Improve user submitted data sanitization

[johnjamesjacoby]

This ticket is for general improvements to user submitted data sanitization.

There are a few places where form fields could be more appropriately sanitized. WordPress functions like sanitize_key() & sanitize_user() are being under utilized, and some $_POST and $_GET values are being trusted a bit more than they should be.

Commits imminent.

[johnjamesjacoby]

In 5587:

Use sanitize_key() in bbp_post_request() and bbp_get_request(), improving the predictability of possible actions. See #2742.

[johnjamesjacoby]

In 5588:

Use sanitize_key() in bbp_get_form_reply_status_dropdown() to ensure value is within expected boundaries. See #2742.

[johnjamesjacoby]

In 5589:

Use sanitize_key() in topics/functions.php to ensure values are within expected boundaries. See #2742.

[johnjamesjacoby]

In 5590:

Use sanitize_user() in bbp_user_maybe_convert_pass() to ensure user login is within expected boundaries. See #2742.

[johnjamesjacoby]

In 5591:

Use sanitize_key() in bbp_profile_update_role() to ensure role value is within expected boundaries. See #2742.

[johnjamesjacoby]

In 5592:

Use sanitize_key() in forums/template.php to ensure values are within expected boundaries. See #2742.

[johnjamesjacoby]

In 5593:

Cast value as (int) in bbp_get_form_forum_parent(), ensuring it is numerical for the remaining call stack. See #2742.

[johnjamesjacoby]

In 5594:

s/POST/GET/ from r5587. See #2742.

[johnjamesjacoby]

Let's call this fixed and commit to it later if necessary.

[johnjamesjacoby]

Assigning all closed & unassigned tickets in the 2.6 milestone to myself.