Skip to:
Content

Changeset 6400


Ignore:
Timestamp:
04/19/2017 08:58:52 PM (15 months ago)
Author:
johnjamesjacoby
Message:

Anonymous: Improve $anonymous_data implementation:

  • Always treat it as an array, handling for false values was never used
  • Introduce _sanitize_ and _update_ partner functions for the existing _filter_ function
  • Ensure that cookies and meta-data values are stripped of invalid characters in the same way that anonymous comments are, to prevent inconsistencies between anonymous forum and commenter cookie data
  • Update surrounding documentation blocks
  • Prefer strict type-casting and is_array() comparisons
Location:
trunk/src/includes
Files:
8 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/includes/admin/replies.php

    r6398 r6400  
    425425        }
    426426
    427         // Current user cannot edit this reply
     427        // Bail if current user cannot edit this reply
    428428        if ( ! current_user_can( 'edit_reply', $reply_id ) ) {
    429429            return $reply_id;
  • trunk/src/includes/admin/topics.php

    r6397 r6400  
    541541        // Bail if not a post request
    542542        if ( ! bbp_is_post_request() ) {
     543            return $topic_id;
     544        }
     545
     546        // Check action exists
     547        if ( empty( $_POST['action'] ) ) {
    543548            return $topic_id;
    544549        }
  • trunk/src/includes/common/functions.php

    r6387 r6400  
    432432
    433433    // Parse arguments against default values
    434     $r = bbp_parse_args( $args, array (
     434    $r = bbp_parse_args( $args, array(
    435435        'bbp_anonymous_name'    => ! empty( $_POST['bbp_anonymous_name']    ) ? $_POST['bbp_anonymous_name']    : false,
    436436        'bbp_anonymous_email'   => ! empty( $_POST['bbp_anonymous_email']   ) ? $_POST['bbp_anonymous_email']   : false,
     
    438438    ), 'filter_anonymous_post_data' );
    439439
    440     // Filter variables and add errors if necessary
    441     $r['bbp_anonymous_name'] = apply_filters( 'bbp_pre_anonymous_post_author_name',  $r['bbp_anonymous_name']  );
     440    // Strip invalid characters
     441    $r = bbp_sanitize_anonymous_post_author( $r );
     442
     443    // Filter name
     444    $r['bbp_anonymous_name'] = apply_filters( 'bbp_pre_anonymous_post_author_name', $r['bbp_anonymous_name'] );
    442445    if ( empty( $r['bbp_anonymous_name'] ) ) {
    443         bbp_add_error( 'bbp_anonymous_name',  __( '<strong>ERROR</strong>: Invalid author name.',   'bbpress' ) );
    444     }
    445 
     446        bbp_add_error( 'bbp_anonymous_name',  __( '<strong>ERROR</strong>: Invalid author name.', 'bbpress' ) );
     447    }
     448
     449    // Filter email address
    446450    $r['bbp_anonymous_email'] = apply_filters( 'bbp_pre_anonymous_post_author_email', $r['bbp_anonymous_email'] );
    447451    if ( empty( $r['bbp_anonymous_email'] ) ) {
     
