[buddypress-trac] [BuddyPress Trac] #6286: Directories filtered by member roles
buddypress-trac
noreply at wordpress.org
Thu Apr 9 16:36:49 UTC 2015
#6286: Directories filtered by member roles
--------------------------+------------------
Reporter: sooskriszta | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.3
Component: API | Version:
Severity: normal | Resolution:
Keywords: |
--------------------------+------------------
Comment (by boonebgorges):
We're protected further upstream, in multiple ways:
* https://buddypress.trac.wordpress.org/browser/trunk/src/bp-core/classes
/class-bp-user-query.php?marks=430,431,432#L421 ensures that we're only
checking against registered member types
* The fact that we're running member types through `WP_Tax_Query`
https://buddypress.trac.wordpress.org/browser/trunk/src/bp-core/classes
/class-bp-user-query.php?marks=438#L421 means that we get the SQL
injection protection there.
The only `$_GET`-specific sanitization that might be appropriate here is
URL decoding, but I left that out because member type names can't have
urlencoded characters in them anyway
https://buddypress.trac.wordpress.org/browser/trunk/src/bp-members/bp-
members-functions.php?marks=2479#L2467
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6286#comment:28>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list