Alex Popov

Thanks for reply, Greg.

Redownloaded archive still corrupted. Nevermind, I just downloaded archive from svn.

@peterkchan, This is dirty hack, but you can write something like this just in form template:

<style type="text/css"> .wpcf7-submit { float: right } </style>

Of course, for more complex styling you need separate css from template.

Brajesh,

thanks for support! I proposed also add “alert” class (defined in buddypress/bp-core/css/admin-bar.css) to notifications counter, but it’s just a little cosmetic improvement:

View post on imgur.com

Hi Brajesh,

it works, thanks (I forgot about response format in jQuery)!

You said: “We don’t need to modify the query”, but added parameter does not modify query, in your actual version it looks like:

$wpdb->prepare( "SELECT * FROM {$bp->core->table_name_notifications} WHERE id in {$list_ids} AND is_new = %d", 1)

I don’t know how WP handles queries, I’m completely WP newbie, but why $wpdb->prepare works with any argument in this case, even NULL (and with $notification_ids — it’s my mistake, sorry, actually $list_ids is needed)? As a result we have insecure query, doesn’t?

There is a description of problem with prepare function: PHP Warning: Missing argument 2 for wpdb::prepare() and there is subject: Protect Queries Against SQL Injection Attacks.

So actually fix for problem is (if you don’t suppress error_reporting):

$notifications =$wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$bp->core->table_name_notifications} WHERE id in {$list_ids} AND is_new = %d", $notification_ids), 1 );

Sorry again for NULL (this is a dirty hack), but I’m not a WP developer.

I’m sorry, I mean function $wpdb->prepare (file wp-includes/wp-db.php at line 1147):

function prepare( $query, $args )

Hi, Brajesh.

1. Server response is a string and therefore it is parsed as "somedata", e.g. "{"a":"1"}". So we have JSON syntax error there.

2. Second argument in function $wpdb->get_results is NOT optional.

Thanks for plugin.