    449453    }
    450454
    451     // Website is optional
     455    // Website is optional (can be empty)
    452456    $r['bbp_anonymous_website'] = apply_filters( 'bbp_pre_anonymous_post_author_website', $r['bbp_anonymous_website'] );
    453457
    454     // Return false if we have any errors
    455     $retval = bbp_has_errors() ? false : $r;
    456 
    457     // Finally, return sanitized data or false
    458     return apply_filters( 'bbp_filter_anonymous_post_data', $retval, $r );
     458    // Finally, return filtered anonymous post data
     459    return (array) apply_filters( 'bbp_filter_anonymous_post_data', $r, $args );
     460}
     461
     462/**
     463 * Sanitize an array of anonymous post author data
     464 *
     465 * @since 2.6.0 bbPress (r6400)
     466 *
     467 * @param array $anonymous_data
     468 * @return array
     469 */
     470function bbp_sanitize_anonymous_post_author( $anonymous_data = array() ) {
     471
     472    // Make sure anonymous data is an array
     473    if ( ! is_array( $anonymous_data ) ) {
     474        $anonymous_data = array();
     475    }
     476
     477    // Map meta data to comment fields (as guides for stripping invalid text)
     478    $fields = array(
     479        'bbp_anonymous_name'    => 'comment_author',
     480        'bbp_anonymous_email'   => 'comment_author_email',
     481        'bbp_anonymous_website' => 'comment_author_url'
     482    );
     483
     484    // Setup a new return array
     485    $r = $anonymous_data;
     486
     487    // Get the database
     488    $bbp_db = bbp_db();
     489
     490    // Strip invalid text from fields
     491    foreach ( $fields as $bbp_field => $comment_field ) {
     492        if ( ! empty( $r[ $bbp_field ] ) ) {
     493            $r[ $bbp_field ] = $bbp_db->strip_invalid_text_for_column( $bbp_db->comments, $comment_field, $r[ $bbp_field ] );
     494        }
     495    }
     496
     497    // Filter and return
     498    return (array) apply_filters( 'bbp_sanitize_anonymous_post_author', $r, $anonymous_data );
     499}
     500
     501/**
     502 * Update the relevant meta-data for an anonymous post author
     503 *
     504 * @since 2.6.0 bbPress (r6400)
     505 *
     506 * @param int    $post_id
     507 * @param array  $anonymous_data
     508 * @param string $post_type
     509 */
     510function bbp_update_anonymous_post_author( $post_id = 0, $anonymous_data = array(), $post_type = '' ) {
     511
     512    // Maybe look for anonymous
     513    if ( empty( $anonymous_data ) ) {
     514        $anonymous_data = bbp_filter_anonymous_post_data();
     515    }
     516
     517    // Sanitize parameters
     518    $post_id   = (int) $post_id;
     519    $post_type = sanitize_key( $post_type );
     520
     521    // Bail if missing required data
     522    if ( empty( $post_id ) || empty( $post_type ) || empty( $anonymous_data ) ) {
     523        return;
     524    }
     525
     526    // Parse arguments against default values
     527    $r = bbp_parse_args( $anonymous_data, array(
     528        'bbp_anonymous_name'    => '',
     529        'bbp_anonymous_email'   => '',
     530        'bbp_anonymous_website' => '',
     531    ), "update_{$post_type}" );
     532
     533    // Update all anonymous metas
     534    foreach ( $r as $anon_key => $anon_value ) {
     535        update_post_meta( $post_id, '_' . $anon_key, (string) $anon_value, false );
     536    }
    459537}
    460538
     
    491569        'post_content'   => '',
    492570        'post_status'    => bbp_get_trash_status_id(),
    493         'anonymous_data' => false
     571        'anonymous_data' => array()
    494572    ), 'check_for_duplicate' );
    495573
     
    497575    $bbp_db = bbp_db();
    498576
     577    // Default clauses
     578    $join = $where = '';
     579
    499580    // Check for anonymous post
    500581    if ( empty( $r['post_author'] ) && ( ! empty( $r['anonymous_data'] ) && ! empty( $r['anonymous_data']['bbp_anonymous_email'] ) ) ) {
    501         $clauses = get_meta_sql( array( array(
    502             'key'   => '_bbp_anonymous_email',
    503             'value' => $r['anonymous_data']['bbp_anonymous_email']
    504         ) ), 'post', $bbp_db->posts, 'ID' );
    505 
    506         $join    = $clauses['join'];
    507         $where   = $clauses['where'];
    508     } else {
    509         $join    = $where = '';
     582
     583        // Sanitize the email address for querying
     584        $email = sanitize_email( $r['anonymous_data']['bbp_anonymous_email'] );
     585
     586        // Only proceed
     587        if ( ! empty( $email ) && is_email( $email ) ) {
     588
     589            // Get the meta SQL
     590            $clauses = get_meta_sql( array( array(
     591                'key'   => '_bbp_anonymous_email',
     592                'value' => $email,
     593            ) ), 'post', $bbp_db->posts, 'ID' );
     594
     595            // Set clauses
     596            $join  = $clauses['join'];
     597            $where = $clauses['where'];
     598        }
    510599    }
    511600
     
    538627 * @since 2.0.0 bbPress (r2734)
    539628 *
    540  * @param false|array $anonymous_data Optional - if it's an anonymous post. Do
    541  *                                     not supply if supplying $author_id.
    542  *                                     Should have key 'bbp_author_ip'.
    543  *                                     Should be sanitized (see
    544  *                                     {@link bbp_filter_anonymous_post_data()}
    545  *                                     for sanitization)
     629 * @param array $anonymous_data Optional - if it's an anonymous post. Do not
     630 *                              supply if supplying $author_id. Should be
     631 *                              sanitized (see {@link bbp_filter_anonymous_post_data()}
    546632 * @param int $author_id Optional. Supply if it's a post by a logged in user.
    547633 *                        Do not supply if supplying $anonymous_data.
     
