Changeset 7889

Timestamp:

02/15/2014 05:55:14 PM (10 years ago)

Author:

djpaul

Message:

xProfile: correctly sanitise $_POST['field_ids'] when a user updates their profile.

File:

• trunk/bp-xprofile/bp-xprofile-screens.php (modified) (1 diff)

trunk/bp-xprofile/bp-xprofile-screens.php

@@ -68 +68 @@
         // Explode the posted field IDs into an array so we know which
         // fields have been submitted
-        $posted_field_ids = explode( ',', $_POST['field_ids'] );
+        $posted_field_ids = wp_parse_id_list( $_POST['field_ids'] );
         $is_required      = array();