Skip to:
Content

BuddyPress.org

Changeset 6745


Ignore:
Timestamp:
01/24/2013 07:41:46 PM (9 years ago)
Author:
johnjamesjacoby
Message:

Improve input validation in bp-default's ajax.php. Props Maty. (1.6 branch)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/1.6/bp-themes/bp-default/_inc/ajax.php

    r6705 r6745  
    595595        return;
    596596
    597     if ( 'is_friend' == BP_Friends_Friendship::check_is_friend( bp_loggedin_user_id(), $_POST['fid'] ) ) {
     597    // Cast fid as an integer
     598    $friend_id = (int) $_POST['fid'];
     599
     600    // Trying to cancel friendship
     601    if ( 'is_friend' == BP_Friends_Friendship::check_is_friend( bp_loggedin_user_id(), $friend_id ) ) {
    598602        check_ajax_referer( 'friends_remove_friend' );
    599603
    600         if ( ! friends_remove_friend( bp_loggedin_user_id(), $_POST['fid'] ) )
     604        if ( ! friends_remove_friend( bp_loggedin_user_id(), $friend_id ) ) {
    601605            echo __( 'Friendship could not be canceled.', 'buddypress' );
    602         else
    603             echo '<a id="friend-' . $_POST['fid'] . '" class="add" rel="add" title="' . __( 'Add Friend', 'buddypress' ) . '" href="' . wp_nonce_url( bp_loggedin_user_domain() . bp_get_friends_slug() . '/add-friend/' . $_POST['fid'], 'friends_add_friend' ) . '">' . __( 'Add Friend', 'buddypress' ) . '</a>';
    604 
    605     } elseif ( 'not_friends' == BP_Friends_Friendship::check_is_friend( bp_loggedin_user_id(), $_POST['fid'] ) ) {
     606        } else {
     607            echo '<a id="friend-' . esc_attr( $friend_id ) . '" class="add" rel="add" title="' . __( 'Add Friend', 'buddypress' ) . '" href="' . wp_nonce_url( bp_loggedin_user_domain() . bp_get_friends_slug() . '/add-friend/' . $friend_id, 'friends_add_friend' ) . '">' . __( 'Add Friend', 'buddypress' ) . '</a>';
     608        }
     609
     610    // Trying to request friendship
     611    } elseif ( 'not_friends' == BP_Friends_Friendship::check_is_friend( bp_loggedin_user_id(), $friend_id ) ) {
    606612        check_ajax_referer( 'friends_add_friend' );
    607613
    608         if ( ! friends_add_friend( bp_loggedin_user_id(), $_POST['fid'] ) )
     614        if ( ! friends_add_friend( bp_loggedin_user_id(), $friend_id ) ) {
    609615            echo __(' Friendship could not be requested.', 'buddypress' );
    610         else
    611             echo '<a id="friend-' . $_POST['fid'] . '" class="remove" rel="remove" title="' . __( 'Cancel Friendship Request', 'buddypress' ) . '" href="' . wp_nonce_url( bp_loggedin_user_domain() . bp_get_friends_slug() . '/requests/cancel/' . (int) $_POST['fid'] . '/', 'friends_withdraw_friendship' ) . '" class="requested">' . __( 'Cancel Friendship Request', 'buddypress' ) . '</a>';
    612 
    613     } elseif ( 'pending' == BP_Friends_Friendship::check_is_friend( bp_loggedin_user_id(), (int) $_POST['fid'] ) ) {
     616        } else {
     617            echo '<a id="friend-' . esc_attr( $friend_id ) . '" class="remove" rel="remove" title="' . __( 'Cancel Friendship Request', 'buddypress' ) . '" href="' . wp_nonce_url( bp_loggedin_user_domain() . bp_get_friends_slug() . '/requests/cancel/' . $friend_id . '/', 'friends_withdraw_friendship' ) . '" class="requested">' . __( 'Cancel Friendship Request', 'buddypress' ) . '</a>';
     618        }
     619
     620    // Trying to cancel pending request
     621    } elseif ( 'pending' == BP_Friends_Friendship::check_is_friend( bp_loggedin_user_id(), $friend_id ) ) {
    614622        check_ajax_referer( 'friends_withdraw_friendship' );
    615623
    616         if ( friends_withdraw_friendship( bp_loggedin_user_id(), (int) $_POST['fid'] ) )
    617             echo '<a id="friend-' . $_POST['fid'] . '" class="add" rel="add" title="' . __( 'Add Friend', 'buddypress' ) . '" href="' . wp_nonce_url( bp_loggedin_user_domain() . bp_get_friends_slug() . '/add-friend/' . $_POST['fid'], 'friends_add_friend' ) . '">' . __( 'Add Friend', 'buddypress' ) . '</a>';
    618         else
     624        if ( friends_withdraw_friendship( bp_loggedin_user_id(), $friend_id ) ) {
     625            echo '<a id="friend-' . esc_attr( $friend_id ) . '" class="add" rel="add" title="' . __( 'Add Friend', 'buddypress' ) . '" href="' . wp_nonce_url( bp_loggedin_user_domain() . bp_get_friends_slug() . '/add-friend/' . $friend_id, 'friends_add_friend' ) . '">' . __( 'Add Friend', 'buddypress' ) . '</a>';
     626        } else {
    619627            echo __("Friendship request could not be cancelled.", 'buddypress');
    620 
     628        }
     629
     630    // Request already pending
    621631    } else {
    622632        echo __( 'Request Pending', 'buddypress' );
     