    552638 * @return bool True if there is no flooding, false if there is
    553639 */
    554 function bbp_check_for_flood( $anonymous_data = false, $author_id = 0 ) {
     640function bbp_check_for_flood( $anonymous_data = array(), $author_id = 0 ) {
    555641
    556642    // Option disabled. No flood checks.
     
    561647
    562648    // User is anonymous, so check a transient based on the IP
    563     if ( ! empty( $anonymous_data ) && is_array( $anonymous_data ) ) {
     649    if ( ! empty( $anonymous_data ) ) {
    564650        $last_posted = get_transient( '_bbp_' . bbp_current_author_ip() . '_last_posted' );
    565651
     
    573659        $last_posted = bbp_get_user_last_posted( $author_id );
    574660
    575         if ( isset( $last_posted ) && ( time() < ( $last_posted + $throttle_time ) ) && ! user_can( $author_id, 'throttle' ) ) {
     661        if ( ! empty( $last_posted ) && ( time() < ( $last_posted + $throttle_time ) ) && ! user_can( $author_id, 'throttle' ) ) {
    576662            return false;
    577663        }
     
    588674 * @since 2.1.0 bbPress (r3581)
    589675 *
    590  * @param array $anonymous_data Anonymous user data
     676 * @param array $anonymous_data Optional - if it's an anonymous post. Do not
     677 *                              supply if supplying $author_id. Should be
     678 *                              sanitized (see {@link bbp_filter_anonymous_post_data()}
    591679 * @param int $author_id Topic or reply author ID
    592680 * @param string $title The title of the content
     
    597685 * @return bool True if test is passed, false if fail
    598686 */
    599 function bbp_check_for_moderation( $anonymous_data = false, $author_id = 0, $title = '', $content = '' ) {
     687function bbp_check_for_moderation( $anonymous_data = array(), $author_id = 0, $title = '', $content = '' ) {
    600688
    601689    // Allow for moderation check to be skipped
     
    724812 * @since 2.0.0 bbPress (r3446)
    725813 *
    726  * @param array $anonymous_data Anonymous user data
     814 * @param array $anonymous_data Optional - if it's an anonymous post. Do not
     815 *                              supply if supplying $author_id. Should be
     816 *                              sanitized (see {@link bbp_filter_anonymous_post_data()}
    727817 * @param int $author_id Topic or reply author ID
    728818 * @param string $title The title of the content
     
    733823 * @return bool True if test is passed, false if fail
    734824 */
    735 function bbp_check_for_blacklist( $anonymous_data = false, $author_id = 0, $title = '', $content = '' ) {
     825function bbp_check_for_blacklist( $anonymous_data = array(), $author_id = 0, $title = '', $content = '' ) {
    736826
    737827    // Allow for blacklist check to be skipped
     
    878968 * @param int $topic_id ID of the topic of the reply
    879969 * @param int $forum_id ID of the forum of the reply
    880  * @param mixed $anonymous_data Array of anonymous user data
     970 * @param array $anonymous_data Optional - if it's an anonymous post. Do not
     971 *                              supply if supplying $author_id. Should be
     972 *                              sanitized (see {@link bbp_filter_anonymous_post_data()}
    881973 * @param int $reply_author ID of the topic author ID
    882974 *
     
    905997 * @return bool True on success, false on failure
    906998 */
    907 function bbp_notify_topic_subscribers( $reply_id = 0, $topic_id = 0, $forum_id = 0, $anonymous_data = false, $reply_author = 0 ) {
     999function bbp_notify_topic_subscribers( $reply_id = 0, $topic_id = 0, $forum_id = 0, $anonymous_data = array(), $reply_author = 0 ) {
    9081000
    9091001    // Bail if subscriptions are turned off
     
    10481140 * @param int $topic_id ID of the newly made reply
    10491141 * @param int $forum_id ID of the forum for the topic
    1050  * @param mixed $anonymous_data Array of anonymous user data
     1142 * @param array $anonymous_data Optional - if it's an anonymous post. Do not
     1143 *                              supply if supplying $author_id. Should be
     1144 *                              sanitized (see {@link bbp_filter_anonymous_post_data()}
    10511145 * @param int $topic_author ID of the topic author ID
    10521146 *
     
    10701164 * @return bool True on success, false on failure
    10711165 */
    1072 function bbp_notify_forum_subscribers( $topic_id = 0, $forum_id = 0, $anonymous_data = false, $topic_author = 0 ) {
     1166function bbp_notify_forum_subscribers( $topic_id = 0, $forum_id = 0, $anonymous_data = array(), $topic_author = 0 ) {
    10731167
    10741168    // Bail if subscriptions are turned off
     
