Skip to:
Content

bbPress.org

Changeset 5591


Ignore:
Timestamp:
01/10/2015 10:58:37 PM (10 years ago)
Author:
johnjamesjacoby
Message:

Use sanitize_key() in bbp_profile_update_role() to ensure role value is within expected boundaries. See #2742.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/includes/users/capabilities.php

    r5442 r5591  
    199199    }
    200200
    201     // Fromus role we want the user to have
    202     $new_role    = sanitize_text_field( $_POST['bbp-forums-role'] );
     201    // Forums role we want the user to have
     202    $new_role    = sanitize_key( $_POST['bbp-forums-role'] );
    203203    $forums_role = bbp_get_user_role( $user_id );
    204204
Note: See TracChangeset for help on using the changeset viewer.