Ticket #8913: 8913.patch
| File 8913.patch, 7.3 KB (added by , 3 years ago) |
|---|
-
bp-xprofile-caps.php
38 38 } 39 39 40 40 // Visibility on the fullname field is not editable. 41 if ( 1 == $field_id ) {41 if ( 1 === $field_id ) { 42 42 $caps[] = 'do_not_allow'; 43 43 break; 44 44 } 45 45 46 46 // Has the admin disabled visibility modification for this field? 47 if ( 'disabled' == bp_xprofile_get_meta( $field_id, 'field', 'allow_custom_visibility' ) ) {47 if ( 'disabled' === bp_xprofile_get_meta( $field_id, 'field', 'allow_custom_visibility' ) ) { 48 48 $caps[] = 'do_not_allow'; 49 49 break; 50 50 } 51 51 52 52 // Friends don't let friends edit each other's visibility. 53 if ( $profile_user_id != bp_displayed_user_id() && ! bp_current_user_can( 'bp_moderate' ) ) {53 if ( $profile_user_id !== bp_displayed_user_id() && ! bp_current_user_can( 'bp_moderate' ) ) { 54 54 $caps[] = 'do_not_allow'; 55 55 break; 56 56 } -
bp-xprofile-cssjs.php
16 16 * @since 1.1.0 17 17 */ 18 18 function xprofile_add_admin_css() { 19 if ( ! empty( $_GET['page'] ) && strpos( $_GET['page'], 'bp-profile-setup' ) !== false ) {19 if ( ! empty( $_GET['page'] ) && strpos( sanitize_text_field( $_GET['page'] ), 'bp-profile-setup' ) !== false ) { 20 20 $min = bp_core_get_minified_asset_suffix(); 21 21 22 22 wp_enqueue_style( 'xprofile-admin-css', buddypress()->plugin_url . "bp-xprofile/admin/css/admin{$min}.css", array(), bp_get_version() ); … … 35 35 * @since 1.5.0 36 36 */ 37 37 function xprofile_add_admin_js() { 38 if ( ! empty( $_GET['page'] ) && strpos( $_GET['page'], 'bp-profile-setup' ) !== false ) {38 if ( ! empty( $_GET['page'] ) && strpos( sanitize_text_field( $_GET['page'] ), 'bp-profile-setup' ) !== false ) { 39 39 wp_enqueue_script( 'jquery-ui-core' ); 40 40 wp_enqueue_script( 'jquery-ui-tabs' ); 41 41 wp_enqueue_script( 'jquery-ui-mouse' ); -
classes/class-bp-xprofile-field-type-checkbox.php
126 126 127 127 // Check for updated posted values, but errors preventing them from 128 128 // being saved first time. 129 if ( isset( $_POST[ 'field_' . $this->field_obj->id ] ) && $option_values != maybe_serialize( $_POST[ 'field_' . $this->field_obj->id ] ) ) {129 if ( isset( $_POST[ 'field_' . $this->field_obj->id ] ) && $option_values !== maybe_serialize( $_POST[ 'field_' . $this->field_obj->id ] ) ) { 130 130 if ( ! empty( $_POST[ 'field_' . $this->field_obj->id ] ) ) { 131 131 $option_values = array_map( 'sanitize_text_field', $_POST[ 'field_' . $this->field_obj->id ] ); 132 132 } … … 142 142 // so we'll be sure to get a match. 143 143 $allowed_options = xprofile_sanitize_data_value_before_save( $options[ $k ]->name, false, false ); 144 144 145 if ( $option_values[ $j ] === $allowed_options || in_array( $allowed_options, $option_values ) ) {145 if ( $option_values[ $j ] === $allowed_options || in_array( $allowed_options, $option_values, true ) ) { 146 146 $selected = ' checked="checked"'; 147 147 break; 148 148 } -
classes/class-bp-xprofile-field.php
