Skip to:
Content

BuddyPress.org

Changeset 9410


Ignore:
Timestamp:
01/29/2015 03:36:16 PM (10 years ago)
Author:
johnjamesjacoby
Message:

Introduce bp_sanitize_pagination_arg() and related tests. This function will help sanitize our pagination request values, as they are frequently accessed via globally accessible variables for ajax requests. See #5796.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-core/bp-core-functions.php

    r9351 r9410  
    266266    // Return the parsed results
    267267    return $r;
     268}
     269
     270/**
     271 * Sanitizes a pagination argument based on both the request override and the
     272 * original value submitted via a query argument, likely to a template class
     273 * responsible for limiting the resultset of a template loop.
     274 *
     275 * @since BuddyPress (2.2.0)
     276 *
     277 * @param  string $page_arg The $_REQUEST argument to look for
     278 * @param  int    $page     The original page value to fall back to
     279 * @return int              A sanitized integer value, good for pagination
     280 */
     281function bp_sanitize_pagination_arg( $page_arg = '', $page = 1 ) {
     282
     283    // Check if request overrides exist
     284    if ( isset( $_REQUEST[ $page_arg ] ) ) {
     285
     286        // Get the absolute integer value of the override
     287        $int = absint( $_REQUEST[ $page_arg ] );
     288
     289        // If override is 0, do not use it. This prevents unlimited result sets.
     290        // @see https://buddypress.trac.wordpress.org/ticket/5796
     291        if ( $int ) {
     292            $page = intval( $int );
     293        }
     294    }
     295
     296    return $page;
    268297}
    269298
  • trunk/tests/phpunit/testcases/core/functions.php

    r9295 r9410  
    393393
    394394        $this->assertEquals( $expected, bp_alpha_sort_by_key( $items, 'name' ) );
     395    }
     396
     397    /**
     398     * @group bp_sanitize_pagination_arg
     399     */
     400    public function test_bp_sanitize_pagination_arg_zero() {
     401        $request          = $_REQUEST;
     402        $arg              = 'bp_pagination_test';
     403        $page             = 1;
     404        $_REQUEST[ $arg ] = '0';
     405        $value            = bp_sanitize_pagination_arg( $arg, $page );
     406
     407        $this->assertEquals( $value, $page );
     408
     409        $_REQUEST = $request;
     410    }
     411
     412    /**
     413     * @group bp_sanitize_pagination_arg
     414     */
     415    public function test_bp_sanitize_pagination_arg_negative() {
     416        $request          = $_REQUEST;
     417        $arg              = 'bp_pagination_test';
     418        $page             = 25;
     419        $_REQUEST[ $arg ] = '-25';
     420        $value            = bp_sanitize_pagination_arg( $arg, $page );
     421
     422        $this->assertEquals( $value, $page );
     423
     424        $_REQUEST = $request;
    395425    }
    396426
Note: See TracChangeset for help on using the changeset viewer.