    12081302 * @param int $topic_id ID of the topic of the reply
    12091303 * @param int $forum_id ID of the forum of the reply
    1210  * @param mixed $anonymous_data Array of anonymous user data
     1304 * @param array $anonymous_data Optional - if it's an anonymous post. Do not
     1305 *                              supply if supplying $author_id. Should be
     1306 *                              sanitized (see {@link bbp_filter_anonymous_post_data()}
    12111307 * @param int $reply_author ID of the topic author ID
    12121308 *
    12131309 * @return bool True on success, false on failure
    12141310 */
    1215 function bbp_notify_subscribers( $reply_id = 0, $topic_id = 0, $forum_id = 0, $anonymous_data = false, $reply_author = 0 ) {
     1311function bbp_notify_subscribers( $reply_id = 0, $topic_id = 0, $forum_id = 0, $anonymous_data = array(), $reply_author = 0 ) {
    12161312    return bbp_notify_topic_subscribers( $reply_id, $topic_id, $forum_id, $anonymous_data, $reply_author );
    12171313}
  • trunk/src/includes/extend/buddypress/notifications.php

    r6384 r6400  
    128128 * @param int $reply_to
    129129 */
    130 function bbp_buddypress_add_notification( $reply_id = 0, $topic_id = 0, $forum_id = 0, $anonymous_data = false, $author_id = 0, $is_edit = false, $reply_to = 0 ) {
     130function bbp_buddypress_add_notification( $reply_id = 0, $topic_id = 0, $forum_id = 0, $anonymous_data = array(), $author_id = 0, $is_edit = false, $reply_to = 0 ) {
    131131
    132132    // Bail if somehow this is hooked to an edit action
  • trunk/src/includes/forums/functions.php

    r6384 r6400  
    9898 * @uses current_user_can() To check if the current user can publish forum
    9999 * @uses bbp_get_current_user_id() To get the current user id
    100  * @uses bbp_filter_anonymous_post_data() To filter anonymous data
    101  * @uses bbp_set_current_anonymous_user_data() To set the anonymous user cookies
    102100 * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
    103101 * @uses bbp_is_forum_category() To check if the forum is a category
     
    135133
    136134    // Define local variable(s)
    137     $view_all = $anonymous_data = false;
     135    $view_all = false;
    138136    $forum_parent_id = $forum_author = 0;
    139137    $forum_title = $forum_content = '';
     138    $anonymous_data = array();
    140139
    141140    /** Forum Author **********************************************************/
     
    363362 * @uses bbp_is_forum_anonymous() To check if forum is by an anonymous user
    364363 * @uses current_user_can() To check if the current user can edit the forum
    365  * @uses bbp_filter_anonymous_post_data() To filter anonymous data
    366364 * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
    367365 * @uses bbp_is_forum_category() To check if the forum is a category
  • trunk/src/includes/replies/functions.php

    r6384 r6400  
    126126 * @uses bbp_get_current_user_id() To get the current user id
    127127 * @uses bbp_filter_anonymous_post_data() To filter anonymous data
    128  * @uses bbp_set_current_anonymous_user_data() To set the anonymous user
    129  *                                                cookies
    130128 * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
    131129 * @uses remove_filter() To remove kses filters if needed
     
    159157
    160158    // Define local variable(s)
    161     $topic_id = $forum_id = $reply_author = $anonymous_data = $reply_to = 0;
     159    $topic_id = $forum_id = $reply_author = $reply_to = 0;
    162160    $reply_title = $reply_content = $terms = '';
     161    $anonymous_data = array();
    163162
    164163    /** Reply Author **********************************************************/
     
    167166    if ( bbp_is_anonymous() ) {
    168167
    169         // Filter anonymous data
     168        // Filter anonymous data (variable is used later)
    170169        $anonymous_data = bbp_filter_anonymous_post_data();
    171170
    172171        // Anonymous data checks out, so set cookies, etc...
    173         if ( ! empty( $anonymous_data ) && is_array( $anonymous_data ) ) {
    174             bbp_set_current_anonymous_user_data( $anonymous_data );
    175         }
     172        bbp_set_current_anonymous_user_data( $anonymous_data );
    176173
    177174    // User is logged in
     
    185182        // Reply author is current user
    186183        $reply_author = bbp_get_current_user_id();
    187 
    188184    }
    189185
     
