Alex Popov
Forum Replies Created
-
Thanks for reply, Greg.
Redownloaded archive still corrupted. Nevermind, I just downloaded archive from svn.
Forum: Plugins
In reply to: [Contact Form 7] Contact form 7 send button location@peterkchan, This is dirty hack, but you can write something like this just in form template:
<style type="text/css"> .wpcf7-submit { float: right } </style>
Of course, for more complex styling you need separate css from template.
Brajesh,
thanks for support! I proposed also add “alert” class (defined in
buddypress/bp-core/css/admin-bar.css
) to notifications counter, but it’s just a little cosmetic improvement:Hi Brajesh,
it works, thanks (I forgot about response format in jQuery)!
You said: “We don’t need to modify the query”, but added parameter does not modify query, in your actual version it looks like:
$wpdb->prepare( "SELECT * FROM {$bp->core->table_name_notifications} WHERE id in {$list_ids} AND is_new = %d", 1)
I don’t know how WP handles queries, I’m completely WP newbie, but why
$wpdb->prepare
works with any argument in this case, even NULL (and with$notification_ids
— it’s my mistake, sorry, actually$list_ids
is needed)? As a result we have insecure query, doesn’t?There is a description of problem with
prepare
function: PHP Warning: Missing argument 2 for wpdb::prepare() and there is subject: Protect Queries Against SQL Injection Attacks.So actually fix for problem is (if you don’t suppress
error_reporting
):$notifications =$wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$bp->core->table_name_notifications} WHERE id in {$list_ids} AND is_new = %d", $notification_ids), 1 );
Sorry again for NULL (this is a dirty hack), but I’m not a WP developer.
I’m sorry, I mean function
$wpdb->prepare
(filewp-includes/wp-db.php
at line 1147):function prepare( $query, $args )
Hi, Brajesh.
1. Server response is a string and therefore it is parsed as
"somedata"
, e.g."{"a":"1"}"
. So we have JSON syntax error there.2. Second argument in function
$wpdb->get_results
is NOT optional.Thanks for plugin.