Context Navigation

security-team.php

Timestamp:

11/24/2015 10:52:53 PM (10 years ago)

Author:

coffee2code

Message:

Slack: Allow get_security_team() to return team members by specified field rather than only by user_login.

Notifications now deal in user_nicename instead of user_login.

File:

-                      r1801
+                      r2128
+}
+function get_security_team() {
+/**
+ * Returns array of security team members by specified field value.
+ *
+ * @param string $user_field Optional. The user column value to return for each security team member. Defaut 'user_login'.
+ * @return array
+ */
+function get_security_team( $user_field = 'user_login' ) {
     global $wpdb;
     $group = slack_api( 'groups.info', array( 'channel' => SECURITY_GROUP_ID ) );
 …
     $user_ids = array_map( 'intval', $user_ids );
     $user_ids_for_sql = implode( ', ', $user_ids );
+    $user_logins = $wpdb->get_col( "SELECT user_login FROM $wpdb->users WHERE ID IN ($user_ids_for_sql)" );
+    // Whitelist user field before using.
+    if ( ! in_array( $user_field, array( 'ID', 'user_email', 'user_login', 'user_nicename', 'display_name' ) ) ) {
+        $user_field = 'user_login';
+    }
+    $user_logins = $wpdb->get_col( "SELECT $user_field FROM $wpdb->users WHERE ID IN ($user_ids_for_sql)" );
     return $user_logins;
+}

Note: See TracChangeset for help on using the changeset viewer.