Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
04/02/2015 12:53:02 AM (5 years ago)
Author:
johnjamesjacoby
Message:

XProfile: Validate default-visibility and allow-custom-visibility metadata before saving. See #6340.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-xprofile/bp-xprofile-admin.php

    r9681 r9682  
    363363                }
    364364
    365                 if ( ! empty( $_POST['default-visibility'] ) ) {
     365                // Validate default visibility
     366                if ( ! empty( $_POST['default-visibility'] ) && in_array( $_POST['default-visibility'], wp_list_pluck( bp_xprofile_get_visibility_levels(), 'id' ) ) ) {
    366367                    bp_xprofile_update_field_meta( $field_id, 'default_visibility', $_POST['default-visibility'] );
    367368                }
    368369
    369                 if ( ! empty( $_POST['allow-custom-visibility'] ) ) {
     370                // Validate custom visibility
     371                if ( ! empty( $_POST['allow-custom-visibility'] ) && in_array( $_POST['allow-custom-visibility'], array( 'allowed', 'disallowed' ) ) ) {
    370372                    bp_xprofile_update_field_meta( $field_id, 'allow_custom_visibility', $_POST['allow-custom-visibility'] );
    371373                }
Note: See TracChangeset for help on using the changeset viewer.