Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
07/09/2013 07:04:17 PM (11 years ago)
Author:
boonebgorges
Message:

Improved sanitization when outputting template_notice messages

  • Strip slashes from cookie contents before attempting to display
  • Use kses for sanitization of message content

Props nacin

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-core/bp-core-functions.php

    r7228 r7256  
    773773
    774774    if ( empty( $bp->template_message ) && isset( $_COOKIE['bp-message'] ) )
    775         $bp->template_message = $_COOKIE['bp-message'];
     775        $bp->template_message = stripslashes( $_COOKIE['bp-message'] );
    776776
    777777    if ( empty( $bp->template_message_type ) && isset( $_COOKIE['bp-message-type'] ) )
    778         $bp->template_message_type = $_COOKIE['bp-message-type'];
     778        $bp->template_message_type = stripslashes( $_COOKIE['bp-message-type'] );
    779779
    780780    add_action( 'template_notices', 'bp_core_render_message' );
Note: See TracChangeset for help on using the changeset viewer.