Skip to:
Content

bbPress.org

Changeset 5592


Ignore:
Timestamp:
01/10/2015 10:59:32 PM (9 years ago)
Author:
johnjamesjacoby
Message:

Use sanitize_key() in forums/template.php to ensure values are within expected boundaries. See #2742.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/includes/forums/template.php

    r5563 r5592  
    22992299        // Get _POST data
    23002300        if ( bbp_is_forum_form_post_request() && isset( $_POST['bbp_forum_type'] ) ) {
    2301             $forum_type = $_POST['bbp_forum_type'];
     2301            $forum_type = sanitize_key( $_POST['bbp_forum_type'] );
    23022302
    23032303        // Get edit data
     
    23372337        // Get _POST data
    23382338        if ( bbp_is_forum_form_post_request() && isset( $_POST['bbp_forum_visibility'] ) ) {
    2339             $forum_visibility = $_POST['bbp_forum_visibility'];
     2339            $forum_visibility = sanitize_key( $_POST['bbp_forum_visibility'] );
    23402340
    23412341        // Get edit data
     
    24662466            // Post value is passed
    24672467            if ( bbp_is_forum_form_post_request() && isset( $_POST[ $r['select_id'] ] ) ) {
    2468                 $r['selected'] = $_POST[ $r['select_id'] ];
     2468                $r['selected'] = sanitize_key( $_POST[ $r['select_id'] ] );
    24692469
    24702470            // No Post value was passed
     
    25582558            // Post value is passed
    25592559            if ( bbp_is_forum_form_post_request() && isset( $_POST[ $r['select_id'] ] ) ) {
    2560                 $r['selected'] = $_POST[ $r['select_id'] ];
     2560                $r['selected'] = sanitize_key( $_POST[ $r['select_id'] ] );
    25612561
    25622562            // No Post value was passed
     
    26502650            // Post value is passed
    26512651            if ( bbp_is_forum_form_post_request() && isset( $_POST[ $r['select_id'] ] ) ) {
    2652                 $r['selected'] = $_POST[ $r['select_id'] ];
     2652                $r['selected'] = sanitize_key( $_POST[ $r['select_id'] ] );
    26532653
    26542654            // No Post value was passed
Note: See TracChangeset for help on using the changeset viewer.