484 484 $parent_id = $this->id; 485 485 486 486 // Allow plugins to filter the field's child options (i.e. the items in a selectbox). 487 $post_option = ! empty( $_POST[ "{$this->type}_option" ] ) ? $_POST[ "{$this->type}_option" ]: '';488 $post_default = ! empty( $_POST[ "isDefault_{$this->type}_option" ] ) ? $_POST[ "isDefault_{$this->type}_option" ]: '';487 $post_option = ! empty( $_POST[ "{$this->type}_option" ] ) ? sanitize_text_field( $_POST[ "{$this->type}_option" ] ) : ''; 488 $post_default = ! empty( $_POST[ "isDefault_{$this->type}_option" ] ) ? sanitize_text_field( $_POST[ "isDefault_{$this->type}_option" ] ) : ''; 489 489 490 490 /** 491 491 * Filters the submitted field option value before saved. … … 517 517 $is_default = 1; 518 518 } 519 519 } else { 520 if ( (int) $defaults == $option_key ) {520 if ( (int) $defaults === $option_key ) { 521 521 $is_default = 1; 522 522 } 523 523 } 524 524 525 if ( '' != $option_value ) {525 if ( '' !== $option_value ) { 526 526 $sql = $wpdb->prepare( "INSERT INTO {$bp->profile->table_name_fields} (group_id, parent_id, type, name, description, is_required, option_order, is_default_option) VALUES (%d, %d, 'option', %s, '', 0, %d, %d)", $this->group_id, $parent_id, $option_value, $counter, $is_default ); 527 527 if ( ! $wpdb->query( $sql ) ) { 528 528 return false; … … 651 651 652 652 // If '_none' is found in the array, it overrides all types. 653 653 $types = array(); 654 if ( ! in_array( '_none', $raw_types ) ) {654 if ( ! in_array( '_none', $raw_types, true ) ) { 655 655 $registered_types = bp_get_member_types(); 656 656 657 657 // Eliminate invalid member types saved in the database. … … 766 766 */ 767 767 public function get_member_type_label() { 768 768 // Field 1 is always displayed to everyone, so never gets a label. 769 if ( 1 == $this->id ) {769 if ( 1 === $this->id ) { 770 770 return ''; 771 771 } 772 772 … … 780 780 781 781 // If the field applies to all member types, show no message. 782 782 $all_types[] = 'null'; 783 if ( array_values( $all_types ) == $member_types ) {783 if ( array_values( $all_types ) === $member_types ) { 784 784 return ''; 785 785 } 786 786 … … 1165 1165 // Check that field is of valid type. 1166 1166 if ( ! in_array( $_POST['fieldtype'], array_keys( bp_xprofile_get_field_types() ), true ) ) { 1167 1167 /* translators: %s: field type name */ 1168 $message = sprintf( esc_html__( 'The profile field type %s is not registered.', 'buddypress' ), '<code>' . esc_attr( $_POST['fieldtype'] ) . '</code>' );1168 $message = sprintf( esc_html__( 'The profile field type %s is not registered.', 'buddypress' ), '<code>' . sanitize_text_field( $_POST['fieldtype'] ) . '</code>' ); 1169 1169 return false; 1170 1170 } 1171 1171 1172 1172 // Get field type so we can check for and validate any field options. 1173 $field_type = bp_xprofile_create_field_type( $_POST['fieldtype']);1173 $field_type = bp_xprofile_create_field_type( sanitize_text_field( $_POST['fieldtype'] ) ); 1174 1174 1175 1175 // Field type requires options. 1176 1176 if ( true === $field_type->supports_options ) { … … 1253 1253 ), $users_url . '#tabs-' . (int) $this->group_id ); 1254 1254 1255 1255 if ( ! empty( $_POST['saveField'] ) ) { 1256 $this->name = $_POST['title'];1257 $this->description = $_POST['description'];1258 $this->is_required = $_POST['required'];1259 $this->type = $_POST['fieldtype'];1260 $this->field_order = $_POST['field_order'];1256 $this->name = sanitize_text_field( $_POST['title'] ); 1257 $this->description = sanitize_text_field( $_POST['description'] ); 1258 $this->is_required = sanitize_text_field( $_POST['required'] ); 1259 $this->type = sanitize_text_field( $_POST['fieldtype'] ); 1260 $this->field_order = sanitize_text_field( $_POST['field_order'] ); 1261 1261 1262 1262 if ( ! empty( $_POST[ "sort_order_{$this->type}" ] ) ) { 1263 1263 $this->order_by = $_POST[ "sort_order_{$this->type}" ];