Changeset 6400 for trunk/src/includes/users/functions.php

Timestamp:

04/19/2017 08:58:52 PM (9 years ago)

Author:

johnjamesjacoby

Message:

Anonymous: Improve $anonymous_data implementation:

• Always treat it as an array, handling for false values was never used
• Introduce _sanitize_ and _update_ partner functions for the existing _filter_ function
• Ensure that cookies and meta-data values are stripped of invalid characters in the same way that anonymous comments are, to prevent inconsistencies between anonymous forum and commenter cookie data
• Update surrounding documentation blocks
• Prefer strict type-casting and is_array() comparisons

File:

• trunk/src/includes/users/functions.php (modified) (4 diffs)

trunk/src/includes/users/functions.php

@@ -89 +89 @@
      */
     function bbp_get_current_anonymous_user_data( $key = '' ) {
+
+        // Array of allowed cookie names
         $cookie_names = array(
             'name'  => 'comment_author',
@@ -100 +102 @@
         );
 
+        // Sanitize core cookies
         sanitize_comment_cookies();
 
+        // Get the current poster's info from the cookies
         $bbp_current_poster = wp_get_current_commenter();
 
-        if ( ! empty( $key ) && in_array( $key, array_keys( $cookie_names ) ) ) {
+        // Sanitize the cookie key being retrieved
+        $key = sanitize_key( $key );
+
+        // Maybe return a specific key
+        if ( ! empty( $key ) && in_array( $key, array_keys( $cookie_names ), true ) ) {
             return $bbp_current_poster[ $cookie_names[ $key ] ];
         }
 
+        // Return all keys
         return $bbp_current_poster;
     }
@@ -116 +125 @@
  * @since 2.0.0 bbPress (r2734)
  *
- * @param array $anonymous_data With keys 'bbp_anonymous_name',
- *                               'bbp_anonymous_email', 'bbp_anonymous_website'.
- *                               Should be sanitized (see
- *                               {@link bbp_filter_anonymous_post_data()} for
- *                               sanitization)
+ * @param array $anonymous_data Optional - if it's an anonymous post. Do not
+ *                              supply if supplying $author_id. Should be
+ *                              sanitized (see {@link bbp_filter_anonymous_post_data()}
  * @uses apply_filters() Calls 'comment_cookie_lifetime' for cookie lifetime.
  *                        Defaults to 30000000.
@@ -126 +133 @@
 function bbp_set_current_anonymous_user_data( $anonymous_data = array() ) {
 
-    //  Bail if empty or not an array
+    // Bail if empty or not an array
     if ( empty( $anonymous_data ) || ! is_array( $anonymous_data ) ) {
         return;