Changeset 5558
- Timestamp:
- 11/10/2014 05:37:29 PM (10 years ago)
- Location:
- trunk/src/includes
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/includes/core/filters.php
r5466 r5558 171 171 add_filter( 'bbp_get_form_reply_content', 'trim' ); 172 172 173 // Form input output - sanitize 174 add_filter( 'bbp_get_form_reply_edit_reason', 'esc_attr' ); 175 add_filter( 'bbp_get_form_reply_edit_reason', 'trim' ); 176 add_filter( 'bbp_get_form_topic_edit_reason', 'esc_attr' ); 177 add_filter( 'bbp_get_form_topic_edit_reason', 'trim' ); 178 173 179 // Add number format filter to functions requiring numeric output 174 180 add_filter( 'bbp_get_user_topic_count', 'bbp_number_format', 10 ); -
trunk/src/includes/forums/template.php
r5501 r5558 2185 2185 2186 2186 // Get _POST data 2187 if ( bbp_is_ post_request() && isset( $_POST['bbp_forum_title'] ) ) {2187 if ( bbp_is_forum_form_post_request() && isset( $_POST['bbp_forum_title'] ) ) { 2188 2188 $forum_title = $_POST['bbp_forum_title']; 2189 2189 … … 2222 2222 2223 2223 // Get _POST data 2224 if ( bbp_is_ post_request() && isset( $_POST['bbp_forum_content'] ) ) {2224 if ( bbp_is_forum_form_post_request() && isset( $_POST['bbp_forum_content'] ) ) { 2225 2225 $forum_content = stripslashes( $_POST['bbp_forum_content'] ); 2226 2226 … … 2260 2260 2261 2261 // Get _POST data 2262 if ( bbp_is_ post_request() && isset( $_POST['bbp_forum_id'] ) ) {2262 if ( bbp_is_forum_form_post_request() && isset( $_POST['bbp_forum_id'] ) ) { 2263 2263 $forum_parent = $_POST['bbp_forum_id']; 2264 2264 … … 2298 2298 2299 2299 // Get _POST data 2300 if ( bbp_is_ post_request() && isset( $_POST['bbp_forum_type'] ) ) {2300 if ( bbp_is_forum_form_post_request() && isset( $_POST['bbp_forum_type'] ) ) { 2301 2301 $forum_type = $_POST['bbp_forum_type']; 2302 2302 … … 2336 2336 2337 2337 // Get _POST data 2338 if ( bbp_is_ post_request() && isset( $_POST['bbp_forum_visibility'] ) ) {2338 if ( bbp_is_forum_form_post_request() && isset( $_POST['bbp_forum_visibility'] ) ) { 2339 2339 $forum_visibility = $_POST['bbp_forum_visibility']; 2340 2340 … … 2378 2378 2379 2379 // Get _POST data 2380 if ( bbp_is_ post_request() && isset( $_POST['bbp_forum_subscription'] ) ) {2380 if ( bbp_is_forum_form_post_request() && isset( $_POST['bbp_forum_subscription'] ) ) { 2381 2381 $forum_subscribed = (bool) $_POST['bbp_forum_subscription']; 2382 2382 … … 2465 2465 2466 2466 // Post value is passed 2467 if ( bbp_is_ post_request() && isset( $_POST[ $r['select_id'] ] ) ) {2467 if ( bbp_is_forum_form_post_request() && isset( $_POST[ $r['select_id'] ] ) ) { 2468 2468 $r['selected'] = $_POST[ $r['select_id'] ]; 2469 2469 … … 2557 2557 2558 2558 // Post value is passed 2559 if ( bbp_is_ post_request() && isset( $_POST[ $r['select_id'] ] ) ) {2559 if ( bbp_is_forum_form_post_request() && isset( $_POST[ $r['select_id'] ] ) ) { 2560 2560 $r['selected'] = $_POST[ $r['select_id'] ]; 2561 2561 … … 2649 2649 2650 2650 // Post value is passed 2651 if ( bbp_is_ post_request() && isset( $_POST[ $r['select_id'] ] ) ) {2651 if ( bbp_is_forum_form_post_request() && isset( $_POST[ $r['select_id'] ] ) ) { 2652 2652 $r['selected'] = $_POST[ $r['select_id'] ]; 2653 2653 … … 2688 2688 return apply_filters( 'bbp_get_form_forum_type_dropdown', ob_get_clean(), $r ); 2689 2689 } 2690 2691 /** 2692 * Verify if a POST request came from a failed forum attempt. 2693 * 2694 * Used to avoid cross-site request forgeries when checking posted forum form 2695 * content. 2696 * 2697 * @see bbp_forum_form_fields() 2698 * 2699 * @since bbPress (r5558) 2700 * @return boolean True if is a post request with valid nonce 2701 */ 2702 function bbp_is_forum_form_post_request() { 2703 2704 // Bail if not a post request 2705 if ( ! bbp_is_post_request() ) { 2706 return false; 2707 } 2708 2709 // Creating a new topic 2710 if ( bbp_verify_nonce_request( 'bbp-new-forum' ) ) { 2711 return true; 2712 } 2713 2714 // Editing an existing topic 2715 if ( bbp_verify_nonce_request( 'bbp-edit-forum' ) ) { 2716 return true; 2717 } 2718 2719 return false; 2720 } 2690 2721 2691 2722 /** Feeds *********************************************************************/ -
