Skip to:
Content

Changeset 6400


Ignore:
Timestamp:
04/19/17 20:58:52 (2 months ago)
Author:
johnjamesjacoby
Message:

Anonymous: Improve $anonymous_data implementation:

  • Always treat it as an array, handling for false values was never used
  • Introduce _sanitize_ and _update_ partner functions for the existing _filter_ function
  • Ensure that cookies and meta-data values are stripped of invalid characters in the same way that anonymous comments are, to prevent inconsistencies between anonymous forum and commenter cookie data
  • Update surrounding documentation blocks
  • Prefer strict type-casting and is_array() comparisons
Location:
trunk/src/includes
Files:
8 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/includes/admin/replies.php

    r6398 r6400  
    425425        } 
    426426 
    427         // Current user cannot edit this reply 
     427        // Bail if current user cannot edit this reply 
    428428        if ( ! current_user_can( 'edit_reply', $reply_id ) ) { 
    429429            return $reply_id; 
  • trunk/src/includes/admin/topics.php

    r6397 r6400  
    541541        // Bail if not a post request 
    542542        if ( ! bbp_is_post_request() ) { 
     543            return $topic_id; 
     544        } 
     545 
     546        // Check action exists 
     547        if ( empty( $_POST['action'] ) ) { 
    543548            return $topic_id; 
    544549        } 
  • trunk/src/includes/common/functions.php

    r6387 r6400  
    432432 
    433433    // Parse arguments against default values 
    434     $r = bbp_parse_args( $args, array ( 
     434    $r = bbp_parse_args( $args, array( 
    435435        'bbp_anonymous_name'    => ! empty( $_POST['bbp_anonymous_name']    ) ? $_POST['bbp_anonymous_name']    : false, 
    436436        'bbp_anonymous_email'   => ! empty( $_POST['bbp_anonymous_email']   ) ? $_POST['bbp_anonymous_email']   : false, 
     
    438438    ), 'filter_anonymous_post_data' ); 
    439439 
    440     // Filter variables and add errors if necessary 
    441     $r['bbp_anonymous_name'] = apply_filters( 'bbp_pre_anonymous_post_author_name',  $r['bbp_anonymous_name']  ); 
     440    // Strip invalid characters 
     441    $r = bbp_sanitize_anonymous_post_author( $r ); 
     442 
     443    // Filter name 
     444    $r['bbp_anonymous_name'] = apply_filters( 'bbp_pre_anonymous_post_author_name', $r['bbp_anonymous_name'] ); 
    442445    if ( empty( $r['bbp_anonymous_name'] ) ) { 
    443         bbp_add_error( 'bbp_anonymous_name',  __( '<strong>ERROR</strong>: Invalid author name.',   'bbpress' ) ); 
    444     } 
    445  
     446        bbp_add_error( 'bbp_anonymous_name',  __( '<strong>ERROR</strong>: Invalid author name.', 'bbpress' ) ); 
     447    } 
     448 
     449    // Filter email address 
    446450    $r['bbp_anonymous_email'] = apply_filters( 'bbp_pre_anonymous_post_author_email', $r['bbp_anonymous_email'] ); 
    447451    if ( empty( $r['bbp_anonymous_email'] ) ) { 
     
    449453    } 
    450454 
    451     // Website is optional 
     455    // Website is optional (can be empty) 
    452456    $r['bbp_anonymous_website'] = apply_filters( 'bbp_pre_anonymous_post_author_website', $r['bbp_anonymous_website'] ); 
    453457 
    454     // Return false if we have any errors 
    455     $retval = bbp_has_errors() ? false : $r; 
    456  
    457     // Finally, return sanitized data or false 
    458     return apply_filters( 'bbp_filter_anonymous_post_data', $retval, $r ); 
     458    // Finally, return filtered anonymous post data 
     459    return (array) apply_filters( 'bbp_filter_anonymous_post_data', $r, $args ); 
     460} 
     461 
     462/** 
     463 * Sanitize an array of anonymous post author data 
     464 * 
     465 * @since 2.6.0 bbPress (r6400) 
     466 * 
     467 * @param array $anonymous_data 
     468 * @return array 
     469 */ 
     470function bbp_sanitize_anonymous_post_author( $anonymous_data = array() ) { 
     471 
     472    // Make sure anonymous data is an array 
     473    if ( ! is_array( $anonymous_data ) ) { 
     474        $anonymous_data = array(); 
     475    } 
     476 
     477    // Map meta data to comment fields (as guides for stripping invalid text) 
     478    $fields = array( 
     479        'bbp_anonymous_name'    => 'comment_author', 
     480        'bbp_anonymous_email'   => 'comment_author_email', 
     481        'bbp_anonymous_website' => 'comment_author_url' 
     482    ); 
     483 
     484    // Setup a new return array 
     485    $r = $anonymous_data; 
     486 
     487    // Get the database 
     488    $bbp_db = bbp_db(); 
     489 
     490    // Strip invalid text from fields 
     491    foreach ( $fields as $bbp_field => $comment_field ) { 
     492        if ( ! empty( $r[ $bbp_field ] ) ) { 
     493            $r[ $bbp_field ] = $bbp_db->strip_invalid_text_for_column( $bbp_db->comments, $comment_field, $r[ $bbp_field ] ); 
     494        } 
     495    } 
     496 
     497    // Filter and return 
     498    return (array) apply_filters( 'bbp_sanitize_anonymous_post_author', $r, $anonymous_data ); 
     499} 
     500 
     501/** 
     502 * Update the relevant meta-data for an anonymous post author 
     503 * 
     504 * @since 2.6.0 bbPress (r6400) 
     505 * 
     506 * @param int    $post_id 
     507 * @param array  $anonymous_data 
     508 * @param string $post_type 
     509 */ 
     510function bbp_update_anonymous_post_author( $post_id = 0, $anonymous_data = array(), $post_type = '' ) { 
     511 
     512    // Maybe look for anonymous 
     513    if ( empty( $anonymous_data ) ) { 
     514        $anonymous_data = bbp_filter_anonymous_post_data(); 
     515    } 
     516 
     517    // Sanitize parameters 
     518    $post_id   = (int) $post_id; 
     519    $post_type = sanitize_key( $post_type ); 
     520 
     521    // Bail if missing required data 
     522    if ( empty( $post_id ) || empty( $post_type ) || empty( $anonymous_data ) ) { 
     523        return; 
     524    } 
     525 
     526    // Parse arguments against default values 
     527    $r = bbp_parse_args( $anonymous_data, array( 
     528        'bbp_anonymous_name'    => '', 
     529        'bbp_anonymous_email'   => '', 
     530        'bbp_anonymous_website' => '', 
     531    ), "update_{$post_type}" ); 
     532 
     533    // Update all anonymous metas 
     534    foreach ( $r as $anon_key => $anon_value ) { 
     535        update_post_meta( $post_id, '_' . $anon_key, (string) $anon_value, false ); 
     536    } 
    459537} 
    460538 
     
    491569        'post_content'   => '', 
    492570        'post_status'    => bbp_get_trash_status_id(), 
    493         'anonymous_data' => false 
     571        'anonymous_data' => array() 
    494572    ), 'check_for_duplicate' ); 
    495573 
     
    497575    $bbp_db = bbp_db(); 
    498576 
     577    // Default clauses 
     578    $join = $where = ''; 
     579 
    499580    // Check for anonymous post 
    500581    if ( empty( $r['post_author'] ) && ( ! empty( $r['anonymous_data'] ) && ! empty( $r['anonymous_data']['bbp_anonymous_email'] ) ) ) { 
    501         $clauses = get_meta_sql( array( array( 
    502             'key'   => '_bbp_anonymous_email', 
    503             'value' => $r['anonymous_data']['bbp_anonymous_email'] 
    504         ) ), 'post', $bbp_db->posts, 'ID' ); 
    505  
    506         $join    = $clauses['join']; 
    507         $where   = $clauses['where']; 
    508     } else { 
    509         $join    = $where = ''; 
     582 
     583        // Sanitize the email address for querying 
     584        $email = sanitize_email( $r['anonymous_data']['bbp_anonymous_email'] ); 
     585 
     586        // Only proceed 
     587        if ( ! empty( $email ) && is_email( $email ) ) { 
     588 
     589            // Get the meta SQL 
     590            $clauses = get_meta_sql( array( array( 
     591                'key'   => '_bbp_anonymous_email', 
     592                'value' => $email, 
     593            ) ), 'post', $bbp_db->posts, 'ID' ); 
     594 
     595            // Set clauses 
     596            $join  = $clauses['join']; 
     597            $where = $clauses['where']; 
     598        } 
    510599    } 
    511600 
     
