Changeset 13871 for trunk/src/bp-activity/bp-activity-admin.php

Timestamp:

05/24/2024 02:07:17 PM (22 months ago)

Author:

espellcaste

Message:

WPCS: The modified code addresses all WordPress.Security.SafeRedirect issues in the codebase.

All redirects in the codebase are now using the wp_safe_redirect() function, which validates and sanitizes the URLs, improving the overall security of the application.

Props imath
See #7228
Closes ​https://github.com/buddypress/buddypress/pull/290

File:

• trunk/src/bp-activity/bp-activity-admin.php (modified) (4 diffs)

trunk/src/bp-activity/bp-activity-admin.php

@@ -476 +476 @@
          * @param string $redirect_to URL to redirect to.
          */
-        wp_redirect( apply_filters( 'bp_activity_admin_action_redirect', $redirect_to ) );
+        wp_safe_redirect( apply_filters( 'bp_activity_admin_action_redirect', $redirect_to ) );
         exit;
 
@@ -496 +496 @@
         // If the activity doesn't exist, just redirect back to the index.
         if ( empty( $activity->component ) ) {
-            wp_redirect( $redirect_to );
+            wp_safe_redirect( $redirect_to );
             exit;
         }
@@ -608 +608 @@
          * @param string $redirect_to URL to redirect to.
          */
-        wp_redirect( apply_filters( 'bp_activity_admin_edit_redirect', $redirect_to ) );
+        wp_safe_redirect( apply_filters( 'bp_activity_admin_edit_redirect', $redirect_to ) );
         exit;
 
@@ -614 +614 @@
     // If a referrer and a nonce is supplied, but no action, redirect back.
     } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
-        wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
+        wp_safe_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
         exit;
     }