Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
04/02/2015 12:15:18 AM (10 years ago)
Author:
johnjamesjacoby
Message:

XProfile: Move field-group name & description save() sanitization into filters for consistency between save method & saving via the admin UI. See #6340.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-xprofile/bp-xprofile-admin.php

    r9673 r9678  
    230230    global $message, $type;
    231231
     232    // Get the field group
    232233    $group = new BP_XProfile_Group( $group_id );
    233234
     235    // Updating
    234236    if ( isset( $_POST['save_group'] ) ) {
    235         if ( BP_XProfile_Group::admin_validate( $_POST ) ) {
    236             $group->name        = wp_filter_kses( $_POST['group_name'] );
    237             $group->description = !empty( $_POST['group_description'] ) ? wp_filter_kses( $_POST['group_description'] ) : '';
    238 
    239             if ( !$group->save() ) {
     237
     238        // Validate $_POSTed data
     239        if ( BP_XProfile_Group::admin_validate() ) {
     240
     241            // Set the group name
     242            $group->name = $_POST['group_name'];
     243
     244            // Set the group description
     245            if ( ! empty( $_POST['group_description'] ) ) {
     246                $group->description = $_POST['group_description'];
     247            } else {
     248                $group->description = '';
     249            }
     250
     251            // Attempt to save the field group
     252            if ( false === $group->save() ) {
    240253                $message = __( 'There was an error saving the group. Please try again.', 'buddypress' );
    241254                $type    = 'error';
     255
     256            // Save successful
    242257            } else {
    243258                $message = __( 'The group was saved successfully.', 'buddypress' );
    244259                $type    = 'success';
    245260
     261                // @todo remove these old options
    246262                if ( 1 == $group_id ) {
    247263                    bp_update_option( 'bp-xprofile-base-group-name', $group->name );
Note: See TracChangeset for help on using the changeset viewer.