Skip to:
Content

Ignore:
Timestamp:
04/19/2017 08:58:52 PM (2 years ago)
Author:
johnjamesjacoby
Message:

Anonymous: Improve $anonymous_data implementation:

  • Always treat it as an array, handling for false values was never used
  • Introduce _sanitize_ and _update_ partner functions for the existing _filter_ function
  • Ensure that cookies and meta-data values are stripped of invalid characters in the same way that anonymous comments are, to prevent inconsistencies between anonymous forum and commenter cookie data
  • Update surrounding documentation blocks
  • Prefer strict type-casting and is_array() comparisons
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/includes/replies/functions.php

    r6384 r6400  
    126126 * @uses bbp_get_current_user_id() To get the current user id
    127127 * @uses bbp_filter_anonymous_post_data() To filter anonymous data
    128  * @uses bbp_set_current_anonymous_user_data() To set the anonymous user
    129  *                                                cookies
    130128 * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
    131129 * @uses remove_filter() To remove kses filters if needed
     
    159157
    160158    // Define local variable(s)
    161     $topic_id = $forum_id = $reply_author = $anonymous_data = $reply_to = 0;
     159    $topic_id = $forum_id = $reply_author = $reply_to = 0;
    162160    $reply_title = $reply_content = $terms = '';
     161    $anonymous_data = array();
    163162
    164163    /** Reply Author **********************************************************/
     
    167166    if ( bbp_is_anonymous() ) {
    168167
    169         // Filter anonymous data
     168        // Filter anonymous data (variable is used later)
    170169        $anonymous_data = bbp_filter_anonymous_post_data();
    171170
    172171        // Anonymous data checks out, so set cookies, etc...
    173         if ( ! empty( $anonymous_data ) && is_array( $anonymous_data ) ) {
    174             bbp_set_current_anonymous_user_data( $anonymous_data );
    175         }
     172        bbp_set_current_anonymous_user_data( $anonymous_data );
    176173
    177174    // User is logged in
     
    185182        // Reply author is current user
    186183        $reply_author = bbp_get_current_user_id();
    187 
    188184    }
    189185
     
    534530    // Define local variable(s)
    535531    $revisions_removed = false;
    536     $reply = $reply_id = $reply_to = $reply_author = $topic_id = $forum_id = $anonymous_data = 0;
     532    $reply = $reply_id = $reply_to = $reply_author = $topic_id = $forum_id = 0;
    537533    $reply_title = $reply_content = $reply_edit_reason = $terms = '';
     534    $anonymous_data = array();
    538535
    539536    /** Reply *****************************************************************/
     
    807804 * @param int $topic_id Optional. Topic id
    808805 * @param int $forum_id Optional. Forum id
    809  * @param bool|array $anonymous_data Optional logged-out user data.
     806 * @param array $anonymous_data Optional - if it's an anonymous post. Do not
     807 *                              supply if supplying $author_id. Should be
     808 *                              sanitized (see {@link bbp_filter_anonymous_post_data()}
    810809 * @param int $author_id Author id
    811810 * @param bool $is_edit Optional. Is the post being edited? Defaults to false.
     
    830829 * @uses bbp_update_reply_walker() To update the reply's ancestors' counts
    831830 */
    832 function bbp_update_reply( $reply_id = 0, $topic_id = 0, $forum_id = 0, $anonymous_data = false, $author_id = 0, $is_edit = false, $reply_to = 0 ) {
     831function bbp_update_reply( $reply_id = 0, $topic_id = 0, $forum_id = 0, $anonymous_data = array(), $author_id = 0, $is_edit = false, $reply_to = 0 ) {
    833832
    834833    // Validate the ID's passed from 'bbp_new_reply' action
     
    859858
    860859    // If anonymous post, store name, email, website and ip in post_meta.
    861     // It expects anonymous_data to be sanitized.
    862     // Check bbp_filter_anonymous_post_data() for sanitization.
    863     if ( ! empty( $anonymous_data ) && is_array( $anonymous_data ) ) {
    864 
    865         // Parse arguments against default values
    866         $r = bbp_parse_args( $anonymous_data, array(
    867             'bbp_anonymous_name'    => '',
    868             'bbp_anonymous_email'   => '',
    869             'bbp_anonymous_website' => '',
    870         ), 'update_reply' );
    871 
    872         // Update all anonymous metas
    873         foreach ( $r as $anon_key => $anon_value ) {
    874             update_post_meta( $reply_id, '_' . $anon_key, (string) $anon_value, false );
    875         }
     860    if ( ! empty( $anonymous_data ) ) {
     861
     862        // Update anonymous meta data (not cookies)
     863        bbp_update_anonymous_post_author( $reply_id, $anonymous_data, 'reply' );
    876864
    877865        // Set transient for throttle check (only on new, not edit)
Note: See TracChangeset for help on using the changeset viewer.