Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
07/09/2013 08:56:08 PM (11 years ago)
Author:
boonebgorges
Message:

Improved sanitization when outputting template_notice messages

  • Strip slashes from cookie contents before attempting to display
  • Use kses for sanitization of message content

Props nacin

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/1.7/bp-core/bp-core-functions.php

    r7254 r7258  
    360360
    361361    if ( empty( $bp->template_message ) && isset( $_COOKIE['bp-message'] ) )
    362         $bp->template_message = $_COOKIE['bp-message'];
     362        $bp->template_message = stripslashes( $_COOKIE['bp-message'] );
    363363
    364364    if ( empty( $bp->template_message_type ) && isset( $_COOKIE['bp-message-type'] ) )
    365         $bp->template_message_type = $_COOKIE['bp-message-type'];
     365        $bp->template_message_type = stripslashes( $_COOKIE['bp-message-type'] );
    366366
    367367    add_action( 'template_notices', 'bp_core_render_message' );
Note: See TracChangeset for help on using the changeset viewer.