseif ( ! isset( $this->map_topicid_to_forumid[$topicid] ) ) {
1219
- $row = $this->wpdb->get_row( 'SELECT post_parent FROM ' . $this->wpdb->posts . ' WHERE ID = "' . $topicid . '" LIMIT 1' );
1220
 
1221
  if ( !is_null( $row ) ) {
1222
  $this->map_topicid_to_forumid[$topicid] = $row->post_parent;
977
  $has_update = false;
978
 
979
  if ( !empty( $this->sync_table ) )
980
+ $query = $this->wpdb->prepare( "SELECT value_id, meta_value FROM {$this->sync_table_name} WHERE meta_key = '_bbp_forum_parent_id' AND meta_value > 0 LIMIT %d, %d", $start, $this->max_rows );
981
  else
982
+ $query = $this->wpdb->prepare( "SELECT post_id AS value_id, meta_value FROM {$this->wpdb->postmeta} WHERE meta_key = '_bbp_forum_parent_id' AND meta_value > 0 LIMIT %d, %d", $start, $this->max_rows );
983
 
984
  update_option( '_bbp_converter_query', $query );
985
 
987
 
988
  foreach ( (array) $forum_array as $row ) {
989
  $parent_id = $this->callback_forumid( $row->meta_value );
990
+ $this->wpdb->query( $this->wpdb->prepare( "UPDATE {$this->wpdb->posts} SET post_parent = '%d' WHERE ID = '%d' LIMIT 1", $parent_id, $row->value_id ) );
991
  $has_update = true;
992
  }
993
 
1005
  /** Delete bbconverter topics/forums/posts ****************************/
1006
 
1007
  if ( true === $this->sync_table )
1008
+ $query = $this->wpdb->prepare( 'SELECT value_id FROM ' . $this->sync_table_name . ' INNER JOIN ' . $this->wpdb->posts . ' ON(value_id = ID) WHERE meta_key LIKE "_bbp_%" AND value_type = "post" GROUP BY value_id ORDER BY value_id DESC LIMIT %d', $this->max_rows );
1009
  else
1010
+ $query = $this->wpdb->prepare( 'SELECT post_id AS value_id FROM ' . $this->wpdb->postmeta . ' WHERE meta_key LIKE "_bbp_%" GROUP BY post_id ORDER BY post_id DESC LIMIT %d', $this->max_rows );
1011
 
1012
  update_option( '_bbp_converter_query', $query );
1013
 
1023
  /** Delete bbconverter users ******************************************/
1024
 
1025
  if ( true === $this->sync_table )
1026
+ $query = $this->wpdb->prepare( 'SELECT value_id FROM ' . $this->sync_table_name . ' INNER JOIN ' . $this->wpdb->users . ' ON(value_id = ID) WHERE meta_key = "_bbp_user_id" AND value_type = "user" LIMIT %d', $this->max_rows );
1027
  else
1028
+ $query = $this->wpdb->prepare( 'SELECT user_id AS value_id FROM ' . $this->wpdb->usermeta . ' WHERE meta_key = "_bbp_user_id" LIMIT %d', $this->max_rows );
1029
 
1030
  update_option( '_bbp_converter_query', $query );
1031
 
1055
 
1056
  /** Delete bbconverter passwords **************************************/
1057
 
1058
+ $query = $this->wpdb->prepare( 'SELECT user_id, meta_value FROM ' . $this->wpdb->usermeta . ' WHERE meta_key = "_bbp_password" LIMIT %d, %d', $start, $this->max_rows );
1059
  update_option( '_bbp_converter_query', $query );
1060
 
1061
  $bbconverter = $this->wpdb->get_results( $query, ARRAY_A );
1064
 
1065
  foreach ( $bbconverter as $value ) {
1066
  if ( is_serialized( $value['meta_value'] ) ) {
1067
+ $this->wpdb->query( $this->wpdb->prepare( 'UPDATE ' . $this->wpdb->users . ' SET user_pass = "" WHERE ID = "%d"', $value['user_id'] ) );
1068
  } else {
1069
+ $this->wpdb->query( $this->wpdb->prepare( 'UPDATE ' . $this->wpdb->users . ' SET user_pass = "%s" WHERE ID = "%d"', $value['meta_value'], $value['user_id'] ) );
1070
+ $this->wpdb->query( $this->wpdb->prepare( 'DELETE FROM ' . $this->wpdb->usermeta . ' WHERE meta_key = "_bbp_password" AND user_id = "%d"', $value['user_id'] ) );
1071
  }
1072
  }
1073
  $has_delete = true;
1119
  * @param string $password
1120
  */
1121
  public function callback_pass( $username, $password ) {
1122
+ $user = $this->wpdb->get_row( $this->wpdb->prepare( 'SELECT * FROM ' . $this->wpdb->users . ' WHERE user_login = "%s" AND user_pass = "" LIMIT 1', $username ) );
1123
  if ( !empty( $user ) ) {
1124
+ $usermeta = $this->wpdb->get_row( $this->wpdb->prepare( 'SELECT * FROM ' . $this->wpdb->usermeta . ' WHERE meta_key = "_bbp_password" AND user_id = "%d" LIMIT 1', $user->ID ) );
1125
 
