Skip to:
Content

bbPress.org

Changeset 6828


Ignore:
Timestamp:
07/05/2018 06:16:02 AM (8 years ago)
Author:
johnjamesjacoby
Message:

Engagements: enforce absint() on function parameters in engagements API.

Also fixes a bug causing an array_search() to erroneously fail.

See #3206.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/includes/users/engagements.php

    r6768 r6828  
    2727 */
    2828function bbp_add_user_to_object( $object_id = 0, $user_id = 0, $rel_key = '', $rel_type = 'post', $unique = false ) {
    29     $retval = bbp_user_engagements_interface( $rel_key, $rel_type )->add_user_to_object( $object_id, $user_id, $rel_key, $rel_type, $unique );
     29    $object_id = absint( $object_id );
     30    $user_id   = absint( $user_id );
     31    $retval    = bbp_user_engagements_interface( $rel_key, $rel_type )->add_user_to_object( $object_id, $user_id, $rel_key, $rel_type, $unique );
    3032
    3133    // Filter & return
     
    6466 */
    6567function bbp_remove_user_from_all_objects( $user_id = 0, $rel_key = '', $rel_type = 'post' ) {
    66     $retval = bbp_user_engagements_interface( $rel_key, $rel_type )->remove_user_from_all_objects( $user_id, $rel_key, $rel_type );
     68    $user_id = absint( $user_id );
     69    $retval  = bbp_user_engagements_interface( $rel_key, $rel_type )->remove_user_from_all_objects( $user_id, $rel_key, $rel_type );
    6770
    6871    // Filter & return
     
    8386 */
    8487function bbp_remove_object_from_all_users( $object_id = 0, $rel_key = '', $rel_type = 'post' ) {
    85     $retval = bbp_user_engagements_interface( $rel_key, $rel_type )->remove_object_from_all_users( $object_id, $rel_key, $rel_type );
     88    $object_id = absint( $object_id );
     89    $retval    = bbp_user_engagements_interface( $rel_key, $rel_type )->remove_object_from_all_users( $object_id, $rel_key, $rel_type );
    8690
    8791    // Filter & return
     
    118122 */
    119123function bbp_get_users_for_object( $object_id = 0, $rel_key = '', $rel_type = 'post' ) {
    120     $retval = bbp_user_engagements_interface( $rel_key, $rel_type )->get_users_for_object( $object_id, $rel_key, $rel_type );
     124    $object_id = absint( $object_id );
     125    $retval    = bbp_user_engagements_interface( $rel_key, $rel_type )->get_users_for_object( $object_id, $rel_key, $rel_type );
    121126
    122127    // Filter & return
     
    137142 */
    138143function bbp_is_object_of_user( $object_id = 0, $user_id = 0, $rel_key = '', $rel_type = 'post' ) {
    139     $user_ids = bbp_get_users_for_object( $object_id, $rel_key, $rel_type );
    140     $retval   = is_numeric( array_search( $user_id, $user_ids, true ) );
     144    $object_id = absint( $object_id );
     145    $user_id   = absint( $user_id );
     146    $user_ids  = bbp_get_users_for_object( $object_id, $rel_key, $rel_type );
     147    $retval    = is_numeric( array_search( $user_id, $user_ids, true ) );
    141148
    142149    // Filter & return
Note: See TracChangeset for help on using the changeset viewer.