Changeset 5366
- Timestamp:
- 06/05/2014 08:44:55 PM (10 years ago)
- Location:
- branches/2.5/includes/admin
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.5/includes/admin/functions.php
r5133 r5366 136 136 // Return post link 137 137 return $post_link; 138 } 139 140 /** 141 * Sanitize permalink slugs when saving the settings page. 142 * 143 * @since bbPress (r5364) 144 * 145 * @param string $slug 146 * @return string 147 */ 148 function bbp_sanitize_slug( $slug = '' ) { 149 150 // Don't allow multiple slashes in a row 151 $value = preg_replace( '#/+#', '/', str_replace( '#', '', $slug ) ); 152 153 // Strip out unsafe or unusable chars 154 $value = esc_url_raw( $value ); 155 156 // esc_url_raw() adds a scheme via esc_url(), so let's remove it 157 $value = str_replace( 'http://', '', $value ); 158 159 // Trim off first and last slashes. 160 // 161 // We already prevent double slashing elsewhere, but let's prevent 162 // accidental poisoning of options values where we can. 163 $value = ltrim( $value, '/' ); 164 $value = rtrim( $value, '/' ); 165 166 // Filter the result and return 167 return apply_filters( 'bbp_sanitize_slug', $value, $slug ); 138 168 } 139 169 -
branches/2.5/includes/admin/settings.php
r5243 r5366 264 264 'title' => __( 'Forum Root', 'bbpress' ), 265 265 'callback' => 'bbp_admin_setting_callback_root_slug', 266 'sanitize_callback' => ' esc_sql',266 'sanitize_callback' => 'bbp_sanitize_slug', 267 267 'args' => array() 268 268 ), … … 293 293 'title' => __( 'Forum', 'bbpress' ), 294 294 'callback' => 'bbp_admin_setting_callback_forum_slug', 295 'sanitize_callback' => ' sanitize_title',295 'sanitize_callback' => 'bbp_sanitize_slug', 296 296 'args' => array() 297 297 ), … … 301 301 'title' => __( 'Topic', 'bbpress' ), 302 302 'callback' => 'bbp_admin_setting_callback_topic_slug', 303 'sanitize_callback' => ' sanitize_title',303 'sanitize_callback' => 'bbp_sanitize_slug', 304 304 'args' => array() 305 305 ), … … 309 309 'title' => __( 'Topic Tag', 'bbpress' ), 310 310 'callback' => 'bbp_admin_setting_callback_topic_tag_slug', 311 'sanitize_callback' => ' sanitize_title',311 'sanitize_callback' => 'bbp_sanitize_slug', 312 312 'args' => array() 313 313 ), … … 317 317 'title' => __( 'Topic View', 'bbpress' ), 318 318 'callback' => 'bbp_admin_setting_callback_view_slug', 319 'sanitize_callback' => ' sanitize_title',319 'sanitize_callback' => 'bbp_sanitize_slug', 320 320 'args' => array() 321 321 ), … … 325 325 'title' => __( 'Reply', 'bbpress' ), 326 326 'callback' => 'bbp_admin_setting_callback_reply_slug', 327 'sanitize_callback' => ' sanitize_title',327 'sanitize_callback' => 'bbp_sanitize_slug', 328 328 'args' => array() 329 329 ), … … 333 333 'title' => __( 'Search', 'bbpress' ), 334 334 'callback' => 'bbp_admin_setting_callback_search_slug', 335 'sanitize_callback' => ' sanitize_title',335 'sanitize_callback' => 'bbp_sanitize_slug', 336 336 'args' => array() 337 337 ) … … 346 346 'title' => __( 'User Base', 'bbpress' ), 347 347 'callback' => 'bbp_admin_setting_callback_user_slug', 348 'sanitize_callback' => ' sanitize_title',348 'sanitize_callback' => 'bbp_sanitize_slug', 349 349 'args' => array() 350 350 ), … … 354 354 'title' => __( 'Topics Started', 'bbpress' ), 355 355 'callback' => 'bbp_admin_setting_callback_topic_archive_slug', 356 'sanitize_callback' => ' esc_sql',356 'sanitize_callback' => 'bbp_sanitize_slug', 357 357 'args' => array() 358 358 ), … … 362 362 'title' => __( 'Replies Created', 'bbpress' ), 363 363 'callback' => 'bbp_admin_setting_callback_reply_archive_slug', 364 'sanitize_callback' => ' esc_sql',364 'sanitize_callback' => 'bbp_sanitize_slug', 365 365 'args' => array() 366 366 ), … … 370 370 'title' => __( 'Favorite Topics', 'bbpress' ), 371 371 'callback' => 'bbp_admin_setting_callback_user_favs_slug', 372 'sanitize_callback' => ' esc_sql',372 'sanitize_callback' => 'bbp_sanitize_slug', 373 373 'args' => array() 374 374 ), … … 378 378 'title' => __( 'Topic Subscriptions', 'bbpress' ), 379 379 'callback' => 'bbp_admin_setting_callback_user_subs_slug', 380 'sanitize_callback' => ' esc_sql',380 'sanitize_callback' => 'bbp_sanitize_slug', 381 381 'args' => array() 382 382 )
Note: See TracChangeset
for help on using the changeset viewer.