Context Navigation

← Previous Changeset
Next Changeset →

Changeset 9416

Timestamp:

01/29/2015 04:45:18 PM (11 years ago)

Author:

johnjamesjacoby

Message:

Use bp_sanitize_pagination_arg() in the following Groups classes:

BP_Groups_Template
BP_Groups_Invite_Template
BP_Groups_Group_Members_Template
BP_Groups_Membership_Requests_Template

Includes related tests for each class, as well as pag_arg assignments for classes that were previously lacking them.

This prevents pagination values from being overridden outside of anticipated boundaries. Fixes #5796.

Location:

trunk

Files:

: 2 edited

src/bp-groups/bp-groups-template.php (modified) (10 diffs)
tests/phpunit/testcases/groups/template.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/src/bp-groups/bp-groups-template.php

-                      r9351
+                      r9416
         $defaults = array(
+            'type'            => 'active',
+            'page'            => 1,
+            'per_page'        => 20,
+            'max'             => false,
+            'show_hidden'     => false,
+            'page_arg'        => 'grpage',
+            'user_id'         => 0,
+            'slug'            => false,
+            'include'         => false,
+            'exclude'         => false,
+            'search_terms'    => '',
+            'meta_query'      => false,
+            'populate_extras' => true,
+            'page'              => 1,
+            'per_page'          => 20,
+            'page_arg'          => 'grpage',
+            'max'               => false,
+            'type'              => 'active',
+            'order'             => 'DESC',
+            'orderby'           => 'date_created',
+            'show_hidden'       => false,
+            'user_id'           => 0,
+            'slug'              => false,
+            'include'           => false,
+            'exclude'           => false,
+            'search_terms'      => '',
+            'meta_query'        => false,
+            'populate_extras'   => true,
             'update_meta_cache' => true,
         );
 …
         extract( $r );
+        $this->pag_page = isset( $_REQUEST[$page_arg] ) ? intval( $_REQUEST[$page_arg] ) : $page;
+        $this->pag_num  = isset( $_REQUEST['num'] ) ? intval( $_REQUEST['num'] ) : $per_page;
+        $this->pag_arg  = sanitize_key( $r['page_arg'] );
+        $this->pag_page = bp_sanitize_pagination_arg( $this->pag_arg, $r['page']     );
+        $this->pag_num  = bp_sanitize_pagination_arg( 'num',          $r['per_page'] );
         if ( bp_current_user_can( 'bp_moderate' ) || ( is_user_logged_in() && $user_id == bp_loggedin_user_id() ) )
 …
         if ( (int) $this->total_group_count && (int) $this->pag_num ) {
             $pag_args = array(
                 $page_arg => '%#%'
+                $this->pag_arg => '%#%'
             );
 …
             'page'                => 1,
             'per_page'            => 20,
+            'page_arg'            => 'mlpage',
             'max'                 => false,
             'exclude'             => false,
 …
         extract( $r );
+        $this->pag_page = isset( $_REQUEST['mlpage'] ) ? intval( $_REQUEST['mlpage'] ) : $r['page'];
+        $this->pag_num  = isset( $_REQUEST['num'] ) ? intval( $_REQUEST['num'] ) : $per_page;
+        $this->pag_arg  = sanitize_key( $r['page_arg'] );
+        $this->pag_page = bp_sanitize_pagination_arg( $this->pag_arg, $r['page']     );
+        $this->pag_num  = bp_sanitize_pagination_arg( 'num',          $r['per_page'] );
         /**
 …
         $this->pag_links = paginate_links( array(
             'base'      => add_query_arg( array( 'mlpage' => '%#%' ), $base_url ),
+            'base'      => add_query_arg( array( $this->pag_arg => '%#%' ), $base_url ),
             'format'    => '',
             'total'     => ! empty( $this->pag_num ) ? ceil( $this->total_member_count / $this->pag_num ) : $this->total_member_count,
 …
         $r = wp_parse_args( $args, array(
             'group_id' => bp_get_current_group_id(),
+            'page'     => 1,
             'per_page' => 10,
             'page'     => 1,
+            'page_arg' => 'mrpage',
             'max'      => false,
             'type'     => 'first_joined',
+            'group_id' => bp_get_current_group_id(),
         ) );
+        $this->pag_page = isset( $_REQUEST['mrpage'] ) ? intval( $_REQUEST['mrpage'] ) : $r['page'];
+        $this->pag_num  = isset( $_REQUEST['num'] ) ? intval( $_REQUEST['num'] ) : $r['per_page'];
+        $this->pag_arg  = sanitize_key( $r['page_arg'] );
+        $this->pag_page = bp_sanitize_pagination_arg( $this->pag_arg, $r['page']     );
+        $this->pag_num  = bp_sanitize_pagination_arg( 'num',          $r['per_page'] );
         $mquery = new BP_Group_Member_Query( array(
 …
         $this->pag_links = paginate_links( array(
             'base'      => add_query_arg( 'mrpage', '%#%' ),
+            'base'      => add_query_arg( $this->pag_arg, '%#%' ),
             'format'    => '',
             'total'     => ceil( $this->total_request_count / $this->pag_num ),
 …
         $r = wp_parse_args( $args, array(
+            'page'     => 1,
+            'per_page' => 10,
+            'page_arg' => 'invitepage',
             'user_id'  => bp_loggedin_user_id(),
             'group_id' => bp_get_current_group_id(),
-            'page'     => 1,
-            'per_page' => 10,
         ) );
+        $this->pag_num  = intval( $r['per_page'] );
+        $this->pag_page = isset( $_REQUEST['invitepage'] ) ? intval( $_REQUEST['invitepage'] ) : $r['page'];
+        $this->pag_arg  = sanitize_key( $r['page_arg'] );
+        $this->pag_page = bp_sanitize_pagination_arg( $this->pag_arg, $r['page']     );
+        $this->pag_num  = bp_sanitize_pagination_arg( 'num',          $r['per_page'] );
         $iquery = new BP_Group_Member_Query( array(
 …
         if ( ! empty( $this->pag_num ) ) {
             $this->pag_links = paginate_links( array(
                 'base'      => add_query_arg( 'invitepage', '%#%' ),
+                'base'      => add_query_arg( $this->pag_arg, '%#%' ),
                 'format'    => '',
                 'total'     => ceil( $this->total_invite_count / $this->pag_num ),

