Skip to:
Content

BuddyPress.org

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#4995 closed defect (bug) (fixed)

Improve activity component class methods sanitization

Reported by: johnjamesjacoby Owned by: boonebgorges
Milestone: 1.7.2 Priority: highest
Severity: critical Version: 1.2.1
Component: Core Keywords: has-patch
Cc:

Description

See #4898, #4992, #4993, #4994.

Some methods in the Activity component could be sanitized better, usually with wp_parse_id_list().

Patch attached.

Attachments (3)

4995.patch (2.3 KB) - added by johnjamesjacoby 6 years ago.
4989.activity.1.patch (3.8 KB) - added by DJPaul 6 years ago.
4995.2.patch (3.7 KB) - added by johnjamesjacoby 6 years ago.
Above two patches rolled into one, plus use wp_list_pluck() in one related instance

Download all attachments as: .zip

Change History (6)

#1 @DJPaul
6 years ago

My look at the activity component attached

@johnjamesjacoby
6 years ago

Above two patches rolled into one, plus use wp_list_pluck() in one related instance

#2 @boonebgorges
6 years ago

  • Owner set to boonebgorges
  • Resolution set to fixed
  • Status changed from new to closed

In 7048:

Improved sanitization in Activity component database methods

  • All integer array params are filtered through wp_parse_id_list()
  • Standardized LIKE clause processing

Adds tests for touched methods

Fixes #4995

Props DJPaul, johnjamesjacoby

#3 @boonebgorges
6 years ago

In 7049:

Improved sanitization in Activity component database methods

  • All integer array parms are filtered through wp_parse_id_list()
  • Standardized LIKE clause processing

Fixes #4995 for the 1.7 branch

Props DJPaul, johnjamesjacoby

Note: See TracTickets for help on using tickets.