Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
03/14/2014 12:07:18 AM (10 years ago)
Author:
boonebgorges
Message:

Don't improperly sanitize meta_key in _meta() functions

Many BP meta functions have always stripped certain characters from the
$meta_key parameter before performing their operations. This is a terrible idea
on a number of levels: it doesn't provide any feedback to the user, it silently
performs actions that are not equivalent to the ones intended by the user, and
it doesn't serve any real purpose (since any necessary sanitization happens at
the level of $wpdb). Moreover, it wasn't even applied consistently across all
functions. A truly delightful grab bag.

This changeset removes the sanitization, and updates the necessary unit tests
to reflect the change.

See #5399

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/testcases/blogs/functions.php

    r8073 r8129  
    1616     * @group blogmeta
    1717     * @group bp_blogs_delete_blogmeta
     18     * @ticket BP5399
    1819     */
    1920    public function test_bp_blogs_delete_blogmeta_illegal_characters() {
     
    2122        $this->assertSame( 'bar', bp_blogs_get_blogmeta( 1, 'foo' ) );
    2223        $krazy_key = ' f!@#$%^o *(){}o?+';
    23         $this->assertTrue( bp_blogs_delete_blogmeta( 1, $krazy_key ) );
    24         $this->assertSame( '', bp_blogs_get_blogmeta( 1, 'foo' ) );
     24        $this->assertFalse( bp_blogs_delete_blogmeta( 1, $krazy_key ) );
     25        $this->assertSame( 'bar', bp_blogs_get_blogmeta( 1, 'foo' ) );
    2526    }
    2627
     
    110111     * @group blogmeta
    111112     * @group bp_blogs_get_blogmeta
     113     * @ticket BP5399
    112114     */
    113115    public function test_bp_blogs_get_blogmeta_illegal_characters() {
    114116        bp_blogs_update_blogmeta( 1, 'foo', 'bar' );
    115117        $krazy_key = ' f!@#$%^o *(){}o?+';
    116         $this->assertSame( 'bar', bp_blogs_get_blogmeta( 1, $krazy_key ) );
     118        $this->assertEmpty( bp_blogs_get_blogmeta( 1, $krazy_key ) );
    117119    }
    118120
     
    167169     * @group blogmeta
    168170     * @group bp_blogs_update_blogmeta
     171     * @ticket BP5399
    169172     */
    170173    public function test_bp_blogs_update_blogmeta_illegal_characters() {
    171174        $krazy_key = ' f!@#$%^o *(){}o?+';
    172175        bp_blogs_update_blogmeta( 1, $krazy_key, 'bar' );
    173         $this->assertSame( 'bar', bp_blogs_get_blogmeta( 1, 'foo' ) );
     176        $this->assertEmpty( bp_blogs_get_blogmeta( 1, 'foo' ) );
    174177    }
    175178
Note: See TracChangeset for help on using the changeset viewer.