Changeset 5558 for trunk/src/includes/replies/template.php

Timestamp:

11/10/2014 05:37:29 PM (9 years ago)

Author:

johnjamesjacoby

Message:

Improve form field output sanitization when posting theme-side forum/topic/reply content. Thanks planetzuda. See #2719.

File:

• trunk/src/includes/replies/template.php (modified) (7 diffs)

trunk/src/includes/replies/template.php

@@ -2552 +2552 @@
 
         // Get _POST data
-        if ( bbp_is_post_request() && isset( $_POST['bbp_reply_content'] ) ) {
+        if ( bbp_is_reply_form_post_request() && isset( $_POST['bbp_reply_content'] ) ) {
             $reply_content = stripslashes( $_POST['bbp_reply_content'] );
 
@@ -2593 +2593 @@
 
         // Get $_REQUEST data
-        if ( isset( $_REQUEST['bbp_reply_to'] ) ) {
+        if ( bbp_is_reply_form_post_request() && isset( $_REQUEST['bbp_reply_to'] ) ) {
             $reply_to = bbp_validate_reply_to( $_REQUEST['bbp_reply_to'] );
         }
@@ -2711 +2711 @@
 
         // Get _POST data
-        if ( bbp_is_post_request() && isset( $_POST['bbp_log_reply_edit'] ) ) {
-            $reply_revision = $_POST['bbp_log_reply_edit'];
+        if ( bbp_is_reply_form_post_request() && isset( $_POST['bbp_log_reply_edit'] ) ) {
+            $reply_revision = (bool) $_POST['bbp_log_reply_edit'];
 
         // No data
         } else {
-            $reply_revision = 1;
-        }
-
-        return apply_filters( 'bbp_get_form_reply_log_edit', checked( $reply_revision, true, false ) );
+            $reply_revision = true;
+        }
+
+        // Get checked output
+        $checked = checked( $reply_revision, true, false );
+
+        return apply_filters( 'bbp_get_form_reply_log_edit', $checked, $reply_revision );
     }
 
@@ -2744 +2747 @@
 
         // Get _POST data
-        if ( bbp_is_post_request() && isset( $_POST['bbp_reply_edit_reason'] ) ) {
-            $reply_edit_reason = $_POST['bbp_reply_edit_reason'];
+        if ( bbp_is_reply_form_post_request() && isset( $_POST['bbp_reply_edit_reason'] ) ) {
+            $reply_edit_reason = stripslashes( $_POST['bbp_reply_edit_reason'] );
 
         // No data
@@ -2752 +2755 @@
         }
 
-        return apply_filters( 'bbp_get_form_reply_edit_reason', esc_attr( $reply_edit_reason ) );
+        return apply_filters( 'bbp_get_form_reply_edit_reason', $reply_edit_reason );
     }
 
@@ -2798 +2801 @@
 
             // Post value is passed
-            if ( bbp_is_post_request() && isset( $_POST[ $r['select_id'] ] ) ) {
+            if ( bbp_is_reply_form_post_request() && isset( $_POST[ $r['select_id'] ] ) ) {
                 $r['selected'] = $_POST[ $r['select_id'] ];
 
@@ -2837 +2840 @@
         return apply_filters( 'bbp_get_form_reply_status_dropdown', ob_get_clean(), $r );
     }
+
+/**
+ * Verify if a POST request came from a failed reply attempt.
+ *
+ * Used to avoid cross-site request forgeries when checking posted reply form
+ * content.
+ *
+ * @see bbp_reply_form_fields()
+ *
+ * @since bbPress (r5558)
+ * @return boolean True if is a post request with valid nonce
+ */
+function bbp_is_reply_form_post_request() {
+
+    // Bail if not a post request
+    if ( ! bbp_is_post_request() ) {
+        return false;
+    }
+
+    // Creating a new reply
+    if ( bbp_verify_nonce_request( 'bbp-new-reply' ) ) {
+        return true;
+    }
+
+    // Editing an existing reply
+    if ( bbp_verify_nonce_request( 'bbp-edit-reply' ) ) {
+        return true;
+    }
+
+    return false;
+}