trunk/src/includes/replies/template.php
r5513 r5558 2552 2552 2553 2553 // Get _POST data 2554 if ( bbp_is_ post_request() && isset( $_POST['bbp_reply_content'] ) ) {2554 if ( bbp_is_reply_form_post_request() && isset( $_POST['bbp_reply_content'] ) ) { 2555 2555 $reply_content = stripslashes( $_POST['bbp_reply_content'] ); 2556 2556 … … 2593 2593 2594 2594 // Get $_REQUEST data 2595 if ( isset( $_REQUEST['bbp_reply_to'] ) ) {2595 if ( bbp_is_reply_form_post_request() && isset( $_REQUEST['bbp_reply_to'] ) ) { 2596 2596 $reply_to = bbp_validate_reply_to( $_REQUEST['bbp_reply_to'] ); 2597 2597 } … … 2711 2711 2712 2712 // Get _POST data 2713 if ( bbp_is_ post_request() && isset( $_POST['bbp_log_reply_edit'] ) ) {2714 $reply_revision = $_POST['bbp_log_reply_edit'];2713 if ( bbp_is_reply_form_post_request() && isset( $_POST['bbp_log_reply_edit'] ) ) { 2714 $reply_revision = (bool) $_POST['bbp_log_reply_edit']; 2715 2715 2716 2716 // No data 2717 2717 } else { 2718 $reply_revision = 1; 2719 } 2720 2721 return apply_filters( 'bbp_get_form_reply_log_edit', checked( $reply_revision, true, false ) ); 2718 $reply_revision = true; 2719 } 2720 2721 // Get checked output 2722 $checked = checked( $reply_revision, true, false ); 2723 2724 return apply_filters( 'bbp_get_form_reply_log_edit', $checked, $reply_revision ); 2722 2725 } 2723 2726 … … 2744 2747 2745 2748 // Get _POST data 2746 if ( bbp_is_ post_request() && isset( $_POST['bbp_reply_edit_reason'] ) ) {2747 $reply_edit_reason = $_POST['bbp_reply_edit_reason'];2749 if ( bbp_is_reply_form_post_request() && isset( $_POST['bbp_reply_edit_reason'] ) ) { 2750 $reply_edit_reason = stripslashes( $_POST['bbp_reply_edit_reason'] ); 2748 2751 2749 2752 // No data … … 2752 2755 } 2753 2756 2754 return apply_filters( 'bbp_get_form_reply_edit_reason', esc_attr( $reply_edit_reason ));2757 return apply_filters( 'bbp_get_form_reply_edit_reason', $reply_edit_reason ); 2755 2758 } 2756 2759 … … 2798 2801 2799 2802 // Post value is passed 2800 if ( bbp_is_ post_request() && isset( $_POST[ $r['select_id'] ] ) ) {2803 if ( bbp_is_reply_form_post_request() && isset( $_POST[ $r['select_id'] ] ) ) { 2801 2804 $r['selected'] = $_POST[ $r['select_id'] ]; 2802 2805 … … 2837 2840 return apply_filters( 'bbp_get_form_reply_status_dropdown', ob_get_clean(), $r ); 2838 2841 } 2842 2843 /** 2844 * Verify if a POST request came from a failed reply attempt. 2845 * 2846 * Used to avoid cross-site request forgeries when checking posted reply form 2847 * content. 2848 * 2849 * @see bbp_reply_form_fields() 2850 * 2851 * @since bbPress (r5558) 2852 * @return boolean True if is a post request with valid nonce 2853 */ 2854 function bbp_is_reply_form_post_request() { 2855 2856 // Bail if not a post request 2857 if ( ! bbp_is_post_request() ) { 2858 return false; 2859 } 2860 2861 // Creating a new reply 2862 if ( bbp_verify_nonce_request( 'bbp-new-reply' ) ) { 2863 return true; 2864 } 2865 2866 // Editing an existing reply 2867 if ( bbp_verify_nonce_request( 'bbp-edit-reply' ) ) { 2868 return true; 2869 } 2870 2871 return false; 2872 } -
trunk/src/includes/topics/template.php