trunk/tests/phpunit/testcases/groups/template.php

-                      r9139
+                      r9416
         $this->assertSame( '2 members', $found );
+    }
+    /**
+     * @group BP_Groups_Template
+     */
+    public function test_bp_groups_template_should_give_precedence_to_grpage_URL_param() {
+        $request = $_REQUEST;
+        $_REQUEST['grpage'] = '5';
+        $at = new BP_Groups_Template( array(
+            'page' => 8,
+        ) );
+        $this->assertEquals( 5, $at->pag_page );
+        $_REQUEST = $request;
+    }
+    /**
+     * @group BP_Groups_Template
+     */
+    public function test_bp_groups_template_should_reset_0_pag_page_URL_param_to_default_pag_page_value() {
+        $request = $_REQUEST;
+        $_REQUEST['grpage'] = '0';
+        $at = new BP_Groups_Template( array(
+            'page' => 8,
+        ) );
+        $this->assertEquals( 8, $at->pag_page );
+        $_REQUEST = $request;
+    }
+    /**
+     * @group BP_Groups_Template
+     */
+    public function test_bp_groups_template_should_give_precedence_to_num_URL_param() {
+        $request = $_REQUEST;
+        $_REQUEST['num'] = '14';
+        $at = new BP_Groups_Template( array(
+            'per_page' => 13,
+        ) );
+        $this->assertEquals( 14, $at->pag_num );
+        $_REQUEST = $request;
+    }
+    /**
+     * @group BP_Groups_Template
+     */
+    public function test_bp_groups_template_should_reset_0_pag_num_URL_param_to_default_pag_num_value() {
+        $request = $_REQUEST;
+        $_REQUEST['num'] = '0';
+        $at = new BP_Groups_Template( array(
+            'per_page' => 13,
+        ) );
+        $this->assertEquals( 13, $at->pag_num );
+        $_REQUEST = $request;
+    }
+    /**
+     * @group BP_Groups_Group_Members_Template
+     */
+    public function test_bp_groups_group_members_template_should_give_precedence_to_mlpage_URL_param() {
+        $request = $_REQUEST;
+        $_REQUEST['mlpage'] = '5';
+        $at = new BP_Groups_Group_Members_Template( array(
+            'page' => 8,
+        ) );
+        $this->assertEquals( 5, $at->pag_page );
+        $_REQUEST = $request;
+    }
+    /**
+     * @group BP_Groups_Group_Members_Template
+     */
+    public function test_bp_groups_group_members_template_should_reset_0_pag_page_URL_param_to_default_pag_page_value() {
+        $request = $_REQUEST;
+        $_REQUEST['mlpage'] = '0';
+        $at = new BP_Groups_Group_Members_Template( array(
+            'page' => 8,
+        ) );
+        $this->assertEquals( 8, $at->pag_page );
+        $_REQUEST = $request;
+    }
+    /**
+     * @group BP_Groups_Group_Members_Template
+     */
+    public function test_bp_groups_group_members_template_should_give_precedence_to_num_URL_param() {
+        $request = $_REQUEST;
+        $_REQUEST['num'] = '14';
+        $at = new BP_Groups_Group_Members_Template( array(
+            'per_page' => 13,
+        ) );
+        $this->assertEquals( 14, $at->pag_num );
+        $_REQUEST = $request;
+    }
+    /**
+     * @group BP_Groups_Group_Members_Template
+     */
+    public function test_bp_groups_group_members_template_should_reset_0_pag_num_URL_param_to_default_pag_num_value() {
+        $request = $_REQUEST;
+        $_REQUEST['num'] = '0';
+        $at = new BP_Groups_Group_Members_Template( array(
+            'per_page' => 13,
+        ) );
+        $this->assertEquals( 13, $at->pag_num );
+        $_REQUEST = $request;
+    }
+    /**
+     * @group BP_Groups_Membership_Requests_Template
+     */
+    public function test_bp_groups_membership_requests_template_should_give_precedence_to_mrpage_URL_param() {
+        $request = $_REQUEST;
+        $_REQUEST['mrpage'] = '5';
+        $at = new BP_Groups_Membership_Requests_Template( array(
+            'page' => 8,
+        ) );
+        $this->assertEquals( 5, $at->pag_page );
+        $_REQUEST = $request;
+    }
+    /**
+     * @group BP_Groups_Membership_Requests_Template
+     */
+    public function test_bp_groups_membership_requests_template_should_reset_0_pag_page_URL_param_to_default_pag_page_value() {
+        $request = $_REQUEST;
+        $_REQUEST['mrpage'] = '0';
+        $at = new BP_Groups_Membership_Requests_Template( array(
+            'page' => 8,
+        ) );
+        $this->assertEquals( 8, $at->pag_page );
+        $_REQUEST = $request;
+    }
+    /**
+     * @group BP_Groups_Membership_Requests_Template
+     */
+    public function test_bp_groups_membership_requests_template_should_give_precedence_to_num_URL_param() {
+        $request = $_REQUEST;
+        $_REQUEST['num'] = '14';
+        $at = new BP_Groups_Membership_Requests_Template( array(
+            'per_page' => 13,
+        ) );
+        $this->assertEquals( 14, $at->pag_num );
+        $_REQUEST = $request;
+    }
+    /**
+     * @group BP_Groups_Membership_Requests_Template
+     */
+    public function test_bp_groups_membership_requests_template_should_reset_0_pag_num_URL_param_to_default_pag_num_value() {
+        $request = $_REQUEST;
+        $_REQUEST['num'] = '0';
+        $at = new BP_Groups_Membership_Requests_Template( array(
+            'per_page' => 13,
+        ) );
+        $this->assertEquals( 13, $at->pag_num );
+        $_REQUEST = $request;
+    }
+    /**
+     * @group BP_Groups_Invite_Template
+     */
+    public function test_bp_groups_invite_template_should_give_precedence_to_invitepage_URL_param() {
+        $request = $_REQUEST;
+        $_REQUEST['invitepage'] = '5';
+        $at = new BP_Groups_Invite_Template( array(
+            'page' => 8,
+        ) );
+        $this->assertEquals( 5, $at->pag_page );
+        $_REQUEST = $request;
+    }
+    /**
+     * @group BP_Groups_Invite_Template
+     */
+    public function test_bp_groups_invite_template_should_reset_0_pag_page_URL_param_to_default_pag_page_value() {
+        $request = $_REQUEST;
+        $_REQUEST['invitepage'] = '0';
+        $at = new BP_Groups_Invite_Template( array(
+            'page' => 8,
+        ) );
+        $this->assertEquals( 8, $at->pag_page );
+        $_REQUEST = $request;
+    }
+    /**
+     * @group BP_Groups_Invite_Template
+     */
+    public function test_bp_groups_invite_template_should_give_precedence_to_num_URL_param() {
+        $request = $_REQUEST;
+        $_REQUEST['num'] = '14';
+        $at = new BP_Groups_Invite_Template( array(
+            'per_page' => 13,
+        ) );
+        $this->assertEquals( 14, $at->pag_num );
+        $_REQUEST = $request;
+    }
+    /**
+     * @group BP_Groups_Invite_Template
+     */
+    public function test_bp_groups_invite_template_should_reset_0_pag_num_URL_param_to_default_pag_num_value() {
+        $request = $_REQUEST;
+        $_REQUEST['num'] = '0';
+        $at = new BP_Groups_Invite_Template( array(
+            'per_page' => 13,
+        ) );
+        $this->assertEquals( 13, $at->pag_num );
+        $_REQUEST = $request;
+    }
+}

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

BuddyPress.org

Context Navigation

Changeset 9416

Legend:

trunk/src/bp-groups/bp-groups-template.php

trunk/tests/phpunit/testcases/groups/template.php

Download in other formats: