Ticket #3570: 3570.3.patch
File 3570.3.patch, 1.6 KB (added by , 15 months ago) |
---|
-
includes/common/template.php
1338 1338 // Make sure we are directing somewhere 1339 1339 if ( empty( $redirect_to ) ) { 1340 1340 if ( isset( $_SERVER['REQUEST_URI'] ) ) { 1341 $redirect_to = bbp_get_url_scheme() . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];1341 $redirect_to = bbp_get_url_scheme() . sanitize_text_field( $_SERVER['HTTP_HOST'] ) . sanitize_text_field( $_SERVER['REQUEST_URI'] ); 1342 1342 } else { 1343 1343 $redirect_to = wp_get_referer(); 1344 1344 } -
includes/search/functions.php
116 116 117 117 // Get search terms if requested 118 118 $terms = ! empty( $_REQUEST[ $query_arg ] ) 119 ? $_REQUEST[ $query_arg ]119 ? sanitize_text_field( $_REQUEST[ $query_arg ] ) 120 120 : false; 121 121 122 122 // Bail if query argument does not exist -
includes/users/engagements.php
878 878 879 879 // Redirect back from whence we came 880 880 if ( ! empty( $_REQUEST['redirect_to'] ) ) { 881 $redirect = $_REQUEST['redirect_to']; // Validated later881 $redirect = sanitize_text_field( $_REQUEST['redirect_to'] ); // Validated later 882 882 } elseif ( bbp_is_subscriptions() ) { 883 883 $redirect = bbp_get_subscriptions_permalink( $user_id ); 884 884 } elseif ( bbp_is_single_user() ) {