Context Navigation

← Previous Ticket
Next Ticket →

#4994 closed defect (bug) (fixed)

Improve blogs component class methods sanitization

Reported by:	johnjamesjacoby	Owned by:	boonebgorges
Milestone:	1.7.2	Priority:	highest
Severity:	critical	Version:	1.2
Component:	Core	Keywords:	has-patch
Cc:

Description

See #4898, #4992, #4993.

Some methods in the BP_Blogs_Blog class could be sanitized better, usually with wp_parse_id_list().

Patch attached

Attachments (2)

4994.patch (1.3 KB) - added by johnjamesjacoby 10 years ago.
4989.blogs.1.patch (3.2 KB) - added by DJPaul 10 years ago.

Download all attachments as: .zip

Change History (5)

@johnjamesjacoby
10 years ago

Attachment 4994.patch added

@DJPaul
10 years ago

Attachment 4989.blogs.1.patch added

#1 @DJPaul
10 years ago

Attached patch is my look at the blogs component

#2 @boonebgorges
10 years ago

Owner set to boonebgorges
Resolution set to fixed
Status changed from new to closed

In 7042:

Improved sanitization in Blogs component database methods

All integer array params are sanitized with wp_parse_id_list()
Standardized treatment for LIKE clauses

Fixes #4994

Props DJPaul, johnjamesjacoby

#3 @boonebgorges
10 years ago

In 7046:

Improved sanitization in Blogs component database methods

All integer arrays are sanitized with wp_parse_id_list()
Standardized treatment for LIKE clauses

Fixes #4994 for the 1.7 branch

Props DJPaul, johnjamesjacoby

Note: See TracTickets for help on using tickets.

Trac UI Preferences

Download in other formats:

BuddyPress.org