Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
05/07/2013 11:42:23 PM (11 years ago)
Author:
boonebgorges
Message:

Audit of parameter sanitization in Groups and Core database classes

  • Uses wp_parse_id_list() to sanitize parameters of integer arrays
  • Implements a more consistent approach to LIKE clause sanitization

See #4989

Props johnjamesjacoby

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/1.7/bp-templates/bp-legacy/buddypress-functions.php

    r6867 r7014  
    415415    // If page and search_terms have been passed via the AJAX post request, use those.
    416416    if ( ! empty( $_POST['page'] ) && '-1' != $_POST['page'] )
    417         $qs[] = 'page=' . $_POST['page'];
     417        $qs[] = 'page=' . absint( $_POST['page'] );
    418418
    419419    $object_search_text = bp_get_search_default_text( $object );
Note: See TracChangeset for help on using the changeset viewer.