Skip to:
Content

Ignore:
Timestamp:
04/19/2017 08:58:52 PM (2 years ago)
Author:
johnjamesjacoby
Message:

Anonymous: Improve $anonymous_data implementation:

  • Always treat it as an array, handling for false values was never used
  • Introduce _sanitize_ and _update_ partner functions for the existing _filter_ function
  • Ensure that cookies and meta-data values are stripped of invalid characters in the same way that anonymous comments are, to prevent inconsistencies between anonymous forum and commenter cookie data
  • Update surrounding documentation blocks
  • Prefer strict type-casting and is_array() comparisons
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/includes/users/functions.php

    r6399 r6400  
    8989     */
    9090    function bbp_get_current_anonymous_user_data( $key = '' ) {
     91
     92        // Array of allowed cookie names
    9193        $cookie_names = array(
    9294            'name'  => 'comment_author',
     
    100102        );
    101103
     104        // Sanitize core cookies
    102105        sanitize_comment_cookies();
    103106
     107        // Get the current poster's info from the cookies
    104108        $bbp_current_poster = wp_get_current_commenter();
    105109
    106         if ( ! empty( $key ) && in_array( $key, array_keys( $cookie_names ) ) ) {
     110        // Sanitize the cookie key being retrieved
     111        $key = sanitize_key( $key );
     112
     113        // Maybe return a specific key
     114        if ( ! empty( $key ) && in_array( $key, array_keys( $cookie_names ), true ) ) {
    107115            return $bbp_current_poster[ $cookie_names[ $key ] ];
    108116        }
    109117
     118        // Return all keys
    110119        return $bbp_current_poster;
    111120    }
     
    116125 * @since 2.0.0 bbPress (r2734)
    117126 *
    118  * @param array $anonymous_data With keys 'bbp_anonymous_name',
    119  *                               'bbp_anonymous_email', 'bbp_anonymous_website'.
    120  *                               Should be sanitized (see
    121  *                               {@link bbp_filter_anonymous_post_data()} for
    122  *                               sanitization)
     127 * @param array $anonymous_data Optional - if it's an anonymous post. Do not
     128 *                              supply if supplying $author_id. Should be
     129 *                              sanitized (see {@link bbp_filter_anonymous_post_data()}
    123130 * @uses apply_filters() Calls 'comment_cookie_lifetime' for cookie lifetime.
    124131 *                        Defaults to 30000000.
     
    126133function bbp_set_current_anonymous_user_data( $anonymous_data = array() ) {
    127134
    128     //  Bail if empty or not an array
     135    // Bail if empty or not an array
    129136    if ( empty( $anonymous_data ) || ! is_array( $anonymous_data ) ) {
    130137        return;
Note: See TracChangeset for help on using the changeset viewer.