Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
12/23/2019 07:56:32 AM (5 years ago)
Author:
imath
Message:

Improve object ID sanitization when deleting avatar or cover image

Fixes the issue in trunk.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-core/bp-core-attachments.php

    r12264 r12507  
    14501450    }
    14511451
    1452     if ( empty( $_POST['object'] ) || empty( $_POST['item_id'] ) ) {
     1452    if ( empty( $_POST['object'] ) || empty( $_POST['item_id'] ) || ( ! ctype_digit( $_POST['item_id'] ) && ! is_int( $_POST['item_id'] ) ) ) {
    14531453        wp_send_json_error();
    14541454    }
Note: See TracChangeset for help on using the changeset viewer.