[buddypress-trac] [BuddyPress] #4992: Sanitization improvements to BP_Core_User methods
buddypress-trac
noreply at wordpress.org
Wed May 8 02:10:35 UTC 2013
#4992: Sanitization improvements to BP_Core_User methods
-----------------------------+-----------------------
Reporter: johnjamesjacoby | Owner:
Type: defect (bug) | Status: new
Priority: highest | Milestone: 1.7.2
Component: Core | Version: 1.2
Severity: critical | Keywords: has-patch
-----------------------------+-----------------------
As part of a bigger audit related to #4985, I've found several methods
that trust the values passed into them that should also be utilizing
wp_parse_id_list().
* get_users()
* get_specific_users()
* get_user_extras()
It's worth noting that get_user_extras() seems to expect an array already,
though wp_parse_id_list() is smart enough to figure out strings. Patch
attached.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/4992>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list