Skip to:
Content

bbPress.org

Ticket #3570: 3570.3.patch

File 3570.3.patch, 1.6 KB (added by viralsampat, 15 months ago)

I have checked above mentioned issue and founds few more files. I have applied its patch.

  • includes/common/template.php

     
    13381338        // Make sure we are directing somewhere
    13391339        if ( empty( $redirect_to ) ) {
    13401340                if ( isset( $_SERVER['REQUEST_URI'] ) ) {
    1341                         $redirect_to = bbp_get_url_scheme() . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
     1341                        $redirect_to = bbp_get_url_scheme() . sanitize_text_field( $_SERVER['HTTP_HOST'] ) . sanitize_text_field( $_SERVER['REQUEST_URI'] );
    13421342                } else {
    13431343                        $redirect_to = wp_get_referer();
    13441344                }
  • includes/search/functions.php

     
    116116
    117117        // Get search terms if requested
    118118        $terms = ! empty( $_REQUEST[ $query_arg ] )
    119                 ? $_REQUEST[ $query_arg ]
     119                ? sanitize_text_field( $_REQUEST[ $query_arg ] )
    120120                : false;
    121121
    122122        // Bail if query argument does not exist
  • includes/users/engagements.php

     
    878878
    879879                // Redirect back from whence we came
    880880                if ( ! empty( $_REQUEST['redirect_to'] ) ) {
    881                         $redirect = $_REQUEST['redirect_to']; // Validated later
     881                        $redirect = sanitize_text_field( $_REQUEST['redirect_to'] ); // Validated later
    882882                } elseif ( bbp_is_subscriptions() ) {
    883883                        $redirect = bbp_get_subscriptions_permalink( $user_id );
    884884                } elseif ( bbp_is_single_user() ) {