Skip to:
Content

bbPress.org

Ticket #3559: 3559.patch

File 3559.patch, 2.2 KB (added by viralsampat, 11 months ago)

I have checked above mentioned issue and founds few more files. I have applied its patch.

  • includes/admin/converters/Kunena2.php

     
    503503         * @return string WordPress safe
    504504         */
    505505        public function callback_forum_type( $status = 0 ) {
    506                 if ( $status == 0 ) {
     506                if ( $status === 0 ) {
    507507                        $status = 'category';
    508508                } else {
    509509                        $status = 'forum';
  • includes/admin/users.php

     
    194194
    195195                $new_role = false;
    196196                if ( ! empty( $_REQUEST['bbp-change-role2'] ) && ! empty( $_REQUEST['bbp-new-role2'] ) ) {
    197                         $new_role = $_REQUEST['bbp-new-role2'];
     197                        $new_role = sanitize_text_field( $_REQUEST['bbp-new-role2'] );
    198198                } elseif ( ! empty( $_REQUEST['bbp-change-role'] ) && ! empty( $_REQUEST['bbp-new-role'] ) ) {
    199                         $new_role = $_REQUEST['bbp-new-role'];
     199                        $new_role = sanitize_text_field( $_REQUEST['bbp-new-role'] );
    200200                }
    201201
    202202                // Check that the new role exists
  • templates/default/bbpress-functions.php

     
    259259                }
    260260
    261261                // Bail if user did not take this action
    262                 if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( $_POST['nonce'], 'toggle-favorite_' . $object->ID ) ) {
     262                if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( $_POST['nonce'] ), 'toggle-favorite_' . $object->ID ) ) {
    263263                        bbp_ajax_response( false, esc_html__( 'Are you sure you meant to do that?', 'bbpress' ), 304 );
    264264                }
    265265
     
    322322                }
    323323
    324324                // Bail if user did not take this action
    325                 if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( $_POST['nonce'], 'toggle-subscription_' . $object->ID ) ) {
     325                if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( $_POST['nonce'] ), 'toggle-subscription_' . $object->ID ) ) {
    326326                        bbp_ajax_response( false, esc_html__( 'Are you sure you meant to do that?', 'bbpress' ), 304 );
    327327                }
    328328