    534530    // Define local variable(s)
    535531    $revisions_removed = false;
    536     $reply = $reply_id = $reply_to = $reply_author = $topic_id = $forum_id = $anonymous_data = 0;
     532    $reply = $reply_id = $reply_to = $reply_author = $topic_id = $forum_id = 0;
    537533    $reply_title = $reply_content = $reply_edit_reason = $terms = '';
     534    $anonymous_data = array();
    538535
    539536    /** Reply *****************************************************************/
     
    807804 * @param int $topic_id Optional. Topic id
    808805 * @param int $forum_id Optional. Forum id
    809  * @param bool|array $anonymous_data Optional logged-out user data.
     806 * @param array $anonymous_data Optional - if it's an anonymous post. Do not
     807 *                              supply if supplying $author_id. Should be
     808 *                              sanitized (see {@link bbp_filter_anonymous_post_data()}
    810809 * @param int $author_id Author id
    811810 * @param bool $is_edit Optional. Is the post being edited? Defaults to false.
     
    830829 * @uses bbp_update_reply_walker() To update the reply's ancestors' counts
    831830 */
    832 function bbp_update_reply( $reply_id = 0, $topic_id = 0, $forum_id = 0, $anonymous_data = false, $author_id = 0, $is_edit = false, $reply_to = 0 ) {
     831function bbp_update_reply( $reply_id = 0, $topic_id = 0, $forum_id = 0, $anonymous_data = array(), $author_id = 0, $is_edit = false, $reply_to = 0 ) {
    833832
    834833    // Validate the ID's passed from 'bbp_new_reply' action
     
    859858
    860859    // If anonymous post, store name, email, website and ip in post_meta.
    861     // It expects anonymous_data to be sanitized.
    862     // Check bbp_filter_anonymous_post_data() for sanitization.
    863     if ( ! empty( $anonymous_data ) && is_array( $anonymous_data ) ) {
    864 
    865         // Parse arguments against default values
    866         $r = bbp_parse_args( $anonymous_data, array(
    867             'bbp_anonymous_name'    => '',
    868             'bbp_anonymous_email'   => '',
    869             'bbp_anonymous_website' => '',
    870         ), 'update_reply' );
    871 
    872         // Update all anonymous metas
    873         foreach ( $r as $anon_key => $anon_value ) {
    874             update_post_meta( $reply_id, '_' . $anon_key, (string) $anon_value, false );
    875         }
     860    if ( ! empty( $anonymous_data ) ) {
     861
     862        // Update anonymous meta data (not cookies)
     863        bbp_update_anonymous_post_author( $reply_id, $anonymous_data, 'reply' );
    876864
    877865        // Set transient for throttle check (only on new, not edit)
  • trunk/src/includes/topics/functions.php

    r6384 r6400  
    9797 * @uses bbp_get_current_user_id() To get the current user id
    9898 * @uses bbp_filter_anonymous_post_data() To filter anonymous data
    99  * @uses bbp_set_current_anonymous_user_data() To set the anonymous user cookies
    10099 * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
    101100 * @uses bbp_is_forum_category() To check if the forum is a category
     
    141140    // Define local variable(s)
    142141    $view_all = false;
    143     $forum_id = $topic_author = $anonymous_data = 0;
     142    $forum_id = $topic_author = 0;
    144143    $topic_title = $topic_content = '';
     144    $anonymous_data = array();
    145145    $terms = array( bbp_get_topic_tag_tax_id() => array() );
    146146
     
    150150    if ( bbp_is_anonymous() ) {
    151151
    152         // Filter anonymous data
     152        // Filter anonymous data (variable is used later)
    153153        $anonymous_data = bbp_filter_anonymous_post_data();
    154154
    155155        // Anonymous data checks out, so set cookies, etc...
    156         if ( ! empty( $anonymous_data ) && is_array( $anonymous_data ) ) {
    157             bbp_set_current_anonymous_user_data( $anonymous_data );
    158         }
     156        bbp_set_current_anonymous_user_data( $anonymous_data );
    159157
    160158    // User is logged in
     
    472470    // Define local variable(s)
    473471    $revisions_removed = false;
    474     $topic = $topic_id = $topic_author = $forum_id = $anonymous_data = 0;
     472    $topic = $topic_id = $topic_author = $forum_id = 0;
    475473    $topic_title = $topic_content = $topic_edit_reason = '';
     474    $anonymous_data = array();
    476475
    477476    /** Topic *****************************************************************/
     
