Skip to:
Content

#2610 closed defect (fixed)

Displayed user data improvements

Reported by: johnjamesjacoby Owned by:
Milestone: 2.5.4 Priority: highest
Severity: critical Version: 2.1
Component: Component - Users Keywords:
Cc:

Description

When viewing or editing a user profile, certain user data is not prepped for display (either by WordPress or bbPress.) An assumption was made that WordPress's default filters would cover this for us via the sanitize_user_field() function, however more investigation uncovered this is not the case, as most of these are sanitized only when is_admin() is true.

The affected functions are:

  • bbp_displayed_user_field()
  • bbp_get_displayed_user_field()

Related to #1999. Patch incoming.

Attachments (1)

2610.patch (3.2 KB) - added by johnjamesjacoby 11 months ago.

Download all attachments as: .zip

Change History (4)

@johnjamesjacoby11 months ago

comment:1 @johnjamesjacoby11 months ago

In 5369:

Introduce bbp_sanitize_displayed_user_field() function to handle the sanitizing of displayed user data, and add it to the bbp_get_displayed_user_field filter. Props mazengamal. See #2610 (trunk).

comment:2 @johnjamesjacoby11 months ago

In 5370:

Introduce bbp_sanitize_displayed_user_field() function to handle the sanitizing of displayed user data, and add it to the bbp_get_displayed_user_field filter. Props mazengamal. See #2610 (2.5 branch).

comment:3 @johnjamesjacoby11 months ago

  • Resolution set to fixed
  • Status changed from new to closed

Marking as resolved.

Note: See TracTickets for help on using tickets.