Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
05/07/2013 11:42:23 PM (11 years ago)
Author:
boonebgorges
Message:

Audit of parameter sanitization in Groups and Core database classes

  • Uses wp_parse_id_list() to sanitize parameters of integer arrays
  • Implements a more consistent approach to LIKE clause sanitization

See #4989

Props johnjamesjacoby

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/1.7/bp-themes/bp-default/_inc/ajax.php

    r6740 r7014  
    125125    // If page and search_terms have been passed via the AJAX post request, use those.
    126126    if ( ! empty( $_POST['page'] ) && '-1' != $_POST['page'] )
    127         $qs[] = 'page=' . $_POST['page'];
     127        $qs[] = 'page=' . absint( $_POST['page'] );
    128128
    129129    $object_search_text = bp_get_search_default_text( $object );
Note: See TracChangeset for help on using the changeset viewer.