Changeset 12916

Timestamp:

04/28/2021 11:49:56 PM (3 months ago)

Author:

dcavins

Message:

BP_Invitation_Manager: Verify passed email addresses.

Ensure that incoming email addresses pass
an is_email() check.
Also fix a documentation error in BP_Invitation.

See #8139.

Location:

trunk/src/bp-core/classes

Files:

• class-bp-invitation-manager.php (modified) (1 diff)
• class-bp-invitation.php (modified) (1 diff)

trunk/src/bp-core/classes/class-bp-invitation-manager.php

@@ -97 +97 @@
         // Invitations must have an invitee and inviter.
         if ( ! ( ( $r['user_id'] || $r['invitee_email'] ) && $r['inviter_id'] ) ) {
+            return false;
+        }
+
+        // If an email address is specified, it must be a valid email address.
+        if ( $r['invitee_email'] && ! is_email( $r['invitee_email'] ) ) {
             return false;
         }

trunk/src/bp-core/classes/class-bp-invitation.php

@@ -661 +661 @@
      *     $per_page can be treated as filter values for get_where_sql()
      *     and get_query_clauses(). All items are optional.
-     *     @type int|array    $id                ID of invitation being updated.
+     *     @type int|array    $id                ID of invitation being fetched.
      *                                           Can be an array of IDs.
      *     @type int|array    $user_id           ID of user being queried. Can be an