Skip to:
Content

BuddyPress.org

Changeset 7256


Ignore:
Timestamp:
07/09/2013 07:04:17 PM (11 years ago)
Author:
boonebgorges
Message:

Improved sanitization when outputting template_notice messages

  • Strip slashes from cookie contents before attempting to display
  • Use kses for sanitization of message content

Props nacin

Location:
trunk/bp-core
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-core/bp-core-filters.php

    r7228 r7256  
    5252add_filter( 'bp_core_render_message_content', 'wpautop'           );
    5353add_filter( 'bp_core_render_message_content', 'shortcode_unautop' );
     54add_filter( 'bp_core_render_message_content', 'wp_kses_data', 5   );
    5455
    5556/**
  • trunk/bp-core/bp-core-functions.php

    r7228 r7256  
    773773
    774774    if ( empty( $bp->template_message ) && isset( $_COOKIE['bp-message'] ) )
    775         $bp->template_message = $_COOKIE['bp-message'];
     775        $bp->template_message = stripslashes( $_COOKIE['bp-message'] );
    776776
    777777    if ( empty( $bp->template_message_type ) && isset( $_COOKIE['bp-message-type'] ) )
    778         $bp->template_message_type = $_COOKIE['bp-message-type'];
     778        $bp->template_message_type = stripslashes( $_COOKIE['bp-message-type'] );
    779779
    780780    add_action( 'template_notices', 'bp_core_render_message' );
Note: See TracChangeset for help on using the changeset viewer.