r5513 r5558 3266 3266 3267 3267 // Post value is passed 3268 if ( bbp_is_ post_request() && isset( $_POST[ $r['select_id'] ] ) ) {3268 if ( bbp_is_topic_form_post_request() && isset( $_POST[ $r['select_id'] ] ) ) { 3269 3269 $r['selected'] = $_POST[ $r['select_id'] ]; 3270 3270 … … 3355 3355 3356 3356 // Post value is passed 3357 if ( bbp_is_ post_request() && isset( $_POST[ $r['select_id'] ] ) ) {3357 if ( bbp_is_topic_form_post_request() && isset( $_POST[ $r['select_id'] ] ) ) { 3358 3358 $r['selected'] = $_POST[ $r['select_id'] ]; 3359 3359 … … 3849 3849 3850 3850 // Get _POST data 3851 if ( bbp_is_ post_request() && isset( $_POST['bbp_topic_title'] ) ) {3852 $topic_title = $_POST['bbp_topic_title'];3851 if ( bbp_is_topic_form_post_request() && isset( $_POST['bbp_topic_title'] ) ) { 3852 $topic_title = stripslashes( $_POST['bbp_topic_title'] ); 3853 3853 3854 3854 // Get edit data … … 3886 3886 3887 3887 // Get _POST data 3888 if ( bbp_is_ post_request() && isset( $_POST['bbp_topic_content'] ) ) {3888 if ( bbp_is_topic_form_post_request() && isset( $_POST['bbp_topic_content'] ) ) { 3889 3889 $topic_content = stripslashes( $_POST['bbp_topic_content'] ); 3890 3890 … … 3933 3933 3934 3934 // Get _POST data 3935 if ( bbp_is_post_request() && isset( $_POST['bbp_topic_tags'] ) ) {3936 $topic_tags = $_POST['bbp_topic_tags'];3935 if ( ( bbp_is_topic_form_post_request() || bbp_is_reply_form_post_request() ) && isset( $_POST['bbp_topic_tags'] ) ) { 3936 $topic_tags = stripslashes( $_POST['bbp_topic_tags'] ); 3937 3937 3938 3938 // Get edit data … … 4016 4016 4017 4017 // Get _POST data 4018 if ( bbp_is_ post_request() && isset( $_POST['bbp_forum_id'] ) ) {4018 if ( bbp_is_topic_form_post_request() && isset( $_POST['bbp_forum_id'] ) ) { 4019 4019 $topic_forum = (int) $_POST['bbp_forum_id']; 4020 4020 … … 4056 4056 4057 4057 // Get _POST data 4058 if ( bbp_is_ post_request() && isset( $_POST['bbp_topic_subscription'] ) ) {4058 if ( bbp_is_topic_form_post_request() && isset( $_POST['bbp_topic_subscription'] ) ) { 4059 4059 $topic_subscribed = (bool) $_POST['bbp_topic_subscription']; 4060 4060 … … 4111 4111 4112 4112 // Get _POST data 4113 if ( bbp_is_ post_request() && isset( $_POST['bbp_log_topic_edit'] ) ) {4114 $topic_revision = ( int) $_POST['bbp_log_topic_edit'];4113 if ( bbp_is_topic_form_post_request() && isset( $_POST['bbp_log_topic_edit'] ) ) { 4114 $topic_revision = (bool) $_POST['bbp_log_topic_edit']; 4115 4115 4116 4116 // No data 4117 4117 } else { 4118 $topic_revision = 1;4118 $topic_revision = true; 4119 4119 } 4120 4120 … … 4147 4147 4148 4148 // Get _POST data 4149 if ( bbp_is_ post_request() && isset( $_POST['bbp_topic_edit_reason'] ) ) {4150 $topic_edit_reason = $_POST['bbp_topic_edit_reason'];4149 if ( bbp_is_topic_form_post_request() && isset( $_POST['bbp_topic_edit_reason'] ) ) { 4150 $topic_edit_reason = stripslashes( $_POST['bbp_topic_edit_reason'] ); 4151 4151 4152 4152 // No data … … 4155 4155 } 4156 4156 4157 return apply_filters( 'bbp_get_form_topic_edit_reason', esc_attr( $topic_edit_reason ) ); 4158 } 4157 return apply_filters( 'bbp_get_form_topic_edit_reason', $topic_edit_reason ); 4158 } 4159 4160 /** 4161 * Verify if a POST request came from a failed topic attempt. 4162 * 4163 * Used to avoid cross-site request forgeries when checking posted topic form 4164 * content. 4165 * 4166 * @see bbp_topic_form_fields() 4167 * 4168 * @since bbPress (r5558) 4169 * @return boolean True if is a post request with valid nonce 4170 */ 4171 function bbp_is_topic_form_post_request() { 4172 4173 // Bail if not a post request 4174 if ( ! bbp_is_post_request() ) { 4175 return false; 4176 } 4177 4178 // Creating a new topic 4179 if ( bbp_verify_nonce_request( 'bbp-new-topic' ) ) { 4180 return true; 4181 } 4182 4183 // Editing an existing topic 4184 if ( bbp_verify_nonce_request( 'bbp-edit-topic' ) ) { 4185 return true; 4186 } 4187 4188 return false; 4189 }
Note: See TracChangeset
for help on using the changeset viewer.