[buddypress-trac] [BuddyPress Trac] #6286: Directories filtered by member roles

buddypress-trac noreply at wordpress.org
Thu Apr 9 16:36:49 UTC 2015

#6286: Directories filtered by member roles
 Reporter:  sooskriszta   |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  2.3
Component:  API           |     Version:
 Severity:  normal        |  Resolution:
 Keywords:                |

Comment (by boonebgorges):

 We're protected further upstream, in multiple ways:

 * https://buddypress.trac.wordpress.org/browser/trunk/src/bp-core/classes
 /class-bp-user-query.php?marks=430,431,432#L421 ensures that we're only
 checking against registered member types
 * The fact that we're running member types through `WP_Tax_Query`
 /class-bp-user-query.php?marks=438#L421 means that we get the SQL
 injection protection there.

 The only `$_GET`-specific sanitization that might be appropriate here is
 URL decoding, but I left that out because member type names can't have
 urlencoded characters in them anyway

Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6286#comment:28>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac

More information about the buddypress-trac mailing list