Skip to:
Content

bbPress.org

Changeset 4837


Ignore:
Timestamp:
04/10/2013 03:54:10 AM (8 years ago)
Author:
johnjamesjacoby
Message:

Remove 'bbp_filter_kses' filter instead of 'wp_filter_kses' - Fixes unfiltered HTML issues introduced with bbp_filter_kses(). Props alex-ye. Fixes #2290.

Location:
trunk/includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/includes/replies/functions.php

    r4830 r4837  
    8888 *                                                cookies
    8989 * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
    90  * @uses remove_filter() To remove 'wp_filter_kses' filters if needed
     90 * @uses remove_filter() To remove the custom kses filters if needed
    9191 * @uses esc_attr() For sanitization
    9292 * @uses bbp_check_for_flood() To check for flooding
     
    168168    /** Unfiltered HTML *******************************************************/
    169169
    170     // Remove wp_filter_kses filters from title and content for capable users and if the nonce is verified
     170    // Remove the custom kses filters from title and content for capable users and if the nonce is verified
    171171    if ( current_user_can( 'unfiltered_html' ) && !empty( $_POST['_bbp_unfiltered_html_reply'] ) && wp_create_nonce( 'bbp-unfiltered-html-reply_' . $topic_id ) == $_POST['_bbp_unfiltered_html_reply'] ) {
    172         remove_filter( 'bbp_new_reply_pre_title',   'wp_filter_kses' );
    173         remove_filter( 'bbp_new_reply_pre_content', 'wp_filter_kses' );
     172        remove_filter( 'bbp_new_reply_pre_title',   'wp_filter_kses'  );
     173        remove_filter( 'bbp_new_reply_pre_content', 'bbp_filter_kses' );
    174174    }
    175175
     
    371371 * @uses bbp_filter_anonymous_post_data() To filter anonymous data
    372372 * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
    373  * @uses remove_filter() To remove 'wp_filter_kses' filters if needed
     373 * @uses remove_filter() To remove the custom kses filters if needed
    374374 * @uses esc_attr() For sanitization
    375375 * @uses apply_filters() Calls 'bbp_edit_reply_pre_title' with the title and
     
    449449    }
    450450
    451     // Remove wp_filter_kses filters from title and content for capable users and if the nonce is verified
     451    // Remove the custom kses filters from title and content for capable users and if the nonce is verified
    452452    if ( current_user_can( 'unfiltered_html' ) && !empty( $_POST['_bbp_unfiltered_html_reply'] ) && wp_create_nonce( 'bbp-unfiltered-html-reply_' . $reply_id ) == $_POST['_bbp_unfiltered_html_reply'] ) {
    453         remove_filter( 'bbp_edit_reply_pre_title',   'wp_filter_kses' );
    454         remove_filter( 'bbp_edit_reply_pre_content', 'wp_filter_kses' );
     453        remove_filter( 'bbp_edit_reply_pre_title',   'wp_filter_kses'  );
     454        remove_filter( 'bbp_edit_reply_pre_content', 'bbp_filter_kses' );
    455455    }
    456456
  • trunk/includes/topics/functions.php

    r4830 r4837  
    9696 * @uses bbp_check_for_duplicate() To check for duplicates
    9797 * @uses bbp_get_topic_post_type() To get the topic post type
    98  * @uses remove_filter() To remove 'wp_filter_kses' filters if needed
     98 * @uses remove_filter() To remove the custom kses filters if needed
    9999 * @uses apply_filters() Calls 'bbp_new_topic_pre_title' with the content
    100100 * @uses apply_filters() Calls 'bbp_new_topic_pre_content' with the content
     
    154154    }
    155155
    156     // Remove wp_filter_kses filters from title and content for capable users and if the nonce is verified
     156    // Remove the custom kses filters from title and content for capable users and if the nonce is verified
    157157    if ( current_user_can( 'unfiltered_html' ) && !empty( $_POST['_bbp_unfiltered_html_topic'] ) && wp_create_nonce( 'bbp-unfiltered-html-topic_new' ) == $_POST['_bbp_unfiltered_html_topic'] ) {
    158         remove_filter( 'bbp_new_topic_pre_title',   'wp_filter_kses' );
    159         remove_filter( 'bbp_new_topic_pre_content', 'wp_filter_kses' );
     158        remove_filter( 'bbp_new_topic_pre_title',   'wp_filter_kses'  );
     159        remove_filter( 'bbp_new_topic_pre_content', 'bbp_filter_kses' );
    160160    }
    161161
     
    407407 * @uses bbp_is_forum_closed() To check if the forum is closed
    408408 * @uses bbp_is_forum_private() To check if the forum is private
    409  * @uses remove_filter() To remove 'wp_filter_kses' filters if needed
     409 * @uses remove_filter() To remove the custom kses filters if needed
    410410 * @uses apply_filters() Calls 'bbp_edit_topic_pre_title' with the title and
    411411 *                        topic id
     
    484484    }
    485485
    486     // Remove wp_filter_kses filters from title and content for capable users and if the nonce is verified
     486    // Remove the custom kses filters from title and content for capable users and if the nonce is verified
    487487    if ( current_user_can( 'unfiltered_html' ) && !empty( $_POST['_bbp_unfiltered_html_topic'] ) && ( wp_create_nonce( 'bbp-unfiltered-html-topic_' . $topic_id ) == $_POST['_bbp_unfiltered_html_topic'] ) ) {
    488         remove_filter( 'bbp_edit_topic_pre_title',   'wp_filter_kses' );
    489         remove_filter( 'bbp_edit_topic_pre_content', 'wp_filter_kses' );
     488        remove_filter( 'bbp_edit_topic_pre_title',   'wp_filter_kses'  );
     489        remove_filter( 'bbp_edit_topic_pre_content', 'bbp_filter_kses' );
    490490    }
    491491
Note: See TracChangeset for help on using the changeset viewer.