1126
  if ( !empty( $usermeta ) ) {
1127
  if ( $this->authenticate_pass( $password, $usermeta->meta_value ) ) {
1128
+ $this->wpdb->query( $this->wpdb->prepare( 'UPDATE ' . $this->wpdb->users . ' ' . 'SET user_pass = "%s" ' . 'WHERE ID = "%d"', wp_hash_password( $password ), $user->ID ) );
1129
+ $this->wpdb->query( $this->wpdb->prepare( 'DELETE FROM ' . $this->wpdb->usermeta . ' WHERE meta_key = "_bbp_password" AND user_id = "%d"', $user->ID ) );
1130
  }
1131
  }
1132
  }
1141
  private function callback_forumid( $field ) {
1142
  if ( !isset( $this->map_forumid[$field] ) ) {
1143
  if ( !empty( $this->sync_table ) ) {
1144
+ $row = $this->wpdb->get_row( $this->wpdb->prepare( 'SELECT value_id, meta_value FROM ' . $this->sync_table_name . ' WHERE meta_key = "_bbp_forum_id" AND meta_value = "%s" LIMIT 1', $field ) );
1145
  } else {
1146
+ $row = $this->wpdb->get_row( $this->wpdb->prepare( 'SELECT post_id AS value_id FROM ' . $this->wpdb->postmeta . ' WHERE meta_key = "_bbp_forum_id" AND meta_value = "%s" LIMIT 1', $field ) );
1147
  }
1148
 
1149
  if ( !is_null( $row ) ) {
1164
  private function callback_topicid( $field ) {
1165
  if ( !isset( $this->map_topicid[$field] ) ) {
1166
  if ( !empty( $this->sync_table ) ) {
1167
+ $row = $this->wpdb->get_row( $this->wpdb->prepare( 'SELECT value_id, meta_value FROM ' . $this->sync_table_name . ' WHERE meta_key = "_bbp_old_topic_id" AND meta_value = "%s" LIMIT 1', $field ) );
1168
  } else {
1169
+ $row = $this->wpdb->get_row( $this->wpdb->prepare( 'SELECT post_id AS value_id FROM ' . $this->wpdb->postmeta . ' WHERE meta_key = "_bbp_old_topic_id" AND meta_value = "%s" LIMIT 1', $field ) );
1170
  }
1171
 
1172
  if ( !is_null( $row ) ) {
1187
  private function callback_userid( $field ) {
1188
  if ( !isset( $this->map_userid[$field] ) ) {
1189
  if ( !empty( $this->sync_table ) ) {
1190
+ $row = $this->wpdb->get_row( $this->wpdb->prepare( 'SELECT value_id, meta_value FROM ' . $this->sync_table_name . ' WHERE meta_key = "_bbp_user_id" AND meta_value = "%s" LIMIT 1', $field ) );
1191
  } else {
1192
+ $row = $this->wpdb->get_row( $this->wpdb->prepare( 'SELECT user_id AS value_id FROM ' . $this->wpdb->usermeta . ' WHERE meta_key = "_bbp_user_id" AND meta_value = "%s" LIMIT 1', $field ) );
1193
  }
1194
 
1195
  if ( !is_null( $row ) ) {
1216
  if ( empty( $topicid ) ) {
1217
  $this->map_topicid_to_forumid[$topicid] = 0;
1218
  } elseif ( ! isset( $this->map_topicid_to_forumid[$topicid] ) ) {
1219
+ $row = $this->wpdb->get_row( $this->wpdb->prepare( 'SELECT post_parent FROM ' . $this->wpdb->posts . ' WHERE ID = "%d" LIMIT 1', $topicid ) );
1220
 
1221
  if ( !is_null( $row ) ) {
1222
  $this->map_topicid_to_forumid[$topicid] = $row->post_parent;
includes/topics/template-tags.php CHANGED
@@ -3452,7 +3452,7 @@ function bbp_form_topic_forum() {
3452
 
3453
  // Get _POST data
3454
  if ( 'post' == strtolower( $_SERVER['REQUEST_METHOD'] ) && isset( $_POST['bbp_forum_id'] ) )
3455
- $topic_forum = $_POST['bbp_forum_id'];
3456
 
3457
  // Get edit data
3458
  elseif ( bbp_is_topic_edit() )
@@ -3491,7 +3491,7 @@ function bbp_form_topic_subscribed() {
3491
 
