[buddypress-trac] [BuddyPress] #4992: Sanitization improvements to BP_Core_User methods

buddypress-trac noreply at wordpress.org
Wed May 8 02:10:35 UTC 2013

#4992: Sanitization improvements to BP_Core_User methods
 Reporter:  johnjamesjacoby  |      Owner:
     Type:  defect (bug)     |     Status:  new
 Priority:  highest          |  Milestone:  1.7.2
Component:  Core             |    Version:  1.2
 Severity:  critical         |   Keywords:  has-patch
 As part of a bigger audit related to #4985, I've found several methods
 that trust the values passed into them that should also be utilizing

 * get_users()
 * get_specific_users()
 * get_user_extras()

 It's worth noting that get_user_extras() seems to expect an array already,
 though wp_parse_id_list() is smart enough to figure out strings. Patch

Ticket URL: <https://buddypress.trac.wordpress.org/ticket/4992>
BuddyPress <http://buddypress.org/>

More information about the buddypress-trac mailing list