Changeset 11692
- Timestamp:
- 09/09/2017 12:43:21 AM (8 years ago)
- Location:
- trunk/src
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/bp-activity/classes/class-bp-activity-activity.php
r11580 r11692 1833 1833 $favorite_activity_entries = bp_get_user_meta( $user_id, 'bp_favorite_activities', true ); 1834 1834 if ( ! empty( $favorite_activity_entries ) ) { 1835 return count( maybe_unserialize( $favorite_activity_entries ));1835 return count( $favorite_activity_entries ); 1836 1836 } 1837 1837 -
trunk/src/bp-activity/classes/class-bp-activity-template.php
r11363 r11692 196 196 197 197 // Get an array of the logged in user's favorite activities. 198 $this->my_favs = maybe_unserialize( bp_get_user_meta( bp_loggedin_user_id(), 'bp_favorite_activities', true ));198 $this->my_favs = bp_get_user_meta( bp_loggedin_user_id(), 'bp_favorite_activities', true ); 199 199 200 200 // Fetch specific activity items based on ID's. -
trunk/src/bp-xprofile/bp-xprofile-filters.php
r11447 r11692 169 169 } 170 170 171 // Value might be serialized. 171 // Force reserialization if serialized (avoids mutation, retains integrity) 172 if ( is_serialized( $field_value ) && ( false === $reserialize ) ) { 173 $reserialize = true; 174 } 175 176 // Value might be a serialized array of options. 172 177 $field_value = maybe_unserialize( $field_value ); 173 178 174 // Filter singlevalue.175 if ( ! is_array( $field_value ) ) {179 // Sanitize single field value. 180 if ( ! is_array( $field_value ) ) { 176 181 $kses_field_value = xprofile_filter_kses( $field_value, $data_obj ); 177 182 $filtered_field_value = wp_rel_nofollow( force_balance_tags( $kses_field_value ) ); … … 188 193 $filtered_field_value = apply_filters( 'xprofile_filtered_data_value_before_save', $filtered_field_value, $field_value, $data_obj ); 189 194 190 // Filter each array item independently.195 // Sanitize multiple individual option values. 191 196 } else { 192 197 $filtered_values = array(); 193 198 foreach ( (array) $field_value as $value ) { 194 $kses_field_value 195 $filtered_value 199 $kses_field_value = xprofile_filter_kses( $value, $data_obj ); 200 $filtered_value = wp_rel_nofollow( force_balance_tags( $kses_field_value ) ); 196 201 197 202 /** This filter is documented in bp-xprofile/bp-xprofile-filters.php */ 198 203 $filtered_values[] = apply_filters( 'xprofile_filtered_data_value_before_save', $filtered_value, $value, $data_obj ); 199 200 204 } 201 205 -
trunk/src/bp-xprofile/bp-xprofile-functions.php
r11447 r11692 465 465 $field->field_id = $field_id; 466 466 $field->user_id = $user_id; 467 468 // Gets un/reserialized via xprofile_sanitize_data_value_before_save() 467 469 $field->value = maybe_serialize( $value ); 468 470 -
trunk/src/bp-xprofile/bp-xprofile-template.php
r11616 r11692 589 589 global $field; 590 590 591 /** 592 * Check to see if the posted value is different, if it is re-display this 593 * value as long as it's not empty and a required field. 594 */ 591 // Make sure field data object exists 595 592 if ( ! isset( $field->data ) ) { 596 593 $field->data = new stdClass; 597 594 } 598 595 596 // Default to empty value 599 597 if ( ! isset( $field->data->value ) ) { 600 598 $field->data->value = ''; 601 599 } 602 600 603 if ( isset( $_POST['field_' . $field->id] ) && $field->data->value != $_POST['field_' . $field->id] ) { 604 if ( ! empty( $_POST['field_' . $field->id] ) ) { 605 $field->data->value = $_POST['field_' . $field->id]; 606 } else { 607 $field->data->value = ''; 608 } 609 } 610 611 $field_value = isset( $field->data->value ) ? bp_unserialize_profile_field( $field->data->value ) : ''; 601 // Was a new value posted? If so, use it instead. 602 if ( isset( $_POST['field_' . $field->id] ) ) { 603 604 // This is sanitized via the filter below (based on the field type) 605 $field->data->value = $_POST['field_' . $field->id]; 606 } 612 607 613 608 /** … … 620 615 * @param int $id ID for the profile field. 621 616 */ 622 return apply_filters( 'bp_get_the_profile_field_edit_value', $field _value, $field->type, $field->id );617 return apply_filters( 'bp_get_the_profile_field_edit_value', $field->data->value, $field->type, $field->id ); 623 618 } 624 619 … … 905 900 906 901 /** 907 * Return unserialized profile field data. 902 * Return unserialized profile field data, and combine any array items into a 903 * comma-separated string. 908 904 * 909 905 * @since 1.0.0 … … 914 910 function bp_unserialize_profile_field( $value ) { 915 911 if ( is_serialized($value) ) { 916 $field_value = maybe_unserialize($value);912 $field_value = @unserialize($value); 917 913 $field_value = implode( ', ', $field_value ); 918 914 return $field_value;
Note: See TracChangeset
for help on using the changeset viewer.