    639649    check_admin_referer( 'friends_accept_friendship' );
    640650
    641     if ( ! friends_accept_friendship( $_POST['id'] ) )
     651    if ( ! friends_accept_friendship( (int) $_POST['id'] ) )
    642652        echo "-1<div id='message' class='error'><p>" . __( 'There was a problem accepting that request. Please try again.', 'buddypress' ) . '</p></div>';
    643653
     
    658668    check_admin_referer( 'friends_reject_friendship' );
    659669
    660     if ( ! friends_reject_friendship( $_POST['id'] ) )
     670    if ( ! friends_reject_friendship( (int) $_POST['id'] ) )
    661671        echo "-1<div id='message' class='error'><p>" . __( 'There was a problem rejecting that request. Please try again.', 'buddypress' ) . '</p></div>';
    662672
     
    675685        return;
    676686
    677     if ( groups_is_user_banned( bp_loggedin_user_id(), $_POST['gid'] ) )
    678         return;
    679 
    680     if ( ! $group = groups_get_group( array( 'group_id' => $_POST['gid'] ) ) )
     687    // Cast gid as integer
     688    $group_id = (int) $_POST['gid'];
     689
     690    if ( groups_is_user_banned( bp_loggedin_user_id(), $group_id ) )
     691        return;
     692
     693    if ( ! $group = groups_get_group( array( 'group_id' => $group_id ) ) )
    681694        return;
    682695
     
    685698            check_ajax_referer( 'groups_join_group' );
    686699
    687             if ( ! groups_join_group( $group->id ) )
     700            if ( ! groups_join_group( $group->id ) ) {
    688701                _e( 'Error joining group', 'buddypress' );
    689             else
     702            } else {
    690703                echo '<a id="group-' . esc_attr( $group->id ) . '" class="leave-group" rel="leave" title="' . __( 'Leave Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'leave-group', 'groups_leave_group' ) . '">' . __( 'Leave Group', 'buddypress' ) . '</a>';
     704            }
    691705
    692706        } elseif ( 'private' == $group->status ) {
    693707            check_ajax_referer( 'groups_request_membership' );
    694708
    695             if ( ! groups_send_membership_request( bp_loggedin_user_id(), $group->id ) )
     709            if ( ! groups_send_membership_request( bp_loggedin_user_id(), $group->id ) ) {
    696710                _e( 'Error requesting membership', 'buddypress' );
    697             else
     711            } else {
    698712                echo '<a id="group-' . esc_attr( $group->id ) . '" class="membership-requested" rel="membership-requested" title="' . __( 'Membership Requested', 'buddypress' ) . '" href="' . bp_get_group_permalink( $group ) . '">' . __( 'Membership Requested', 'buddypress' ) . '</a>';
     713            }
    699714        }
    700715
     
    702717        check_ajax_referer( 'groups_leave_group' );
    703718
    704         if ( ! groups_leave_group( $group->id ) )
     719        if ( ! groups_leave_group( $group->id ) ) {
    705720            _e( 'Error leaving group', 'buddypress' );
    706         elseif ( 'public' == $group->status )
     721        } elseif ( 'public' == $group->status ) {
    707722            echo '<a id="group-' . esc_attr( $group->id ) . '" class="join-group" rel="join" title="' . __( 'Join Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'join', 'groups_join_group' ) . '">' . __( 'Join Group', 'buddypress' ) . '</a>';
    708         elseif ( 'private' == $group->status )
     723        } elseif ( 'private' == $group->status ) {
    709724            echo '<a id="group-' . esc_attr( $group->id ) . '" class="request-membership" rel="join" title="' . __( 'Request Membership', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'request-membership', 'groups_send_membership_request' ) . '">' . __( 'Request Membership', 'buddypress' ) . '</a>';
     725        }
    710726    }
    711727
     
    751767    check_ajax_referer( 'messages_send_message' );
    752768
    753     $result = messages_new_message( array( 'thread_id' => $_REQUEST['thread_id'], 'content' => $_REQUEST['content'] ) );
     769    $result = messages_new_message( array( 'thread_id' => (int) $_REQUEST['thread_id'], 'content' => $_REQUEST['content'] ) );
    754770
    755771    if ( $result ) { ?>
     