    511510
    512511            // Filter anonymous data
    513             $anonymous_data = bbp_filter_anonymous_post_data( array(), true );
     512            $anonymous_data = bbp_filter_anonymous_post_data();
    514513        }
    515514    }
     
    769768 * @param int $topic_id Optional. Topic id
    770769 * @param int $forum_id Optional. Forum id
    771  * @param bool|array $anonymous_data Optional logged-out user data.
     770 * @param array $anonymous_data Optional - if it's an anonymous post. Do not
     771 *                              supply if supplying $author_id. Should be
     772 *                              sanitized (see {@link bbp_filter_anonymous_post_data()}
    772773 * @param int $author_id Author id
    773774 * @param bool $is_edit Optional. Is the post being edited? Defaults to false.
     
    794795 * @uses bbp_update_topic_walker() To udpate the topic's ancestors
    795796 */
    796 function bbp_update_topic( $topic_id = 0, $forum_id = 0, $anonymous_data = false, $author_id = 0, $is_edit = false ) {
     797function bbp_update_topic( $topic_id = 0, $forum_id = 0, $anonymous_data = array(), $author_id = 0, $is_edit = false ) {
    797798
    798799    // Validate the ID's passed from 'bbp_new_topic' action
     
    846847
    847848    // If anonymous post, store name, email, website and ip in post_meta.
    848     // It expects anonymous_data to be sanitized.
    849     // Check bbp_filter_anonymous_post_data() for sanitization.
    850     if ( ! empty( $anonymous_data ) && is_array( $anonymous_data ) ) {
    851 
    852         // Parse arguments against default values
    853         $r = bbp_parse_args( $anonymous_data, array(
    854             'bbp_anonymous_name'    => '',
    855             'bbp_anonymous_email'   => '',
    856             'bbp_anonymous_website' => '',
    857         ), 'update_topic' );
    858 
    859         // Update all anonymous metas
    860         foreach ( $r as $anon_key => $anon_value ) {
    861             update_post_meta( $topic_id, '_' . $anon_key, (string) $anon_value, false );
    862         }
     849    if ( ! empty( $anonymous_data ) ) {
     850
     851        // Update anonymous meta data (not cookies)
     852        bbp_update_anonymous_post_author( $topic_id, $anonymous_data, 'topic' );
    863853
    864854        // Set transient for throttle check (only on new, not edit)
  • trunk/src/includes/users/functions.php

    r6399 r6400  
    8989     */
    9090    function bbp_get_current_anonymous_user_data( $key = '' ) {
     91
     92        // Array of allowed cookie names
    9193        $cookie_names = array(
    9294            'name'  => 'comment_author',
     
    100102        );
    101103
     104        // Sanitize core cookies
    102105        sanitize_comment_cookies();
    103106
     107        // Get the current poster's info from the cookies
    104108        $bbp_current_poster = wp_get_current_commenter();
    105109
    106         if ( ! empty( $key ) && in_array( $key, array_keys( $cookie_names ) ) ) {
     110        // Sanitize the cookie key being retrieved
     111        $key = sanitize_key( $key );
     112
     113        // Maybe return a specific key
     114        if ( ! empty( $key ) && in_array( $key, array_keys( $cookie_names ), true ) ) {
    107115            return $bbp_current_poster[ $cookie_names[ $key ] ];
    108116        }
    109117
     118        // Return all keys
    110119        return $bbp_current_poster;
    111120    }
     
    116125 * @since 2.0.0 bbPress (r2734)
    117126 *
    118  * @param array $anonymous_data With keys 'bbp_anonymous_name',
    119  *                               'bbp_anonymous_email', 'bbp_anonymous_website'.
    120  *                               Should be sanitized (see
    121  *                               {@link bbp_filter_anonymous_post_data()} for
    122  *                               sanitization)
     127 * @param array $anonymous_data Optional - if it's an anonymous post. Do not
     128 *                              supply if supplying $author_id. Should be
     129 *                              sanitized (see {@link bbp_filter_anonymous_post_data()}
    123130 * @uses apply_filters() Calls 'comment_cookie_lifetime' for cookie lifetime.
    124131 *                        Defaults to 30000000.
     
    126133function bbp_set_current_anonymous_user_data( $anonymous_data = array() ) {
    127134
    128     //  Bail if empty or not an array
     135    // Bail if empty or not an array
    129136    if ( empty( $anonymous_data ) || ! is_array( $anonymous_data ) ) {
    130137        return;
Note: See TracChangeset for help on using the changeset viewer.