Changeset 5684

Timestamp:

04/15/2015 03:06:31 PM (11 years ago)

Author:

johnjamesjacoby

Message:

General: Use sanitize_text_field() in lieu of old-bbPress style pre-escaping technique.

Location:

trunk/src/includes

Files:

• core/filters.php (modified) (1 diff)
• forums/functions.php (modified) (5 diffs)
• replies/functions.php (modified) (8 diffs)
• topics/functions.php (modified) (8 diffs)

trunk/src/includes/core/filters.php

@@ -92 +92 @@
 add_filter( 'bbp_get_forum_permalink', 'bbp_add_view_all' );
 
-// wp_filter_kses on new/edit topic/reply title
+// wp_filter_kses on new/edit forum/topic/reply title
+add_filter( 'bbp_new_forum_pre_title',  'wp_filter_kses'  );
 add_filter( 'bbp_new_reply_pre_title',  'wp_filter_kses'  );
 add_filter( 'bbp_new_topic_pre_title',  'wp_filter_kses'  );
+add_filter( 'bbp_edit_forum_pre_title', 'wp_filter_kses'  );
 add_filter( 'bbp_edit_reply_pre_title', 'wp_filter_kses'  );
 add_filter( 'bbp_edit_topic_pre_title', 'wp_filter_kses'  );

trunk/src/includes/forums/functions.php

@@ -87 +87 @@
  * @uses bbp_set_current_anonymous_user_data() To set the anonymous user cookies
  * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
- * @uses esc_attr() For sanitization
  * @uses bbp_is_forum_category() To check if the forum is a category
  * @uses bbp_is_forum_closed() To check if the forum is closed
@@ -147 +146 @@
 
     if ( !empty( $_POST['bbp_forum_title'] ) ) {
-        $forum_title = esc_attr( strip_tags( $_POST['bbp_forum_title'] ) );
+        $forum_title = sanitize_text_field( $_POST['bbp_forum_title'] );
     }
 
@@ -352 +351 @@
  * @uses bbp_filter_anonymous_post_data() To filter anonymous data
  * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
- * @uses esc_attr() For sanitization
  * @uses bbp_is_forum_category() To check if the forum is a category
  * @uses bbp_is_forum_closed() To check if the forum is closed
@@ -454 +452 @@
 
     if ( !empty( $_POST['bbp_forum_title'] ) ) {
-        $forum_title = esc_attr( strip_tags( $_POST['bbp_forum_title'] ) );
+        $forum_title = sanitize_text_field( $_POST['bbp_forum_title'] );
     }
 
@@ -522 +520 @@
     // Revision Reason
     if ( !empty( $_POST['bbp_forum_edit_reason'] ) )
-        $forum_edit_reason = esc_attr( strip_tags( $_POST['bbp_forum_edit_reason'] ) );
+        $forum_edit_reason = sanitize_text_field( $_POST['bbp_forum_edit_reason'] );
 
     // Update revision log

trunk/src/includes/replies/functions.php

@@ -90 +90 @@
  * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
  * @uses remove_filter() To remove kses filters if needed
- * @uses esc_attr() For sanitization
  * @uses bbp_check_for_flood() To check for flooding
  * @uses bbp_check_for_duplicate() To check for duplicates
@@ -263 +262 @@
 
     if ( !empty( $_POST['bbp_reply_title'] ) ) {
-        $reply_title = esc_attr( strip_tags( $_POST['bbp_reply_title'] ) );
+        $reply_title = sanitize_text_field( $_POST['bbp_reply_title'] );
     }
 
@@ -330 +329 @@
     // Either replace terms
     if ( bbp_allow_topic_tags() && current_user_can( 'assign_topic_tags' ) && ! empty( $_POST['bbp_topic_tags'] ) ) {
-        $terms = esc_attr( strip_tags( $_POST['bbp_topic_tags'] ) );
+        $terms = sanitize_text_field( $_POST['bbp_topic_tags'] );
 
