Skip to:
Content

BuddyPress.org

Changeset 9711


Ignore:
Timestamp:
04/07/2015 12:54:07 AM (10 years ago)
Author:
boonebgorges
Message:

Improve parameter sanitization in xprofile_insert_field().

The overzealous empty() checks meant that it was impossible to set certain
values on existing fields to falsey values.

Fixes #6354.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-xprofile/bp-xprofile-functions.php

    r9710 r9711  
    231231        'is_default_option' => false,
    232232        'option_order' => null,
     233        'field_order' => null,
    233234    ) );
    234235
     
    238239    }
    239240
    240     // Check this is a valid field type
     241    // Check this is a non-empty, valid field type.
    241242    if ( ! in_array( $r['type'], (array) buddypress()->profile->field_types ) ) {
    242243        return false;
     
    251252
    252253    $field->group_id = $r['field_group_id'];
    253 
    254     if ( ! empty( $r['parent_id'] ) ) {
    255         $field->parent_id = $r['parent_id'];
    256     }
    257 
    258     if ( ! empty( $r['type'] ) ) {
    259         $field->type = $r['type'];
    260     }
    261 
     254    $field->type     = $r['type'];
     255
     256    // The 'name' field cannot be empty.
    262257    if ( ! empty( $r['name'] ) ) {
    263258        $field->name = $r['name'];
    264259    }
    265260
    266     if ( ! empty( $r['description'] ) ) {
    267         $field->description = $r['description'];
    268     }
    269 
    270     if ( ! empty( $r['is_required'] ) ) {
    271         $field->is_required = $r['is_required'];
    272     }
    273 
    274     if ( ! empty( $r['can_delete'] ) ) {
    275         $field->can_delete = $r['can_delete'];
    276     }
    277 
    278     if ( ! empty( $r['field_order'] ) ) {
    279         $field->field_order = $r['field_order'];
    280     }
    281 
    282     if ( ! empty( $r['order_by'] ) ) {
    283         $field->order_by = $r['order_by'];
    284     }
    285 
     261    $field->description       = $r['description'];
     262    $field->order_by          = $r['order_by'];
     263    $field->parent_id         = (int) $r['parent_id'];
     264    $field->field_order       = (int) $r['field_order'];
     265    $field->option_order      = (int) $r['option_order'];
     266    $field->is_required       = (bool) $r['is_required'];
     267    $field->can_delete        = (bool) $r['can_delete'];
    286268    $field->is_default_option = (bool) $r['is_default_option'];
    287 
    288     if ( ! empty( $r['option_order'] ) ) {
    289         $field->option_order = $r['option_order'];
    290     }
    291269
    292270    return $field->save();
  • trunk/tests/phpunit/testcases/xprofile/functions.php

    r9710 r9711  
    646646    /**
    647647     * @group xprofile_insert_field
     648     * @ticket BP6354
     649     */
     650    public function test_xprofile_insert_field_should_process_falsey_values_for_boolean_params_on_existing_fields() {
     651        $g = $this->factory->xprofile_group->create();
     652        $f = xprofile_insert_field( array(
     653            'field_group_id' => $g,
     654            'type' => 'textbox',
     655            'name' => 'Foo',
     656            'is_required' => true,
     657            'can_delete' => true,
     658            'is_default_option' => true,
     659            'parent_id' => 13,
     660            'field_order' => 5,
     661            'option_order' => 8,
     662            'description' => 'foo',
     663            'order_by' => 'custom',
     664        ) );
     665
     666        $this->assertNotEmpty( $f );
     667
     668        $field = new BP_XProfile_Field( $f );
     669        $this->assertEquals( 1, $field->is_required );
     670        $this->assertEquals( 1, $field->can_delete );
     671        $this->assertEquals( 1, $field->is_default_option );
     672        $this->assertEquals( 13, $field->parent_id );
     673        $this->assertEquals( 5, $field->field_order );
     674        $this->assertEquals( 8, $field->option_order );
     675        $this->assertEquals( 'foo', $field->description );
     676        $this->assertEquals( 'custom', $field->order_by );
     677
     678        $f = xprofile_insert_field( array(
     679            'field_group_id' => $g,
     680            'type' => 'textbox',
     681            'name' => 'Foo',
     682            'is_required' => false,
     683            'can_delete' => false,
     684            'is_default_option' => false,
     685            'parent_id' => 0,
     686            'field_order' => 0,
     687            'option_order' => 0,
     688            'description' => '',
     689            'order_by' => '',
     690        ) );
     691
     692        $this->assertNotEmpty( $f );
     693
     694        $field = new BP_XProfile_Field( $f );
     695        $this->assertEquals( 0, $field->is_required );
     696        $this->assertEquals( 0, $field->can_delete );
     697        $this->assertEquals( 0, $field->is_default_option );
     698        $this->assertEquals( 0, $field->parent_id );
     699        $this->assertEquals( 0, $field->field_order );
     700        $this->assertEquals( 0, $field->option_order );
     701        $this->assertEquals( '', $field->description );
     702        $this->assertEquals( '', $field->order_by );
     703    }
     704
     705    /**
     706     * @group xprofile_insert_field
    648707     */
    649708    public function test_xprofile_insert_field_type_option_option_order() {
Note: See TracChangeset for help on using the changeset viewer.