Skip to:
Content

BuddyPress.org

Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#4994 closed defect (bug) (fixed)

Improve blogs component class methods sanitization

Reported by: johnjamesjacoby Owned by: boonebgorges
Milestone: 1.7.2 Priority: highest
Severity: critical Version: 1.2
Component: Core Keywords: has-patch
Cc:

Description

See #4898, #4992, #4993.

Some methods in the BP_Blogs_Blog class could be sanitized better, usually with wp_parse_id_list().

Patch attached

Attachments (2)

4994.patch (1.3 KB) - added by johnjamesjacoby 7 years ago.
4989.blogs.1.patch (3.2 KB) - added by DJPaul 7 years ago.

Download all attachments as: .zip

Change History (5)

@DJPaul
7 years ago

#1 @DJPaul
7 years ago

Attached patch is my look at the blogs component

#2 @boonebgorges
7 years ago

  • Owner set to boonebgorges
  • Resolution set to fixed
  • Status changed from new to closed

In 7042:

Improved sanitization in Blogs component database methods

  • All integer array params are sanitized with wp_parse_id_list()
  • Standardized treatment for LIKE clauses

Fixes #4994

Props DJPaul, johnjamesjacoby

#3 @boonebgorges
7 years ago

In 7046:

Improved sanitization in Blogs component database methods

  • All integer arrays are sanitized with wp_parse_id_list()
  • Standardized treatment for LIKE clauses

Fixes #4994 for the 1.7 branch

Props DJPaul, johnjamesjacoby

Note: See TracTickets for help on using tickets.