    538627 * @since 2.0.0 bbPress (r2734) 
    539628 * 
    540  * @param false|array $anonymous_data Optional - if it's an anonymous post. Do 
    541  *                                     not supply if supplying $author_id. 
    542  *                                     Should have key 'bbp_author_ip'. 
    543  *                                     Should be sanitized (see 
    544  *                                     {@link bbp_filter_anonymous_post_data()} 
    545  *                                     for sanitization) 
     629 * @param array $anonymous_data Optional - if it's an anonymous post. Do not 
     630 *                              supply if supplying $author_id. Should be 
     631 *                              sanitized (see {@link bbp_filter_anonymous_post_data()} 
    546632 * @param int $author_id Optional. Supply if it's a post by a logged in user. 
    547633 *                        Do not supply if supplying $anonymous_data. 
     
    552638 * @return bool True if there is no flooding, false if there is 
    553639 */ 
    554 function bbp_check_for_flood( $anonymous_data = false, $author_id = 0 ) { 
     640function bbp_check_for_flood( $anonymous_data = array(), $author_id = 0 ) { 
    555641 
    556642    // Option disabled. No flood checks. 
     
    561647 
    562648    // User is anonymous, so check a transient based on the IP 
    563     if ( ! empty( $anonymous_data ) && is_array( $anonymous_data ) ) { 
     649    if ( ! empty( $anonymous_data ) ) { 
    564650        $last_posted = get_transient( '_bbp_' . bbp_current_author_ip() . '_last_posted' ); 
    565651 
     
    573659        $last_posted = bbp_get_user_last_posted( $author_id ); 
    574660 
    575         if ( isset( $last_posted ) && ( time() < ( $last_posted + $throttle_time ) ) && ! user_can( $author_id, 'throttle' ) ) { 
     661        if ( ! empty( $last_posted ) && ( time() < ( $last_posted + $throttle_time ) ) && ! user_can( $author_id, 'throttle' ) ) { 
    576662            return false; 
    577663        } 
     
    588674 * @since 2.1.0 bbPress (r3581) 
    589675 * 
    590  * @param array $anonymous_data Anonymous user data 
     676 * @param array $anonymous_data Optional - if it's an anonymous post. Do not 
     677 *                              supply if supplying $author_id. Should be 
     678 *                              sanitized (see {@link bbp_filter_anonymous_post_data()} 
    591679 * @param int $author_id Topic or reply author ID 
    592680 * @param string $title The title of the content 
     
    597685 * @return bool True if test is passed, false if fail 
    598686 */ 
    599 function bbp_check_for_moderation( $anonymous_data = false, $author_id = 0, $title = '', $content = '' ) { 
     687function bbp_check_for_moderation( $anonymous_data = array(), $author_id = 0, $title = '', $content = '' ) { 
    600688 
    601689    // Allow for moderation check to be skipped 
     
    724812 * @since 2.0.0 bbPress (r3446) 
    725813 * 
    726  * @param array $anonymous_data Anonymous user data 
     814 * @param array $anonymous_data Optional - if it's an anonymous post. Do not 
     815 *                              supply if supplying $author_id. Should be 
     816 *                              sanitized (see {@link bbp_filter_anonymous_post_data()} 
    727817 * @param int $author_id Topic or reply author ID 
    728818 * @param string $title The title of the content 
     
    733823 * @return bool True if test is passed, false if fail 
    734824 */ 
    735 function bbp_check_for_blacklist( $anonymous_data = false, $author_id = 0, $title = '', $content = '' ) { 
     825function bbp_check_for_blacklist( $anonymous_data = array(), $author_id = 0, $title = '', $content = '' ) { 
    736826 
    737827    // Allow for blacklist check to be skipped 
     
    878968 * @param int $topic_id ID of the topic of the reply 
    879969 * @param int $forum_id ID of the forum of the reply 
    880  * @param mixed $anonymous_data Array of anonymous user data 
     970 * @param array $anonymous_data Optional - if it's an anonymous post. Do not 
     971 *                              supply if supplying $author_id. Should be 
     972 *                              sanitized (see {@link bbp_filter_anonymous_post_data()} 
    881973 * @param int $reply_author ID of the topic author ID 
    882974 * 
     
    905997 * @return bool True on success, false on failure 
    906998 */ 
    907 function bbp_notify_topic_subscribers( $reply_id = 0, $topic_id = 0, $forum_id = 0, $anonymous_data = false, $reply_author = 0 ) { 
     999function bbp_notify_topic_subscribers( $reply_id = 0, $topic_id = 0, $forum_id = 0, $anonymous_data = array(), $reply_author = 0 ) { 
    9081000 
    9091001    // Bail if subscriptions are turned off 
     
    10481140 * @param int $topic_id ID of the newly made reply 
    10491141 * @param int $forum_id ID of the forum for the topic 
    1050  * @param mixed $anonymous_data Array of anonymous user data 
     1142 * @param array $anonymous_data Optional - if it's an anonymous post. Do not 
     1143 *                              supply if supplying $author_id. Should be 
     1144 *                              sanitized (see {@link bbp_filter_anonymous_post_data()} 
    10511145 * @param int $topic_author ID of the topic author ID 
    10521146 * 
     
    10701164 * @return bool True on success, false on failure 
    10711165 */ 
    1072 function bbp_notify_forum_subscribers( $topic_id = 0, $forum_id = 0, $anonymous_data = false, $topic_author = 0 ) { 
     1166function bbp_notify_forum_subscribers( $topic_id = 0, $forum_id = 0, $anonymous_data = array(), $topic_author = 0 ) { 
    10731167 
    10741168    // Bail if subscriptions are turned off 
     
    12081302 * @param int $topic_id ID of the topic of the reply 
    12091303 * @param int $forum_id ID of the forum of the reply 
    1210  * @param mixed $anonymous_data Array of anonymous user data 
     1304 * @param array $anonymous_data Optional - if it's an anonymous post. Do not 
     1305 *                              supply if supplying $author_id. Should be 
     1306 *                              sanitized (see {@link bbp_filter_anonymous_post_data()} 
    12111307 * @param int $reply_author ID of the topic author ID 
    12121308 * 
    12131309 * @return bool True on success, false on failure 
    12141310 */ 
    1215 function bbp_notify_subscribers( $reply_id = 0, $topic_id = 0, $forum_id = 0, $anonymous_data = false, $reply_author = 0 ) { 
     1311function bbp_notify_subscribers( $reply_id = 0, $topic_id = 0, $forum_id = 0, $anonymous_data = array(), $reply_author = 0 ) { 
    12161312    return bbp_notify_topic_subscribers( $reply_id, $topic_id, $forum_id, $anonymous_data, $reply_author ); 
    12171313} 
  • trunk/src/includes/extend/buddypress/notifications.php

    r6384 r6400  
    128128 * @param int $reply_to 
    129129 */ 
    130 function bbp_buddypress_add_notification( $reply_id = 0, $topic_id = 0, $forum_id = 0, $anonymous_data = false, $author_id = 0, $is_edit = false, $reply_to = 0 ) { 
     130function bbp_buddypress_add_notification( $reply_id = 0, $topic_id = 0, $forum_id = 0, $anonymous_data = array(), $author_id = 0, $is_edit = false, $reply_to = 0 ) { 
    131131 
    132132    // Bail if somehow this is hooked to an edit action 
  • trunk/src/includes/forums/functions.php

    r6384 r6400  
    9898 * @uses current_user_can() To check if the current user can publish forum 
    9999 * @uses bbp_get_current_user_id() To get the current user id 
    100  * @uses bbp_filter_anonymous_post_data() To filter anonymous data 
    101  * @uses bbp_set_current_anonymous_user_data() To set the anonymous user cookies 
    102100 * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error} 
    103101 * @uses bbp_is_forum_category() To check if the forum is a category 
     
    135133 
    136134    // Define local variable(s) 
    137     $view_all = $anonymous_data = false; 
     135    $view_all = false; 
    138136    $forum_parent_id = $forum_author = 0; 
    139137    $forum_title = $forum_content = ''; 
     138    $anonymous_data = array(); 
    140139 
    141140    /** Forum Author **********************************************************/ 
     
    363362 * @uses bbp_is_forum_anonymous() To check if forum is by an anonymous user 
    364363 * @uses current_user_can() To check if the current user can edit the forum 
    365  * @uses bbp_filter_anonymous_post_data() To filter anonymous data 
    366364 * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error} 
    367365 * @uses bbp_is_forum_category() To check if the forum is a category 
  • trunk/src/includes/replies/functions.php

    r6384 r6400  
    126126 * @uses bbp_get_current_user_id() To get the current user id 
    127127 * @uses bbp_filter_anonymous_post_data() To filter anonymous data 
    128  * @uses bbp_set_current_anonymous_user_data() To set the anonymous user 
    129  *                                                cookies 
    130128 * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error} 
    131129 * @uses remove_filter() To remove kses filters if needed 
     
    159157 
    160158    // Define local variable(s) 
    161     $topic_id = $forum_id = $reply_author = $anonymous_data = $reply_to = 0; 
     159    $topic_id = $forum_id = $reply_author = $reply_to = 0; 
    162160    $reply_title = $reply_content = $terms = ''; 
     161    $anonymous_data = array(); 
    163162 
    164163    /** Reply Author **********************************************************/ 
     
    167166    if ( bbp_is_anonymous() ) { 
    168167 
    169         // Filter anonymous data 
     168        // Filter anonymous data (variable is used later) 
    170169        $anonymous_data = bbp_filter_anonymous_post_data(); 
    171170 
    172171        // Anonymous data checks out, so set cookies, etc... 
    173         if ( ! empty( $anonymous_data ) && is_array( $anonymous_data ) ) { 
    174             bbp_set_current_anonymous_user_data( $anonymous_data ); 
    175         } 
     172        bbp_set_current_anonymous_user_data( $anonymous_data ); 
    176173 
    177174    // User is logged in 
     
    185182        // Reply author is current user 
    186183        $reply_author = bbp_get_current_user_id(); 
    187  
    188184    } 
    189185 
     
    534530    // Define local variable(s) 
    535531    $revisions_removed = false; 
    536     $reply = $reply_id = $reply_to = $reply_author = $topic_id = $forum_id = $anonymous_data = 0; 
     532    $reply = $reply_id = $reply_to = $reply_author = $topic_id = $forum_id = 0; 
    537533    $reply_title = $reply_content = $reply_edit_reason = $terms = ''; 
     534    $anonymous_data = array(); 
    538535 
    539536    /** Reply *****************************************************************/ 
     
    807804 * @param int $topic_id Optional. Topic id 
    808805 * @param int $forum_id Optional. Forum id 
    809  * @param bool|array $anonymous_data Optional logged-out user data. 
     806 * @param array $anonymous_data Optional - if it's an anonymous post. Do not 
     807 *                              supply if supplying $author_id. Should be 
     808 *                              sanitized (see {@link bbp_filter_anonymous_post_data()} 
    810809 * @param int $author_id Author id 
    811810 * @param bool $is_edit Optional. Is the post being edited? Defaults to false. 
     
    830829 * @uses bbp_update_reply_walker() To update the reply's ancestors' counts 
    831830 */ 
    832 function bbp_update_reply( $reply_id = 0, $topic_id = 0, $forum_id = 0, $anonymous_data = false, $author_id = 0, $is_edit = false, $reply_to = 0 ) { 
     831function bbp_update_reply( $reply_id = 0, $topic_id = 0, $forum_id = 0, $anonymous_data = array(), $author_id = 0, $is_edit = false, $reply_to = 0 ) { 
    833832 
    834833    // Validate the ID's passed from 'bbp_new_reply' action 
     
    859858 
    860859    // If anonymous post, store name, email, website and ip in post_meta. 
    861     // It expects anonymous_data to be sanitized. 
    862     // Check bbp_filter_anonymous_post_data() for sanitization. 
    863     if ( ! empty( $anonymous_data ) && is_array( $anonymous_data ) ) { 
    864  
    865         // Parse arguments against default values 
    866         $r = bbp_parse_args( $anonymous_data, array( 
    867             'bbp_anonymous_name'    => '', 
    868             'bbp_anonymous_email'   => '', 
    869             'bbp_anonymous_website' => '', 
    870         ), 'update_reply' ); 
    871  
    872         // Update all anonymous metas 
    873         foreach ( $r as $anon_key => $anon_value ) { 
    874             update_post_meta( $reply_id, '_' . $anon_key, (string) $anon_value, false ); 
    875         } 
     860    if ( ! empty( $anonymous_data ) ) { 
     861 
     862        // Update anonymous meta data (not cookies) 
     863        bbp_update_anonymous_post_author( $reply_id, $anonymous_data, 'reply' ); 
    876864 
    877865        // Set transient for throttle check (only on new, not edit) 
  • trunk/src/includes/topics/functions.php

    r6384 r6400  
    9797 * @uses bbp_get_current_user_id() To get the current user id 
    9898 * @uses bbp_filter_anonymous_post_data() To filter anonymous data 
    99  * @uses bbp_set_current_anonymous_user_data() To set the anonymous user cookies 
    10099 * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error} 
    101100 * @uses bbp_is_forum_category() To check if the forum is a category 
     
    141140    // Define local variable(s) 
    142141    $view_all = false; 
    143     $forum_id = $topic_author = $anonymous_data = 0; 
     142    $forum_id = $topic_author = 0; 
    144143    $topic_title = $topic_content = ''; 
     144    $anonymous_data = array(); 
    145145    $terms = array( bbp_get_topic_tag_tax_id() => array() ); 
    146146 
     
    150150    if ( bbp_is_anonymous() ) { 
    151151 
    152         // Filter anonymous data 
     152        // Filter anonymous data (variable is used later) 
    153153        $anonymous_data = bbp_filter_anonymous_post_data(); 
    154154 
    155155        // Anonymous data checks out, so set cookies, etc... 
    156         if ( ! empty( $anonymous_data ) && is_array( $anonymous_data ) ) { 
    157             bbp_set_current_anonymous_user_data( $anonymous_data ); 
    158         } 
     156        bbp_set_current_anonymous_user_data( $anonymous_data ); 
    159157 
    160158    // User is logged in 
     
    472470    // Define local variable(s) 
    473471    $revisions_removed = false; 
    474     $topic = $topic_id = $topic_author = $forum_id = $anonymous_data = 0; 
     472    $topic = $topic_id = $topic_author = $forum_id = 0; 
    475473    $topic_title = $topic_content = $topic_edit_reason = ''; 
     474    $anonymous_data = array(); 
    476475 
    477476    /** Topic *****************************************************************/ 
     
    511510 
    512511            // Filter anonymous data 
    513             $anonymous_data = bbp_filter_anonymous_post_data( array(), true ); 
     512            $anonymous_data = bbp_filter_anonymous_post_data(); 
    514513        } 
    515514    } 
     
    769768 * @param int $topic_id Optional. Topic id 
    770769 * @param int $forum_id Optional. Forum id 
    771  * @param bool|array $anonymous_data Optional logged-out user data. 
     770 * @param array $anonymous_data Optional - if it's an anonymous post. Do not 
     771 *                              supply if supplying $author_id. Should be 
     772 *                              sanitized (see {@link bbp_filter_anonymous_post_data()} 
    772773 * @param int $author_id Author id 
    773774 * @param bool $is_edit Optional. Is the post being edited? Defaults to false. 
     
    794795 * @uses bbp_update_topic_walker() To udpate the topic's ancestors 
    795796 */ 
    796 function bbp_update_topic( $topic_id = 0, $forum_id = 0, $anonymous_data = false, $author_id = 0, $is_edit = false ) { 
     797function bbp_update_topic( $topic_id = 0, $forum_id = 0, $anonymous_data = array(), $author_id = 0, $is_edit = false ) { 
    797798 
    798799    // Validate the ID's passed from 'bbp_new_topic' action 
     
    846847 
    847848    // If anonymous post, store name, email, website and ip in post_meta. 
    848     // It expects anonymous_data to be sanitized. 
    849     // Check bbp_filter_anonymous_post_data() for sanitization. 
    850     if ( ! empty( $anonymous_data ) && is_array( $anonymous_data ) ) { 
    851  
    852         // Parse arguments against default values 
    853         $r = bbp_parse_args( $anonymous_data, array( 
    854             'bbp_anonymous_name'    => '', 
    855             'bbp_anonymous_email'   => '', 
    856             'bbp_anonymous_website' => '', 
    857         ), 'update_topic' ); 
    858  
    859         // Update all anonymous metas 
    860         foreach ( $r as $anon_key => $anon_value ) { 
    861             update_post_meta( $topic_id, '_' . $anon_key, (string) $anon_value, false ); 
    862         } 
     849    if ( ! empty( $anonymous_data ) ) { 
     850 
     851        // Update anonymous meta data (not cookies) 
     852        bbp_update_anonymous_post_author( $topic_id, $anonymous_data, 'topic' ); 
    863853 
    864854        // Set transient for throttle check (only on new, not edit) 
  • trunk/src/includes/users/functions.php

    r6399 r6400  
    8989     */ 
    9090    function bbp_get_current_anonymous_user_data( $key = '' ) { 
     91 
     92        // Array of allowed cookie names 
    9193        $cookie_names = array( 
    9294            'name'  => 'comment_author', 
     
    100102        ); 
    101103 
     104        // Sanitize core cookies 
    102105        sanitize_comment_cookies(); 
    103106 
     107        // Get the current poster's info from the cookies 
    104108        $bbp_current_poster = wp_get_current_commenter(); 
    105109 
    106         if ( ! empty( $key ) && in_array( $key, array_keys( $cookie_names ) ) ) { 
     110        // Sanitize the cookie key being retrieved 
     111        $key = sanitize_key( $key ); 
     112 
     113        // Maybe return a specific key 
     114        if ( ! empty( $key ) && in_array( $key, array_keys( $cookie_names ), true ) ) { 
    107115            return $bbp_current_poster[ $cookie_names[ $key ] ]; 
    108116        } 
    109117 
     118        // Return all keys 
    110119        return $bbp_current_poster; 
    111120    } 
     
    116125 * @since 2.0.0 bbPress (r2734) 
    117126 * 
    118  * @param array $anonymous_data With keys 'bbp_anonymous_name', 
    119  *                               'bbp_anonymous_email', 'bbp_anonymous_website'. 
    120  *                               Should be sanitized (see 
    121  *                               {@link bbp_filter_anonymous_post_data()} for 
    122  *                               sanitization) 
     127 * @param array $anonymous_data Optional - if it's an anonymous post. Do not 
     128 *                              supply if supplying $author_id. Should be 
     129 *                              sanitized (see {@link bbp_filter_anonymous_post_data()} 
    123130 * @uses apply_filters() Calls 'comment_cookie_lifetime' for cookie lifetime. 
    124131 *                        Defaults to 30000000. 
     
    126133function bbp_set_current_anonymous_user_data( $anonymous_data = array() ) { 
    127134 
    128     //  Bail if empty or not an array 
     135    // Bail if empty or not an array 
    129136    if ( empty( $anonymous_data ) || ! is_array( $anonymous_data ) ) { 
    130137        return; 
Note: See TracChangeset for help on using the changeset viewer.