[buddypress-trac] [BuddyPress Trac] #5919: Xprofile field meta values not deleted with field

buddypress-trac noreply at wordpress.org
Mon Oct 6 21:41:59 UTC 2014

#5919: Xprofile field meta values not deleted with field
 Reporter:  tometzky      |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  high          |   Milestone:  2.2
Component:  XProfile      |     Version:  2.1
 Severity:  major         |  Resolution:
 Keywords:  needs-patch   |

Comment (by boonebgorges):

 > This regular expression is too write only for me.

 Yes, it's a bit opaque. The idea is to find all instances of quoted text,
 because that's where all input from outside the system will appear. That
 regex is actually pretty simple: `/'(.*+)'/` or something like that. The
 problem is that this quoted text might contain escaped quotes (`...WHERE
 meta_value = 'I said \'hello\' to him'...`). The extra complexity in the
 regular expression is to account for this. I've borrowed it from

 > And it assumes that there's only one quoted text, which I'm not
 convinced that it is.

 No, this accounts for all quoted text. See the use of `preg_match_all()`.

 > I'd rather use some random placeholder like uniqid('__QUOTE__').

 I believe this is unnecessary. The only important thing about the
 placeholder text is that it not match any of the substrings we're going to
 replace using str_replace(). In other words, when we translate

 UPDATE wp_bp_xprofile_meta SET meta_value = 'PLEASE GO SOMEWHERE ELSE'
 WHERE object_id = '24' AND meta_key = 'validate_with_regex_error_message'


 UPDATE wp_bp_xprofile_meta SET meta_value = __QUOTE__ WHERE object_id =
 __QUOTE__ AND meta_key = __QUOTE__

 we have done enough to assure that things like `str_replace( 'WHERE', ...`
 will not catch any false positives.

 > If I remember correctly, we've only done this because our meta tables
 have a different schema than WP core's post/usermeta tables.

 This is true for `bp_filter_metaid_column_name()`, and it's worth looking
 into. We still need to manipulate the SQL for xprofile clauses in order to
 insert an `object_type = 'field'` clause.

Ticket URL: <https://buddypress.trac.wordpress.org/ticket/5919#comment:8>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac

More information about the buddypress-trac mailing list