Opened 12 years ago
Closed 12 years ago
#4989 closed defect (bug) (fixed)
Improvements to groups classes to 'include' and 'exclude' args and parameters
Reported by: | johnjamesjacoby | Owned by: | |
---|---|---|---|
Milestone: | 1.7.2 | Priority: | highest |
Severity: | critical | Version: | 1.2 |
Component: | Groups | Keywords: | has-patch needs-testing |
Cc: |
Description
It's possible to pass malformed values into several of the include and exclude parameters in bp-groups-classes.php, causing unexpected results (including potential SQL injection.)
Affected methods:
- BP_Groups_Group::get()
- BP_Groups_Group::get_by_most_forum_topics()
- BP_Groups_Group::get_by_letter()
- BP_Groups_Group::get_random()
- BP_Groups_Member::get_invites()
- BP_Groups_Member::get_all_for_group()
Attachments (8)
Change History (20)
#1
@
12 years ago
Some other methods and parameters are also affected:
- BP_Groups_Group::search_groups() - sort_by, order
- BP_Groups_Group:: get_group_extras() - group_ids
- BP_Groups_Group:: get_global_topic_count() - search_terms
- BP_Groups_Groups::get_random_groups() - total_groups
#2
@
12 years ago
Third patch fixes the above methods, and introduces custom like_escape() methods to BP_Groups_Group and BP_Groups_Member to handle the sanitization of other search terms, filters, and untrusted strings.
Note: See
TracTickets for help on using
tickets.
escape() rather than prepare()