Changeset 9719

Timestamp:

04/07/2015 02:58:30 PM (4 years ago)

Author:

johnjamesjacoby

Message:

XProfile: sanitize field-options on save.

Because field options can be passed either as arrays or strings depending on the field-type (think checkbox vs. radio) helper functions are necessary to determine the appropriate methodology.

File:

• trunk/src/bp-xprofile/bp-xprofile-filters.php (modified) (1 diff)

trunk/src/bp-xprofile/bp-xprofile-filters.php

@@ -69 +69 @@
 add_filter( 'xprofile_field_option_order_before_save', 'absint' );
 add_filter( 'xprofile_field_can_delete_before_save',   'absint' );
+
+// Save field options
+add_filter( 'xprofile_field_options_before_save', 'bp_xprofile_sanitize_field_options' );
+add_filter( 'xprofile_field_default_before_save', 'bp_xprofile_sanitize_field_default' );
+
+/**
+ * Sanitize each field option name for saving to the database
+ *
+ * @since BuddyPress (2.3.0)
+ *
+ * @param  mixed $field_options
+ * @return mixed
+ */
+function bp_xprofile_sanitize_field_options( $field_options = '' ) {
+    if ( is_array( $field_options ) ) {
+        return array_map( 'sanitize_text_field', $field_options );
+    } else {
+        return sanitize_text_field( $field_options );
+    }
+}
+
+/**
+ * Sanitize each field option default for saving to the database
+ *
+ * @since BuddyPress (2.3.0)
+ *
+ * @param  mixed $field_default
+ * @return mixed
+ */
+function bp_xprofile_sanitize_field_default( $field_default = '' ) {
+    if ( is_array( $field_default ) ) {
+        return array_map( 'intval', $field_default );
+    } else {
+        return intval( $field_default );
+    }
+}
 
 /**