Context Navigation

← Previous Change
Next Change →

bp-messages-template.php

Timestamp:

01/29/2015 04:33:39 PM (11 years ago)

Author:

johnjamesjacoby

Message:

Use bp_sanitize_pagination_arg() in BP_Messages_Box_Template and include related tests. This prevents pagination values from being overridden outside of anticipated boundaries. See #5796.

File:

: 1 edited

trunk/src/bp-messages/bp-messages-template.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/src/bp-messages/bp-messages-template.php

-                      r9386
+                      r9415
         $r = wp_parse_args( $args, array(
+            'page'         => 1,
+            'per_page'     => 10,
+            'page_arg'     => 'mpage',
+            'box'          => 'inbox',
+            'type'         => 'all',
             'user_id'      => bp_loggedin_user_id(),
-            'box'          => 'inbox',
-            'per_page'     => 10,
             'max'          => false,
-            'type'         => 'all',
             'search_terms' => '',
-            'page_arg'     => 'mpage',
             'meta_query'   => array(),
         ) );
         $this->pag_page     = isset( $_GET[ $r['page_arg'] ] ) ? intval( $_GET[ $r['page_arg'] ] ) : 1;
         $this->pag_num      = isset( $_GET['num']            ) ? intval( $_GET['num']            ) : $r['per_page'];
+        $this->pag_arg      = sanitize_key( $r['page_arg'] );
+        $this->pag_page     = bp_sanitize_pagination_arg( $this->pag_arg, $r['page']     );
+        $this->pag_num      = bp_sanitize_pagination_arg( 'num',          $r['per_page'] );
         $this->user_id      = $r['user_id'];
         $this->box          = $r['box'];

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

BuddyPress.org

Context Navigation

Changeset 9415 for trunk/src/bp-messages/bp-messages-template.php

Legend:

trunk/src/bp-messages/bp-messages-template.php

Download in other formats: