Skip to:
Content

Ignore:
Timestamp:
04/19/2017 08:58:52 PM (2 years ago)
Author:
johnjamesjacoby
Message:

Anonymous: Improve $anonymous_data implementation:

  • Always treat it as an array, handling for false values was never used
  • Introduce _sanitize_ and _update_ partner functions for the existing _filter_ function
  • Ensure that cookies and meta-data values are stripped of invalid characters in the same way that anonymous comments are, to prevent inconsistencies between anonymous forum and commenter cookie data
  • Update surrounding documentation blocks
  • Prefer strict type-casting and is_array() comparisons
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/includes/common/functions.php

    r6387 r6400  
    432432
    433433    // Parse arguments against default values
    434     $r = bbp_parse_args( $args, array (
     434    $r = bbp_parse_args( $args, array(
    435435        'bbp_anonymous_name'    => ! empty( $_POST['bbp_anonymous_name']    ) ? $_POST['bbp_anonymous_name']    : false,
    436436        'bbp_anonymous_email'   => ! empty( $_POST['bbp_anonymous_email']   ) ? $_POST['bbp_anonymous_email']   : false,
     
    438438    ), 'filter_anonymous_post_data' );
    439439
    440     // Filter variables and add errors if necessary
    441     $r['bbp_anonymous_name'] = apply_filters( 'bbp_pre_anonymous_post_author_name',  $r['bbp_anonymous_name']  );
     440    // Strip invalid characters
     441    $r = bbp_sanitize_anonymous_post_author( $r );
     442
     443    // Filter name
     444    $r['bbp_anonymous_name'] = apply_filters( 'bbp_pre_anonymous_post_author_name', $r['bbp_anonymous_name'] );
    442445    if ( empty( $r['bbp_anonymous_name'] ) ) {
    443         bbp_add_error( 'bbp_anonymous_name',  __( '<strong>ERROR</strong>: Invalid author name.',   'bbpress' ) );
    444     }
    445 
     446        bbp_add_error( 'bbp_anonymous_name',  __( '<strong>ERROR</strong>: Invalid author name.', 'bbpress' ) );
     447    }
     448
     449    // Filter email address
    446450    $r['bbp_anonymous_email'] = apply_filters( 'bbp_pre_anonymous_post_author_email', $r['bbp_anonymous_email'] );
    447451    if ( empty( $r['bbp_anonymous_email'] ) ) {
     
    449453    }
    450454
    451     // Website is optional
     455    // Website is optional (can be empty)
    452456    $r['bbp_anonymous_website'] = apply_filters( 'bbp_pre_anonymous_post_author_website', $r['bbp_anonymous_website'] );
    453457
    454     // Return false if we have any errors
    455     $retval = bbp_has_errors() ? false : $r;
    456 
    457     // Finally, return sanitized data or false
    458     return apply_filters( 'bbp_filter_anonymous_post_data', $retval, $r );
     458    // Finally, return filtered anonymous post data
     459    return (array) apply_filters( 'bbp_filter_anonymous_post_data', $r, $args );
     460}
     461
     462/**
     463 * Sanitize an array of anonymous post author data
     464 *
     465 * @since 2.6.0 bbPress (r6400)
     466 *
     467 * @param array $anonymous_data
     468 * @return array
     469 */
     470function bbp_sanitize_anonymous_post_author( $anonymous_data = array() ) {
     471
     472    // Make sure anonymous data is an array
     473    if ( ! is_array( $anonymous_data ) ) {
     474        $anonymous_data = array();
     475    }
     476
     477    // Map meta data to comment fields (as guides for stripping invalid text)
     478    $fields = array(
     479        'bbp_anonymous_name'    => 'comment_author',
     480        'bbp_anonymous_email'   => 'comment_author_email',
     481        'bbp_anonymous_website' => 'comment_author_url'
     482    );
     483
     484    // Setup a new return array
     485    $r = $anonymous_data;
     486
     487    // Get the database
     488    $bbp_db = bbp_db();
     489
     490    // Strip invalid text from fields
     491    foreach ( $fields as $bbp_field => $comment_field ) {
     492        if ( ! empty( $r[ $bbp_field ] ) ) {
     493            $r[ $bbp_field ] = $bbp_db->strip_invalid_text_for_column( $bbp_db->comments, $comment_field, $r[ $bbp_field ] );
     494        }
     495    }
     496
     497    // Filter and return
     498    return (array) apply_filters( 'bbp_sanitize_anonymous_post_author', $r, $anonymous_data );
     499}
     500
     501/**
     502 * Update the relevant meta-data for an anonymous post author
     503 *
     504 * @since 2.6.0 bbPress (r6400)
     505 *
     506 * @param int    $post_id
     507 * @param array  $anonymous_data
     508 * @param string $post_type
     509 */
     510function bbp_update_anonymous_post_author( $post_id = 0, $anonymous_data = array(), $post_type = '' ) {
     511
     512    // Maybe look for anonymous
     513    if ( empty( $anonymous_data ) ) {
     514        $anonymous_data = bbp_filter_anonymous_post_data();
     515    }
     516
     517    // Sanitize parameters
     518    $post_id   = (int) $post_id;
     519    $post_type = sanitize_key( $post_type );
     520
     521    // Bail if missing required data
     522    if ( empty( $post_id ) || empty( $post_type ) || empty( $anonymous_data ) ) {
     523        return;
     524    }
     525
     526    // Parse arguments against default values
     527    $r = bbp_parse_args( $anonymous_data, array(
     528        'bbp_anonymous_name'    => '',
     529        'bbp_anonymous_email'   => '',
     530        'bbp_anonymous_website' => '',
     531    ), "update_{$post_type}" );
     532
     533    // Update all anonymous metas
     534    foreach ( $r as $anon_key => $anon_value ) {
     535        update_post_meta( $post_id, '_' . $anon_key, (string) $anon_value, false );
     536    }
    459537}
    460538
     
    491569        'post_content'   => '',
    492570        'post_status'    => bbp_get_trash_status_id(),
    493         'anonymous_data' => false
     571        'anonymous_data' => array()
    494572    ), 'check_for_duplicate' );
    495573
     
    497575    $bbp_db = bbp_db();
    498576
     577    // Default clauses
     578    $join = $where = '';
     579
    499580    // Check for anonymous post
    500581    if ( empty( $r['post_author'] ) && ( ! empty( $r['anonymous_data'] ) && ! empty( $r['anonymous_data']['bbp_anonymous_email'] ) ) ) {
    501         $clauses = get_meta_sql( array( array(
    502             'key'   => '_bbp_anonymous_email',
    503             'value' => $r['anonymous_data']['bbp_anonymous_email']
    504         ) ), 'post', $bbp_db->posts, 'ID' );
    505 
    506         $join    = $clauses['join'];
    507         $where   = $clauses['where'];
    508     } else {
    509         $join    = $where = '';
     582
     583        // Sanitize the email address for querying
     584        $email = sanitize_email( $r['anonymous_data']['bbp_anonymous_email'] );
     585
     586        // Only proceed
     587        if ( ! empty( $email ) && is_email( $email ) ) {
     588
     589            // Get the meta SQL
     590            $clauses = get_meta_sql( array( array(
     591                'key'   => '_bbp_anonymous_email',
     592                'value' => $email,
     593            ) ), 'post', $bbp_db->posts, 'ID' );
     594
     595            // Set clauses
     596            $join  = $clauses['join'];
     597            $where = $clauses['where'];
     598        }
    510599    }
    511600
     
    538627 * @since 2.0.0 bbPress (r2734)
    539628 *
    540  * @param false|array $anonymous_data Optional - if it's an anonymous post. Do
    541  *                                     not supply if supplying $author_id.
    542  *                                     Should have key 'bbp_author_ip'.
    543  *                                     Should be sanitized (see
    544  *                                     {@link bbp_filter_anonymous_post_data()}
    545  *                                     for sanitization)
     629 * @param array $anonymous_data Optional - if it's an anonymous post. Do not
     630 *                              supply if supplying $author_id. Should be
     631 *                              sanitized (see {@link bbp_filter_anonymous_post_data()}
    546632 * @param int $author_id Optional. Supply if it's a post by a logged in user.
    547633 *                        Do not supply if supplying $anonymous_data.
     
    552638 * @return bool True if there is no flooding, false if there is
    553639 */
    554 function bbp_check_for_flood( $anonymous_data = false, $author_id = 0 ) {
     640function bbp_check_for_flood( $anonymous_data = array(), $author_id = 0 ) {
    555641
    556642    // Option disabled. No flood checks.
     
    561647
    562648    // User is anonymous, so check a transient based on the IP
    563     if ( ! empty( $anonymous_data ) && is_array( $anonymous_data ) ) {
     649    if ( ! empty( $anonymous_data ) ) {
    564650        $last_posted = get_transient( '_bbp_' . bbp_current_author_ip() . '_last_posted' );
    565651
     
    573659        $last_posted = bbp_get_user_last_posted( $author_id );
    574660
    575         if ( isset( $last_posted ) && ( time() < ( $last_posted + $throttle_time ) ) && ! user_can( $author_id, 'throttle' ) ) {
     661        if ( ! empty( $last_posted ) && ( time() < ( $last_posted + $throttle_time ) ) && ! user_can( $author_id, 'throttle' ) ) {
    576662            return false;
    577663        }
     
    588674 * @since 2.1.0 bbPress (r3581)
    589675 *
    590  * @param array $anonymous_data Anonymous user data
     676 * @param array $anonymous_data Optional - if it's an anonymous post. Do not
     677 *                              supply if supplying $author_id. Should be
     678 *                              sanitized (see {@link bbp_filter_anonymous_post_data()}
    591679 * @param int $author_id Topic or reply author ID
    592680 * @param string $title The title of the content
     
    597685 * @return bool True if test is passed, false if fail
    598686 */
    599 function bbp_check_for_moderation( $anonymous_data = false, $author_id = 0, $title = '', $content = '' ) {
     687function bbp_check_for_moderation( $anonymous_data = array(), $author_id = 0, $title = '', $content = '' ) {
    600688
    601689    // Allow for moderation check to be skipped
     
    724812 * @since 2.0.0 bbPress (r3446)
    725813 *
    726  * @param array $anonymous_data Anonymous user data
     814 * @param array $anonymous_data Optional - if it's an anonymous post. Do not
     815 *                              supply if supplying $author_id. Should be
     816 *                              sanitized (see {@link bbp_filter_anonymous_post_data()}
    727817 * @param int $author_id Topic or reply author ID
    728818 * @param string $title The title of the content
     
    733823 * @return bool True if test is passed, false if fail
    734824 */
    735 function bbp_check_for_blacklist( $anonymous_data = false, $author_id = 0, $title = '', $content = '' ) {
     825function bbp_check_for_blacklist( $anonymous_data = array(), $author_id = 0, $title = '', $content = '' ) {
    736826
    737827    // Allow for blacklist check to be skipped
     
    878968 * @param int $topic_id ID of the topic of the reply
    879969 * @param int $forum_id ID of the forum of the reply
    880  * @param mixed $anonymous_data Array of anonymous user data
     970 * @param array $anonymous_data Optional - if it's an anonymous post. Do not
     971 *                              supply if supplying $author_id. Should be
     972 *                              sanitized (see {@link bbp_filter_anonymous_post_data()}
    881973 * @param int $reply_author ID of the topic author ID
    882974 *
     
    905997 * @return bool True on success, false on failure
    906998 */
    907 function bbp_notify_topic_subscribers( $reply_id = 0, $topic_id = 0, $forum_id = 0, $anonymous_data = false, $reply_author = 0 ) {
     999function bbp_notify_topic_subscribers( $reply_id = 0, $topic_id = 0, $forum_id = 0, $anonymous_data = array(), $reply_author = 0 ) {
    9081000
    9091001    // Bail if subscriptions are turned off
     
    10481140 * @param int $topic_id ID of the newly made reply
    10491141 * @param int $forum_id ID of the forum for the topic
    1050  * @param mixed $anonymous_data Array of anonymous user data
     1142 * @param array $anonymous_data Optional - if it's an anonymous post. Do not
     1143 *                              supply if supplying $author_id. Should be
     1144 *                              sanitized (see {@link bbp_filter_anonymous_post_data()}
    10511145 * @param int $topic_author ID of the topic author ID
    10521146 *
     
    10701164 * @return bool True on success, false on failure
    10711165 */
    1072 function bbp_notify_forum_subscribers( $topic_id = 0, $forum_id = 0, $anonymous_data = false, $topic_author = 0 ) {
     1166function bbp_notify_forum_subscribers( $topic_id = 0, $forum_id = 0, $anonymous_data = array(), $topic_author = 0 ) {
    10731167
    10741168    // Bail if subscriptions are turned off
     
    12081302 * @param int $topic_id ID of the topic of the reply
    12091303 * @param int $forum_id ID of the forum of the reply
    1210  * @param mixed $anonymous_data Array of anonymous user data
     1304 * @param array $anonymous_data Optional - if it's an anonymous post. Do not
     1305 *                              supply if supplying $author_id. Should be
     1306 *                              sanitized (see {@link bbp_filter_anonymous_post_data()}
    12111307 * @param int $reply_author ID of the topic author ID
    12121308 *
    12131309 * @return bool True on success, false on failure
    12141310 */
    1215 function bbp_notify_subscribers( $reply_id = 0, $topic_id = 0, $forum_id = 0, $anonymous_data = false, $reply_author = 0 ) {
     1311function bbp_notify_subscribers( $reply_id = 0, $topic_id = 0, $forum_id = 0, $anonymous_data = array(), $reply_author = 0 ) {
    12161312    return bbp_notify_topic_subscribers( $reply_id, $topic_id, $forum_id, $anonymous_data, $reply_author );
    12171313}
Note: See TracChangeset for help on using the changeset viewer.