Context Navigation

← Previous Change
Next Change →

bp-activity-template.php

Timestamp:

01/29/2015 03:40:09 PM (11 years ago)

Author:

johnjamesjacoby

Message:

Use bp_sanitize_pagination_arg() in BP_Activity_Template and include related tests. This prevents pagination values from being overridden outside of anticipated boundaries. Props boonebgorges. See #5796.

File:

: 1 edited

trunk/src/bp-activity/bp-activity-template.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/src/bp-activity/bp-activity-template.php

-                      r9406
+                      r9411
         extract( $r );
         $this->pag_arg  = $r['page_arg'];
         $this->pag_page = isset( $_REQUEST[ $this->pag_arg ] ) ? intval( $_REQUEST[ $this->pag_arg ] ) : $page;
         $this->pag_num  = isset( $_REQUEST['num'] ) ? intval( $_REQUEST['num'] ) : $per_page;
+        $this->pag_arg  = sanitize_key( $r['page_arg'] );
+        $this->pag_page = bp_sanitize_pagination_arg( $this->pag_arg, $r['page']     );
+        $this->pag_num  = bp_sanitize_pagination_arg( 'num',          $r['per_page'] );
         // Check if blog/forum replies are disabled

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

BuddyPress.org

Context Navigation

Changeset 9411 for trunk/src/bp-activity/bp-activity-template.php

Legend:

trunk/src/bp-activity/bp-activity-template.php

Download in other formats: