Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
12/02/2015 08:47:28 PM (5 years ago)
Author:
djpaul
Message:

Improve input handling on a variety of admin screens (trunk).

An internal audit revealed some screens which react to form submission where we were not sanitising input as well as we could have been. We've added extra typecasting and existence checks to avoid mishandling causing PHP Notices.

Additionally, we moved a list of hardcoded BuddyPress "pages" (registration and account activation) into a filterable function to allow plugin developers to more easily customise or add to these, which also gives us the benefit of being able to use that function as a sanitisation whitelist, without duplicating that hardcoded list.

Props boonebgorges, DJPaul

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-groups/bp-groups-actions.php

    r10373 r10386  
    210210                foreach ( (array) $_POST['friends'] as $friend ) {
    211211                    groups_invite_user( array(
    212                         'user_id'  => $friend,
     212                        'user_id'  => (int) $friend,
    213213                        'group_id' => $bp->groups->new_group_id,
    214214                    ) );
Note: See TracChangeset for help on using the changeset viewer.