Skip to:
Content

BuddyPress.org

Changeset 9678


Ignore:
Timestamp:
04/02/2015 12:15:18 AM (5 years ago)
Author:
johnjamesjacoby
Message:

XProfile: Move field-group name & description save() sanitization into filters for consistency between save method & saving via the admin UI. See #6340.

Location:
trunk/src/bp-xprofile
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-xprofile/bp-xprofile-admin.php

    r9673 r9678  
    230230    global $message, $type;
    231231
     232    // Get the field group
    232233    $group = new BP_XProfile_Group( $group_id );
    233234
     235    // Updating
    234236    if ( isset( $_POST['save_group'] ) ) {
    235         if ( BP_XProfile_Group::admin_validate( $_POST ) ) {
    236             $group->name        = wp_filter_kses( $_POST['group_name'] );
    237             $group->description = !empty( $_POST['group_description'] ) ? wp_filter_kses( $_POST['group_description'] ) : '';
    238 
    239             if ( !$group->save() ) {
     237
     238        // Validate $_POSTed data
     239        if ( BP_XProfile_Group::admin_validate() ) {
     240
     241            // Set the group name
     242            $group->name = $_POST['group_name'];
     243
     244            // Set the group description
     245            if ( ! empty( $_POST['group_description'] ) ) {
     246                $group->description = $_POST['group_description'];
     247            } else {
     248                $group->description = '';
     249            }
     250
     251            // Attempt to save the field group
     252            if ( false === $group->save() ) {
    240253                $message = __( 'There was an error saving the group. Please try again.', 'buddypress' );
    241254                $type    = 'error';
     255
     256            // Save successful
    242257            } else {
    243258                $message = __( 'The group was saved successfully.', 'buddypress' );
    244259                $type    = 'success';
    245260
     261                // @todo remove these old options
    246262                if ( 1 == $group_id ) {
    247263                    bp_update_option( 'bp-xprofile-base-group-name', $group->name );
  • trunk/src/bp-xprofile/bp-xprofile-filters.php

    r9351 r9678  
    5656add_filter( 'xprofile_filtered_data_value_before_save', 'trim', 2 );
    5757
     58// Save filters
     59add_filter( 'xprofile_group_name_before_save',        'wp_filter_kses' );
     60add_filter( 'xprofile_group_description_before_save', 'wp_filter_kses' );
     61
    5862/**
    5963 * xprofile_filter_kses ( $content )
  • trunk/src/bp-xprofile/classes/class-bp-xprofile-group.php

    r9677 r9678  
    114114        global $wpdb;
    115115
     116        // Filter the field group attributes
    116117        $this->name        = apply_filters( 'xprofile_group_name_before_save',        $this->name,        $this->id );
    117118        $this->description = apply_filters( 'xprofile_group_description_before_save', $this->description, $this->id );
Note: See TracChangeset for help on using the changeset viewer.