Changeset 5589

Timestamp:

01/10/2015 10:56:33 PM (10 years ago)

Author:

johnjamesjacoby

Message:

Use sanitize_key() in topics/functions.php to ensure values are within expected boundaries. See #2742.

File:

• trunk/src/includes/topics/functions.php (modified) (3 diffs)

trunk/src/includes/topics/functions.php

@@ -287 +287 @@
     // Check a whitelist of possible topic status ID's
     } elseif ( ! empty( $_POST['bbp_topic_status'] ) && in_array( $_POST['bbp_topic_status'], array_keys( bbp_get_topic_statuses() ) ) ) {
-        $topic_status = $_POST['bbp_topic_status'];
+        $topic_status = sanitize_key( $_POST['bbp_topic_status'] );
 
     // Default to published if nothing else
@@ -630 +630 @@
     // Check a whitelist of possible topic status ID's
     } elseif ( ! empty( $_POST['bbp_topic_status'] ) && in_array( $_POST['bbp_topic_status'], array_keys( bbp_get_topic_statuses() ) ) ) {
-        $topic_status = $_POST['bbp_topic_status'];
+        $topic_status = sanitize_key( $_POST['bbp_topic_status'] );
 
     // Use existing post_status
@@ -1504 +1504 @@
     // How to Split
     if ( ! empty( $_POST['bbp_topic_split_option'] ) ) {
-        $split_option = (string) trim( $_POST['bbp_topic_split_option'] );
+        $split_option = sanitize_key( $_POST['bbp_topic_split_option'] );
     }