Ticket #3570: 3570.2.patch
File 3570.2.patch, 2.2 KB (added by , 19 months ago) |
---|
-
includes/admin/converters/Kunena2.php
503 503 * @return string WordPress safe 504 504 */ 505 505 public function callback_forum_type( $status = 0 ) { 506 if ( $status == 0 ) {506 if ( $status === 0 ) { 507 507 $status = 'category'; 508 508 } else { 509 509 $status = 'forum'; -
includes/admin/users.php
194 194 195 195 $new_role = false; 196 196 if ( ! empty( $_REQUEST['bbp-change-role2'] ) && ! empty( $_REQUEST['bbp-new-role2'] ) ) { 197 $new_role = $_REQUEST['bbp-new-role2'];197 $new_role = sanitize_text_field( $_REQUEST['bbp-new-role2'] ); 198 198 } elseif ( ! empty( $_REQUEST['bbp-change-role'] ) && ! empty( $_REQUEST['bbp-new-role'] ) ) { 199 $new_role = $_REQUEST['bbp-new-role'];199 $new_role = sanitize_text_field( $_REQUEST['bbp-new-role'] ); 200 200 } 201 201 202 202 // Check that the new role exists -
templates/default/bbpress-functions.php
259 259 } 260 260 261 261 // Bail if user did not take this action 262 if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( $_POST['nonce'], 'toggle-favorite_' . $object->ID ) ) {262 if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( $_POST['nonce'] ), 'toggle-favorite_' . $object->ID ) ) { 263 263 bbp_ajax_response( false, esc_html__( 'Are you sure you meant to do that?', 'bbpress' ), 304 ); 264 264 } 265 265 … … 322 322 } 323 323 324 324 // Bail if user did not take this action 325 if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( $_POST['nonce'], 'toggle-subscription_' . $object->ID ) ) {325 if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( $_POST['nonce'] ), 'toggle-subscription_' . $object->ID ) ) { 326 326 bbp_ajax_response( false, esc_html__( 'Are you sure you meant to do that?', 'bbpress' ), 304 ); 327 327 } 328 328