Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
05/08/2013 08:27:22 PM (12 years ago)
Author:
boonebgorges
Message:

Improved sanitization for Core component database methods

All constructed IN clauses for integer values are now run through
wp_parse_id_list().

Also adds tests for the relevant methods.

Fixes #4992

Props johnjamesjacoby, DJPaul

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-core/bp-core-cache.php

    r6752 r7024  
    9393    }
    9494
    95     if ( !is_array( $object_ids ) ) {
    96         $object_ids = preg_replace( '|[^0-9,]|', '', $object_ids );
    97         $object_ids = explode( ',', $object_ids );
    98     }
    99 
    100     $object_ids = array_map( 'intval', $object_ids );
     95    $object_ids = wp_parse_id_list( $object_ids );
    10196
    10297    $cache = array();
Note: See TracChangeset for help on using the changeset viewer.