Changeset 5366 for branches/2.5/includes/admin/functions.php

Timestamp:

06/05/2014 08:44:55 PM (11 years ago)

Author:

johnjamesjacoby

Message:

Introduce bbp_sanitize_slug() function for sanitizing permalink slugs, and use it as the callback for any slug settings. Props mazengamal. See #2496 (2.5 branch).

File:

• branches/2.5/includes/admin/functions.php (modified) (1 diff)

branches/2.5/includes/admin/functions.php

@@ -136 +136 @@
     // Return post link
     return $post_link;
+}
+
+/**
+ * Sanitize permalink slugs when saving the settings page.
+ *
+ * @since bbPress (r5364)
+ *
+ * @param string $slug
+ * @return string
+ */
+function bbp_sanitize_slug( $slug = '' ) {
+
+    // Don't allow multiple slashes in a row
+    $value = preg_replace( '#/+#', '/', str_replace( '#', '', $slug ) );
+
+    // Strip out unsafe or unusable chars
+    $value = esc_url_raw( $value );
+
+    // esc_url_raw() adds a scheme via esc_url(), so let's remove it
+    $value = str_replace( 'http://', '', $value );
+
+    // Trim off first and last slashes.
+    //
+    // We already prevent double slashing elsewhere, but let's prevent
+    // accidental poisoning of options values where we can.
+    $value = ltrim( $value, '/' );
+    $value = rtrim( $value, '/' );
+
+    // Filter the result and return
+    return apply_filters( 'bbp_sanitize_slug', $value, $slug );
 }