X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/256a3b381f63716209b3527d0a14442ae570c283..refs/tags/wordpress-4.0:/wp-admin/includes/class-wp-ms-sites-list-table.php

diff --git a/wp-admin/includes/class-wp-ms-sites-list-table.php b/wp-admin/includes/class-wp-ms-sites-list-table.php
index f9b33e42..05c55bc7 100644
--- a/wp-admin/includes/class-wp-ms-sites-list-table.php
+++ b/wp-admin/includes/class-wp-ms-sites-list-table.php
@@ -9,18 +9,28 @@
  */
 class WP_MS_Sites_List_Table extends WP_List_Table {
 
-	function __construct( $args = array() ) {
+	/**
+	 * Constructor.
+	 *
+	 * @since 3.1.0
+	 * @access public
+	 *
+	 * @see WP_List_Table::__construct() for more information on default arguments.
+	 *
+	 * @param array $args An associative array of arguments.
+	 */
+	public function __construct( $args = array() ) {
 		parent::__construct( array(
 			'plural' => 'sites',
 			'screen' => isset( $args['screen'] ) ? $args['screen'] : null,
 		) );
 	}
 
-	function ajax_user_can() {
+	public function ajax_user_can() {
 		return current_user_can( 'manage_sites' );
 	}
 
-	function prepare_items() {
+	public function prepare_items() {
 		global $s, $mode, $wpdb;
 
 		$current_site = get_current_site();
@@ -38,10 +48,10 @@ class WP_MS_Sites_List_Table extends WP_List_Table {
 			$s = trim($s, '*');
 		}
 
-		$like_s = esc_sql( like_escape( $s ) );
-
-		// If the network is large and a search is not being performed, show only the latest blogs with no paging in order
-		// to avoid expensive count queries.
+		/*
+		 * If the network is large and a search is not being performed, show only
+		 * the latest blogs with no paging in order to avoid expensive count queries.
+		 */
 		if ( !$s && wp_is_large_network() ) {
 			if ( !isset($_REQUEST['orderby']) )
 				$_GET['orderby'] = $_REQUEST['orderby'] = '';
@@ -58,7 +68,8 @@ class WP_MS_Sites_List_Table extends WP_List_Table {
 					preg_match( '/^[0-9]{1,3}\.[0-9]{1,3}\.?$/', $s ) ||
 					preg_match( '/^[0-9]{1,3}\.$/', $s ) ) {
 			// IPv4 address
-			$reg_blog_ids = $wpdb->get_col( "SELECT blog_id FROM {$wpdb->registration_log} WHERE {$wpdb->registration_log}.IP LIKE ( '{$like_s}$wild' )" );
+			$sql = $wpdb->prepare( "SELECT blog_id FROM {$wpdb->registration_log} WHERE {$wpdb->registration_log}.IP LIKE %s", $wpdb->esc_like( $s ) . $wild );
+			$reg_blog_ids = $wpdb->get_col( $sql );
 
 			if ( !$reg_blog_ids )
 				$reg_blog_ids = array( 0 );
@@ -69,17 +80,18 @@ class WP_MS_Sites_List_Table extends WP_List_Table {
 				AND {$wpdb->blogs}.blog_id IN (" . implode( ', ', $reg_blog_ids ) . ")";
 		} else {
 			if ( is_numeric($s) && empty( $wild ) ) {
-				$query .= " AND ( {$wpdb->blogs}.blog_id = '{$like_s}' )";
+				$query .= $wpdb->prepare( " AND ( {$wpdb->blogs}.blog_id = %s )", $s );
 			} elseif ( is_subdomain_install() ) {
-				$blog_s = str_replace( '.' . $current_site->domain, '', $like_s );
-				$blog_s .= $wild . '.' . $current_site->domain;
-				$query .= " AND ( {$wpdb->blogs}.domain LIKE '$blog_s' ) ";
+				$blog_s = str_replace( '.' . $current_site->domain, '', $s );
+				$blog_s = $wpdb->esc_like( $blog_s ) . $wild . $wpdb->esc_like( '.' . $current_site->domain );
+				$query .= $wpdb->prepare( " AND ( {$wpdb->blogs}.domain LIKE %s ) ", $blog_s );
 			} else {
-				if ( $like_s != trim('/', $current_site->path) )
-					$blog_s = $current_site->path . $like_s . $wild . '/';
-				else
-					$blog_s = $like_s;
-				$query .= " AND  ( {$wpdb->blogs}.path LIKE '$blog_s' )";
+				if ( $s != trim('/', $current_site->path) ) {
+					$blog_s = $wpdb->esc_like( $current_site->path . $s ) . $wild . $wpdb->esc_like( '/' );
+				} else {
+					$blog_s = $wpdb->esc_like( $s );
+				}
+				$query .= $wpdb->prepare( " AND  ( {$wpdb->blogs}.path LIKE %s )", $blog_s );
 			}
 		}
 
