Changeset 5684 for trunk/src/includes/topics/functions.php

Timestamp:

04/15/2015 03:06:31 PM (11 years ago)

Author:

johnjamesjacoby

Message:

General: Use sanitize_text_field() in lieu of old-bbPress style pre-escaping technique.

File:

• trunk/src/includes/topics/functions.php (modified) (8 diffs)

trunk/src/includes/topics/functions.php

@@ -92 +92 @@
  * @uses bbp_set_current_anonymous_user_data() To set the anonymous user cookies
  * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
- * @uses esc_attr() For sanitization
  * @uses bbp_is_forum_category() To check if the forum is a category
  * @uses bbp_is_forum_closed() To check if the forum is closed
@@ -175 +174 @@
 
     if ( ! empty( $_POST['bbp_topic_title'] ) ) {
-        $topic_title = esc_attr( strip_tags( $_POST['bbp_topic_title'] ) );
+        $topic_title = sanitize_text_field( $_POST['bbp_topic_title'] );
     }
 
@@ -306 +305 @@
 
         // Escape tag input
-        $terms = esc_attr( strip_tags( $_POST['bbp_topic_tags'] ) );
+        $terms = sanitize_text_field( $_POST['bbp_topic_tags'] );
 
         // Explode by comma
@@ -464 +463 @@
  * @uses bbp_filter_anonymous_post_data() To filter anonymous data
  * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
- * @uses esc_attr() For sanitization
  * @uses bbp_is_forum_category() To check if the forum is a category
  * @uses bbp_is_forum_closed() To check if the forum is closed
@@ -600 +598 @@
 
     if ( ! empty( $_POST['bbp_topic_title'] ) ) {
-        $topic_title = esc_attr( strip_tags( $_POST['bbp_topic_title'] ) );
+        $topic_title = sanitize_text_field( $_POST['bbp_topic_title'] );
     }
 
@@ -656 +654 @@
 
         // Escape tag input
-        $terms = esc_attr( strip_tags( $_POST['bbp_topic_tags'] ) );
+        $terms = sanitize_text_field( $_POST['bbp_topic_tags'] );
 
         // Explode by comma
@@ -725 +723 @@
         // Revision Reason
         if ( ! empty( $_POST['bbp_topic_edit_reason'] ) ) {
-            $topic_edit_reason = esc_attr( strip_tags( $_POST['bbp_topic_edit_reason'] ) );
+            $topic_edit_reason = sanitize_text_field( $_POST['bbp_topic_edit_reason'] );
         }
 
@@ -1558 +1556 @@
                     // Use the new title that was passed
                     if ( ! empty( $_POST['bbp_topic_split_destination_title'] ) ) {
-                        $destination_topic_title = esc_attr( strip_tags( $_POST['bbp_topic_split_destination_title'] ) );
+                        $destination_topic_title = sanitize_text_field( $_POST['bbp_topic_split_destination_title'] );
 
                     // Use the source topic title