    800816
    801817        for ( $i = 0, $count = count( $thread_ids ); $i < $count; ++$i ) {
    802             BP_Messages_Thread::mark_as_unread($thread_ids[$i]);
     818            BP_Messages_Thread::mark_as_unread( (int) $thread_ids[$i] );
    803819        }
    804820    }
     
    825841
    826842        for ( $i = 0, $count = count( $thread_ids ); $i < $count; ++$i ) {
    827             BP_Messages_Thread::mark_as_read($thread_ids[$i]);
     843            BP_Messages_Thread::mark_as_read( (int) $thread_ids[$i] );
    828844        }
    829845    }
     
    849865        $thread_ids = explode( ',', $_POST['thread_ids'] );
    850866
    851         for ( $i = 0, $count = count( $thread_ids ); $i < $count; ++$i )
    852             BP_Messages_Thread::delete($thread_ids[$i]);
     867        for ( $i = 0, $count = count( $thread_ids ); $i < $count; ++$i ) {
     868            BP_Messages_Thread::delete( (int) $thread_ids[$i] );
     869        }
    853870
    854871        _e( 'Messages deleted.', 'buddypress' );
     
    861878 * AJAX handler for autocomplete. Displays friends only, unless BP_MESSAGES_AUTOCOMPLETE_ALL is defined.
    862879 *
    863  * @global BuddyPress $bp The one true BuddyPress instance
    864880 * @return string HTML
    865881 * @since BuddyPress (1.2)
    866882 */
    867883function bp_dtheme_ajax_messages_autocomplete_results() {
    868     global $bp;
    869884
    870885    // Include everyone in the autocomplete, or just friends?
    871886    if ( bp_is_current_component( bp_get_messages_slug() ) )
    872         $autocomplete_all = $bp->messages->autocomplete_all;
     887        $autocomplete_all = buddypress()->messages->autocomplete_all;
    873888
    874889    $pag_page = 1;
    875     $limit    = $_GET['limit'] ? $_GET['limit'] : apply_filters( 'bp_autocomplete_max_results', 10 );
     890    $limit    = (int) $_GET['limit'] ? $_GET['limit'] : apply_filters( 'bp_autocomplete_max_results', 10 );
    876891
    877892    // Get the user ids based on the search terms
     
    883898            $user_ids = array();
    884899            foreach( $users['users'] as $user ) {
    885                 if ( $user->id != bp_loggedin_user_id() )
     900                if ( $user->id != bp_loggedin_user_id() ) {
    886901                    $user_ids[] = $user->id;
     902                }
    887903            }
    888904
     
    897913            $users = apply_filters( 'bp_friends_autocomplete_list', $users, $_GET['q'], $limit );
    898914
    899             if ( ! empty( $users['friends'] ) )
     915            if ( ! empty( $users['friends'] ) ) {
    900916                $user_ids = apply_filters( 'bp_friends_autocomplete_ids', $users['friends'], $_GET['q'], $limit );
     917            }
    901918        }
    902919    }
     
    905922        foreach ( $user_ids as $user_id ) {
    906923            $ud = get_userdata( $user_id );
    907             if ( ! $ud )
     924            if ( ! $ud ) {
    908925                continue;
    909 
    910             if ( bp_is_username_compatibility_mode() )
     926            }
     927
     928            if ( bp_is_username_compatibility_mode() ) {
    911929                $username = $ud->user_login;
    912             else
     930            } else {
    913931                $username = $ud->user_nicename;
     932            }
    914933
    915934            // Note that the final line break acts as a delimiter for the
    916935            // autocomplete javascript and thus should not be removed
    917             echo '<span id="link-' . $username . '" href="' . bp_core_get_user_domain( $user_id ) . '"></span>' . bp_core_fetch_avatar( array( 'item_id' => $user_id, 'type' => 'thumb', 'width' => 15, 'height' => 15, 'alt' => $ud->display_name ) ) . ' &nbsp;' . bp_core_get_user_displayname( $user_id ) . ' (' . $username . ')' . "\n";
    918         }
    919     }
    920 
    921     exit;
    922 }
    923 ?>
     936            echo '<span id="link-' . esc_attr( $username ) . '" href="' . bp_core_get_user_domain( $user_id ) . '"></span>' . bp_core_fetch_avatar( array( 'item_id' => $user_id, 'type' => 'thumb', 'width' => 15, 'height' => 15, 'alt' => $ud->display_name ) ) . ' &nbsp;' . bp_core_get_user_displayname( $user_id ) . ' (' . esc_html( $username ) . ')' . "\n";
     937        }
     938    }
     939
     940    exit;
     941}
Note: See TracChangeset for help on using the changeset viewer.