3492
  // Get _POST data
3493
  if ( 'post' == strtolower( $_SERVER['REQUEST_METHOD'] ) && isset( $_POST['bbp_topic_subscription'] ) ) {
3494
- $topic_subscribed = $_POST['bbp_topic_subscription'];
3495
 
3496
  // Get edit data
3497
  } elseif ( bbp_is_topic_edit() || bbp_is_reply_edit() ) {
@@ -3514,7 +3514,7 @@ function bbp_form_topic_subscribed() {
3514
 
3515
  // No data
3516
  } else {
3517
- $topic_subscribed = 0;
3518
  }
3519
 
3520
  // Get checked output
@@ -3546,13 +3546,15 @@ function bbp_form_topic_log_edit() {
3546
 
3547
  // Get _POST data
3548
  if ( 'post' == strtolower( $_SERVER['REQUEST_METHOD'] ) && isset( $_POST['bbp_log_topic_edit'] ) )
3549
- $topic_revision = $_POST['bbp_log_topic_edit'];
3550
 
3551
  // No data
3552
  else
3553
- $topic_revision = 1;
3554
 
3555
- return apply_filters( 'bbp_get_form_topic_log_edit', checked( $topic_revision, true, false ) );
 
 
3556
  }
3557
 
3558
  /**
3452
 
3453
  // Get _POST data
3454
  if ( 'post' == strtolower( $_SERVER['REQUEST_METHOD'] ) && isset( $_POST['bbp_forum_id'] ) )
3455
+ $topic_forum = (int) $_POST['bbp_forum_id'];
3456
 
3457
  // Get edit data
3458
  elseif ( bbp_is_topic_edit() )
3491
 
3492
  // Get _POST data
3493
  if ( 'post' == strtolower( $_SERVER['REQUEST_METHOD'] ) && isset( $_POST['bbp_topic_subscription'] ) ) {
3494
+ $topic_subscribed = (bool) $_POST['bbp_topic_subscription'];
3495
 
3496
  // Get edit data
3497
  } elseif ( bbp_is_topic_edit() || bbp_is_reply_edit() ) {
3514
 
3515
  // No data
3516
  } else {
3517
+ $topic_subscribed = false;
3518
  }
3519
 
3520
  // Get checked output
3546
 
3547
  // Get _POST data
3548
  if ( 'post' == strtolower( $_SERVER['REQUEST_METHOD'] ) && isset( $_POST['bbp_log_topic_edit'] ) )
3549
+ $topic_revision = (bool) $_POST['bbp_log_topic_edit'];
3550
 
3551
  // No data
3552
  else
3553
+ $topic_revision = false;
3554
 
3555
+ $checked = checked( $topic_revision, true, false );
3556
+
3557
+ return apply_filters( 'bbp_get_form_topic_log_edit', $checked, $topic_revision );
3558
  }
3559
 
3560
  /**
includes/users/functions.php CHANGED
@@ -1137,7 +1137,7 @@ function bbp_user_maybe_convert_pass() {
1137
  global $wpdb;
1138
 
1139
  // Bail if no user password to convert
1140
- $row = $wpdb->get_row( "SELECT * FROM {$wpdb->users} INNER JOIN {$wpdb->usermeta} ON user_id = ID WHERE meta_key = '_bbp_class' AND user_login = '{$username}' LIMIT 1" );
1141
  if ( empty( $row ) || is_wp_error( $row ) )
1142
  return;
1143
 
1137
  global $wpdb;
1138
 
1139
  // Bail if no user password to convert
1140
+ $row = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->users} INNER JOIN {$wpdb->usermeta} ON user_id = ID WHERE meta_key = '_bbp_class' AND user_login = '%s' LIMIT 1", $username ) );
1141
  if ( empty( $row ) || is_wp_error( $row ) )
1142
  return;
1143
 
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: matt, johnjamesjacoby
3
  Tags: forums, discussion, support, theme, akismet, multisite
4
  Requires at least: 3.4
5
  Tested up to: 3.5
6
- Stable tag: 2.2.3
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
@@ -26,6 +26,10 @@ We're keeping things as small and light as possible while still allowing for gre
26
 
27
  == Changelog ==
28
 
 
 
 
 
29
  = 2.2.3 =
30
  * Improve compatibility with some themes
31
  * Fix integration with BuddyPress Group Forums
3
  Tags: forums, discussion, support, theme, akismet, multisite
4
  Requires at least: 3.4
5
  Tested up to: 3.5
6
+ Stable tag: 2.2.4
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
26
 
27
  == Changelog ==
28
 
29
+ = 2.2.4 =
30
+ * Prepare converter queries
31
+ * Improve validation and sanitization of form values
32
+
33
  = 2.2.3 =
34
  * Improve compatibility with some themes
35
  * Fix integration with BuddyPress Group Forums