@@ -120,11 +132,11 @@ class WP_MS_Sites_List_Table extends WP_List_Table {
 		) );
 	}
 
-	function no_items() {
+	public function no_items() {
 		_e( 'No sites found.' );
 	}
 
-	function get_bulk_actions() {
+	protected function get_bulk_actions() {
 		$actions = array();
 		if ( current_user_can( 'delete_sites' ) )
 			$actions['delete'] = __( 'Delete' );
@@ -134,7 +146,7 @@ class WP_MS_Sites_List_Table extends WP_List_Table {
 		return $actions;
 	}
 
-	function pagination( $which ) {
+	protected function pagination( $which ) {
 		global $mode;
 
 		parent::pagination( $which );
@@ -143,7 +155,7 @@ class WP_MS_Sites_List_Table extends WP_List_Table {
 			$this->view_switcher( $mode );
 	}
 
-	function get_columns() {
+	public function get_columns() {
 		$blogname_columns = ( is_subdomain_install() ) ? __( 'Domain' ) : __( 'Path' );
 		$sites_columns = array(
 			'cb'          => '<input type="checkbox" />',
@@ -169,7 +181,7 @@ class WP_MS_Sites_List_Table extends WP_List_Table {
 		return $sites_columns;
 	}
 
-	function get_sortable_columns() {
+	protected function get_sortable_columns() {
 		return array(
 			'blogname'    => 'blogname',
 			'lastupdated' => 'lastupdated',
@@ -177,7 +189,7 @@ class WP_MS_Sites_List_Table extends WP_List_Table {
 		);
 	}
 
-	function display_rows() {
+	public function display_rows() {
 		global $mode;
 
 		$status_list = array(
@@ -187,6 +199,12 @@ class WP_MS_Sites_List_Table extends WP_List_Table {
 			'mature'   => array( 'site-mature', __( 'Mature' ) )
 		);
 
+		if ( 'list' == $mode ) {
+			$date = 'Y/m/d';
+		} else {
+			$date = 'Y/m/d \<\b\r \/\> g:i:s a';
+		}
+
 		$class = '';
 		foreach ( $this->items as $blog ) {
 			$class = ( 'alternate' == $class ) ? '' : 'alternate';
@@ -233,7 +251,7 @@ class WP_MS_Sites_List_Table extends WP_List_Table {
 					break;
 
 					case 'id':?>
-						<th valign="top" scope="row">
+						<th scope="row">
 							<?php echo $blog['blog_id'] ?>
 						</th>
 					<?php
@@ -306,17 +324,13 @@ class WP_MS_Sites_List_Table extends WP_List_Table {
 					break;
 
 					case 'lastupdated':
-						echo "<td valign='top' class='$column_name column-$column_name'$style>";
-							if ( 'list' == $mode )
-								$date = 'Y/m/d';
-							else
-								$date = 'Y/m/d \<\b\r \/\> g:i:s a';
+						echo "<td class='$column_name column-$column_name'$style>";
 							echo ( $blog['last_updated'] == '0000-00-00 00:00:00' ) ? __( 'Never' ) : mysql2date( $date, $blog['last_updated'] ); ?>
 						</td>
 					<?php
 					break;
 				case 'registered':
-						echo "<td valign='top' class='$column_name column-$column_name'$style>";
+						echo "<td class='$column_name column-$column_name'$style>";
 						if ( $blog['registered'] == '0000-00-00 00:00:00' )
 							echo '&#x2014;';
 						else
@@ -326,7 +340,7 @@ class WP_MS_Sites_List_Table extends WP_List_Table {
 					<?php
 					break;
 				case 'users':
-						echo "<td valign='top' class='$column_name column-$column_name'$style>";
+						echo "<td class='$column_name column-$column_name'$style>";
 							$blogusers = get_users( array( 'blog_id' => $blog['blog_id'], 'number' => 6) );
 							if ( is_array( $blogusers ) ) {
 								$blogusers_warning = '';
@@ -350,7 +364,7 @@ class WP_MS_Sites_List_Table extends WP_List_Table {
 
 				case 'plugins': ?>
 					<?php if ( has_filter( 'wpmublogsaction' ) ) {
-					echo "<td valign='top' class='$column_name column-$column_name'$style>";
+					echo "<td class='$column_name column-$column_name'$style>";
 						/**
 						 * Fires inside the auxiliary 'Actions' column of the Sites list table.
 						 *