Skip to:
Content

bbPress.org

Changeset 5587


Ignore:
Timestamp:
01/10/2015 10:52:51 PM (9 years ago)
Author:
johnjamesjacoby
Message:

Use sanitize_key() in bbp_post_request() and bbp_get_request(), improving the predictability of possible actions. See #2742.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/includes/core/sub-actions.php

    r5438 r5587  
    364364    }
    365365
     366    // Sanitize the POST action
     367    $action = sanitize_key( $_POST['action'] );
     368
    366369    // This dynamic action is probably the one you want to use. It narrows down
    367370    // the scope of the 'action' without needing to check it in your function.
    368     do_action( 'bbp_post_request_' . $_POST['action'] );
     371    do_action( 'bbp_post_request_' . $action );
    369372
    370373    // Use this static action if you don't mind checking the 'action' yourself.
    371     do_action( 'bbp_post_request',   $_POST['action'] );
     374    do_action( 'bbp_post_request',   $action );
    372375}
    373376
     
    390393    }
    391394
     395    // Sanitize the POST action
     396    $action = sanitize_key( $_GET['action'] );
     397
    392398    // This dynamic action is probably the one you want to use. It narrows down
    393399    // the scope of the 'action' without needing to check it in your function.
    394     do_action( 'bbp_get_request_' . $_GET['action'] );
     400    do_action( 'bbp_get_request_' . $action );
    395401
    396402    // Use this static action if you don't mind checking the 'action' yourself.
    397     do_action( 'bbp_get_request',   $_GET['action'] );
     403    do_action( 'bbp_get_request',   $action );
    398404}
    399405
Note: See TracChangeset for help on using the changeset viewer.