Skip to:
Content

Changeset 6512


Ignore:
Timestamp:
06/09/17 16:30:56 (6 months ago)
Author:
johnjamesjacoby
Message:

Users: Sanitize name, email, and website in bbp_filter_anonymous_post_data().

2.5 branch, for 2.5.13.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.5/includes/common/functions.php

    r6410 r6512  
    614614    // Parse arguments against default values 
    615615    $r = bbp_parse_args( $args, array ( 
    616         'bbp_anonymous_name'    => !empty( $_POST['bbp_anonymous_name']    ) ? $_POST['bbp_anonymous_name']    : false, 
    617         'bbp_anonymous_email'   => !empty( $_POST['bbp_anonymous_email']   ) ? $_POST['bbp_anonymous_email']  : false, 
    618         'bbp_anonymous_website' => !empty( $_POST['bbp_anonymous_website'] ) ? $_POST['bbp_anonymous_website'] : false, 
     616        'bbp_anonymous_name'    => !empty( $_POST['bbp_anonymous_name']    ) ? sanitize_text_field( $_POST['bbp_anonymous_name']    ) : false, 
     617        'bbp_anonymous_email'   => !empty( $_POST['bbp_anonymous_email']   ) ? sanitize_email(      $_POST['bbp_anonymous_email']   ) : false, 
     618        'bbp_anonymous_website' => !empty( $_POST['bbp_anonymous_website'] ) ? sanitize_text_field( $_POST['bbp_anonymous_website'] ) : false, 
    619619    ), 'filter_anonymous_post_data' ); 
    620620 
     
    679679        $clauses = get_meta_sql( array( array( 
    680680            'key'   => '_bbp_anonymous_email', 
    681             'value' => $r['anonymous_data']['bbp_anonymous_email'] 
     681            'value' => sanitize_email( $r['anonymous_data']['bbp_anonymous_email'] ) 
    682682        ) ), 'post', $wpdb->posts, 'ID' ); 
    683683 
Note: See TracChangeset for help on using the changeset viewer.