     // ...or remove them.
@@ -472 +471 @@
  * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
  * @uses remove_filter() To remove kses filters if needed
- * @uses esc_attr() For sanitization
- * @uses apply_filters() Calls 'bbp_edit_reply_pre_title' with the title and
- *                       reply id
- * @uses apply_filters() Calls 'bbp_edit_reply_pre_content' with the content
- *                        reply id
+ * @uses apply_filters() Calls 'bbp_edit_reply_pre_title' with the title and id
+ * @uses apply_filters() Calls 'bbp_edit_reply_pre_content' with the content id
  * @uses wp_set_post_terms() To set the topic tags
  * @uses bbp_has_errors() To get the {@link WP_Error} errors
@@ -600 +596 @@
 
     if ( !empty( $_POST['bbp_reply_title'] ) ) {
-        $reply_title = esc_attr( strip_tags( $_POST['bbp_reply_title'] ) );
+        $reply_title = sanitize_text_field( $_POST['bbp_reply_title'] );
     }
 
@@ -652 +648 @@
     // Either replace terms
     if ( bbp_allow_topic_tags() && current_user_can( 'assign_topic_tags' ) && ! empty( $_POST['bbp_topic_tags'] ) ) {
-        $terms = esc_attr( strip_tags( $_POST['bbp_topic_tags'] ) );
+        $terms = sanitize_text_field( $_POST['bbp_topic_tags'] );
 
     // ...or remove them.
@@ -718 +714 @@
     // Revision Reason
     if ( !empty( $_POST['bbp_reply_edit_reason'] ) ) {
-        $reply_edit_reason = esc_attr( strip_tags( $_POST['bbp_reply_edit_reason'] ) );
+        $reply_edit_reason = sanitize_text_field( $_POST['bbp_reply_edit_reason'] );
     }
 
@@ -1384 +1380 @@
                     // Use the new title that was passed
                     if ( !empty( $_POST['bbp_reply_move_destination_title'] ) ) {
-                        $destination_topic_title = esc_attr( strip_tags( $_POST['bbp_reply_move_destination_title'] ) );
+                        $destination_topic_title = sanitize_text_field( $_POST['bbp_reply_move_destination_title'] );
 
                     // Use the source topic title

trunk/src/includes/topics/functions.php

@@ -92 +92 @@
  * @uses bbp_set_current_anonymous_user_data() To set the anonymous user cookies
  * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
- * @uses esc_attr() For sanitization
  * @uses bbp_is_forum_category() To check if the forum is a category
  * @uses bbp_is_forum_closed() To check if the forum is closed
@@ -175 +174 @@
 
     if ( ! empty( $_POST['bbp_topic_title'] ) ) {
-        $topic_title = esc_attr( strip_tags( $_POST['bbp_topic_title'] ) );
+        $topic_title = sanitize_text_field( $_POST['bbp_topic_title'] );
     }
 
@@ -306 +305 @@
 
         // Escape tag input
-        $terms = esc_attr( strip_tags( $_POST['bbp_topic_tags'] ) );
+        $terms = sanitize_text_field( $_POST['bbp_topic_tags'] );
 
         // Explode by comma
@@ -464 +463 @@
  * @uses bbp_filter_anonymous_post_data() To filter anonymous data
  * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
- * @uses esc_attr() For sanitization
  * @uses bbp_is_forum_category() To check if the forum is a category
  * @uses bbp_is_forum_closed() To check if the forum is closed
@@ -600 +598 @@
 
     if ( ! empty( $_POST['bbp_topic_title'] ) ) {
-        $topic_title = esc_attr( strip_tags( $_POST['bbp_topic_title'] ) );
+        $topic_title = sanitize_text_field( $_POST['bbp_topic_title'] );
     }
 
@@ -656 +654 @@
 
         // Escape tag input
-        $terms = esc_attr( strip_tags( $_POST['bbp_topic_tags'] ) );
+        $terms = sanitize_text_field( $_POST['bbp_topic_tags'] );
 
         // Explode by comma
@@ -725 +723 @@
         // Revision Reason
         if ( ! empty( $_POST['bbp_topic_edit_reason'] ) ) {
-            $topic_edit_reason = esc_attr( strip_tags( $_POST['bbp_topic_edit_reason'] ) );
+            $topic_edit_reason = sanitize_text_field( $_POST['bbp_topic_edit_reason'] );
         }
 
@@ -1558 +1556 @@
                     // Use the new title that was passed
                     if ( ! empty( $_POST['bbp_topic_split_destination_title'] ) ) {
-                        $destination_topic_title = esc_attr( strip_tags( $_POST['bbp_topic_split_destination_title'] ) );
+                        $destination_topic_title = sanitize_text_field( $_POST['bbp_topic_split_destination_title'] );
 
                     // Use the source topic title