Skip to:
Content

bbPress.org

Changeset 3180


Ignore:
Timestamp:
05/21/2011 07:46:01 AM (11 years ago)
Author:
johnjamesjacoby
Message:

More security sweep and code clean-up through bbp-topic-functions.php. Also fix incorrect variable usage in bbp_update_topic_reply_count() and bbp_update_topic_last_active_time(). See #1514.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/plugin/bbp-includes/bbp-topic-functions.php

    r3171 r3180  
    9393        /** Topic Title *******************************************************/
    9494
    95         // Topic title
    96         if ( !empty( $_POST['bbp_topic_title'] ) ) {
    97 
    98             // Sanitize and strip HTML tags
     95        if ( !empty( $_POST['bbp_topic_title'] ) )
    9996            $topic_title = esc_attr( strip_tags( $_POST['bbp_topic_title'] ) );
    10097
    101             // Filter and sanitize
    102             $topic_title = apply_filters( 'bbp_new_topic_pre_title', $topic_title );
    103         }
     98        // Filter and sanitize
     99        $topic_title = apply_filters( 'bbp_new_topic_pre_title', $topic_title );
    104100
    105101        // No topic title
     
    109105        /** Topic Content *****************************************************/
    110106
    111         // Topic content
    112         if ( !empty( $_POST['bbp_topic_content'] ) ) {
    113 
    114             // Set topic content
     107        if ( !empty( $_POST['bbp_topic_content'] ) )
    115108            $topic_content = $_POST['bbp_topic_content'];
    116109
    117             // Filter and sanitize
    118             $topic_content = apply_filters( 'bbp_new_topic_pre_content', $topic_content );
    119         }
     110        // Filter and sanitize
     111        $topic_content = apply_filters( 'bbp_new_topic_pre_content', $topic_content );
    120112
    121113        // No topic content
    122114        if ( empty( $topic_content ) )
    123             $bbp->errors->add( 'bbp_topic_content', __( '<strong>ERROR</strong>: Your topic needs some content.', 'bbpress' ) );
     115            $bbp->errors->add( 'bbp_topic_content', __( '<strong>ERROR</strong>: Your topic cannot be empty.', 'bbpress' ) );
    124116
    125117        /** Topic Forum *******************************************************/
     
    171163
    172164            // Explode by comma
    173             if ( strstr( $terms, ',' ) ) {
     165            if ( strstr( $terms, ',' ) )
    174166                $terms = explode( ',', $terms );
    175             }
    176167
    177168            // Add topic tag ID as main key
     
    354345            // Forum is a category
    355346            if ( bbp_is_forum_category( $forum_id ) )
    356                 $bbp->errors->add( 'bbp_edit_topic_forum_category', __( '<strong>ERROR</strong>: This forum is a category. No topics can be created in this forum.', 'bbpress' ) );
     347                $bbp->errors->add( 'bbp_edit_topic_forum_category', __( '<strong>ERROR</strong>: This forum is a category. No topics can be created in it.', 'bbpress' ) );
    357348
    358349            // Forum is closed and user cannot access
     
    371362        /** Topic Title *******************************************************/
    372363
    373         // Topic title
    374         if ( !empty( $_POST['bbp_topic_title'] ) ) {
    375 
    376             // Sanitize and strip HTML tags
     364        if ( !empty( $_POST['bbp_topic_title'] ) )
    377365            $topic_title = esc_attr( strip_tags( $_POST['bbp_topic_title'] ) );
    378366
    379             // Filter and sanitize
    380             $topic_title = apply_filters( 'bbp_edit_topic_pre_title', $topic_title, $topic_id );
    381         }
     367        // Filter and sanitize
     368        $topic_title = apply_filters( 'bbp_edit_topic_pre_title', $topic_title, $topic_id );
    382369
    383370        // No topic title
     
    387374        /** Topic Content *****************************************************/
    388375
    389         // Topic content
    390         if ( !empty( $_POST['bbp_topic_content'] ) ) {
    391 
    392             // Set topic content
     376        if ( !empty( $_POST['bbp_topic_content'] ) )
    393377            $topic_content = $_POST['bbp_topic_content'];
    394378
    395             // Filter and sanitize
    396             $topic_content = apply_filters( 'bbp_edit_topic_pre_content', $topic_content, $topic_id );
    397         }
     379        // Filter and sanitize
     380        $topic_content = apply_filters( 'bbp_edit_topic_pre_content', $topic_content, $topic_id );
    398381
    399382        // No topic content
     
    410393
    411394            // Explode by comma
    412             if ( strstr( $terms, ',' ) ) {
     395            if ( strstr( $terms, ',' ) )
    413396                $terms = explode( ',', $terms );
    414             }
    415397
    416398            // Add topic tag ID as main key
     
    468450
    469451            // Revision Reason
    470             if ( !empty( $_POST['bbp_topic_edit_reason'] ) ) {
     452            if ( !empty( $_POST['bbp_topic_edit_reason'] ) )
    471453                $topic_edit_reason = esc_attr( strip_tags( $_POST['bbp_topic_edit_reason'] ) );
    472             }
    473454
    474455            // Update revision log
     
    508489
    509490            /** Errors ********************************************************/
     491
    510492            } else {
    511493                $append_error = ( is_wp_error( $topic_id ) && $topic_id->get_error_message() ) ? $topic_id->get_error_message() . ' ' : '';
     
    16851667        do_action( 'bbp_toggle_topic_handler', $success, $post_data, $action );
    16861668
    1687         // No Errors
     1669        // No errors
    16881670        if ( false != $success && !is_wp_error( $success ) ) {
    16891671
     
    18531835    // If it's a reply, then get the parent (topic id)
    18541836    if ( bbp_is_reply( $topic_id ) )
    1855         $topic_id = bbp_get_reply_topic_id( $reply_id );
     1837        $topic_id = bbp_get_reply_topic_id( $topic_id );
    18561838    else
    18571839        $topic_id = bbp_get_topic_id( $topic_id );
     
    19571939    // If it's a reply, then get the parent (topic id)
    19581940    if ( bbp_is_reply( $topic_id ) )
    1959         $topic_id = bbp_get_reply_topic_id( $reply_id );
     1941        $topic_id = bbp_get_reply_topic_id( $topic_id );
    19601942    else
    19611943        $topic_id = bbp_get_topic_id( $topic_id );
Note: See TracChangeset for help on using the changeset viewer.