Commit 52534bdf authored by lucha's avatar lucha

[auto] plugin: buddypress 2.9.2

parent 52faab14
......@@ -1832,7 +1832,7 @@ class BP_Activity_Activity {
// Get activities from user meta.
$favorite_activity_entries = bp_get_user_meta( $user_id, 'bp_favorite_activities', true );
if ( ! empty( $favorite_activity_entries ) ) {
return count( maybe_unserialize( $favorite_activity_entries ) );
return count( $favorite_activity_entries );
}
// No favorites.
......
......@@ -195,7 +195,7 @@ class BP_Activity_Template {
$this->disable_blogforum_replies = (bool) bp_core_get_root_option( 'bp-disable-blogforum-comments' );
// Get an array of the logged in user's favorite activities.
$this->my_favs = maybe_unserialize( bp_get_user_meta( bp_loggedin_user_id(), 'bp_favorite_activities', true ) );
$this->my_favs = bp_get_user_meta( bp_loggedin_user_id(), 'bp_favorite_activities', true );
// Fetch specific activity items based on ID's.
if ( !empty( $include ) ) {
......
......@@ -548,8 +548,9 @@ add_action( 'update_option_site_icon', 'bp_blogs_update_option_site_icon', 10, 2
/**
* Deletes the 'url' blogmeta for a site.
*
* Hooked to 'refresh_blog_details', which is notably used when editing a site
* under "Network Admin > Sites".
* Fires when a site's details are updated, which generally happens when
* editing a site under "Network Admin > Sites". Prior to WP 4.9, the
* correct hook was 'refresh_blog_details'; afterward, 'clean_site_cache'.
*
* @since 2.3.0
*
......@@ -558,7 +559,12 @@ add_action( 'update_option_site_icon', 'bp_blogs_update_option_site_icon', 10, 2
function bp_blogs_delete_url_blogmeta( $site_id = 0 ) {
bp_blogs_delete_blogmeta( (int) $site_id, 'url' );
}
add_action( 'refresh_blog_details', 'bp_blogs_delete_url_blogmeta' );
if ( function_exists( 'wp_switch_roles_and_user' ) ) {
add_action( 'clean_site_cache', 'bp_blogs_delete_url_blogmeta' );
} else {
add_action( 'refresh_blog_details', 'bp_blogs_delete_url_blogmeta' );
}
/**
* Record activity metadata about a published blog post.
......
......@@ -47,7 +47,8 @@ TABLE OF CONTENTS:
left: 0;
}
.buddypress code {
.index_page_bp-credits code,
.index_page_bp-about code {
background-color: #e0e0e0;
color: #636363;
font-size: 1em;
......@@ -359,8 +360,12 @@ TABLE OF CONTENTS:
margin-top: 2em;
}
.buddypress .bp-changelog {
margin-bottom: 0;
}
.buddypress .bp-changelog-section .changelog-title {
margin-bottom: 1.5em;
margin-bottom: 0.5em;
}
.buddypress .bp-changelog .title {
......@@ -377,6 +382,10 @@ TABLE OF CONTENTS:
padding-bottom: 0.5em;
width: 100%;
}
.buddypress .bp-three-column .bp-column {
width: 100%;
}
}
@media screen and ( max-width: 360px ) {
......
......@@ -47,7 +47,8 @@ TABLE OF CONTENTS:
right: 0;
}
.buddypress code {
.index_page_bp-credits code,
.index_page_bp-about code {
background-color: #e0e0e0;
color: #636363;
font-size: 1em;
......@@ -359,8 +360,12 @@ TABLE OF CONTENTS:
margin-top: 2em;
}
.buddypress .bp-changelog {
margin-bottom: 0;
}
.buddypress .bp-changelog-section .changelog-title {
margin-bottom: 1.5em;
margin-bottom: 0.5em;
}
.buddypress .bp-changelog .title {
......@@ -377,6 +382,10 @@ TABLE OF CONTENTS:
padding-bottom: 0.5em;
width: 100%;
}
.buddypress .bp-three-column .bp-column {
width: 100%;
}
}
@media screen and ( max-width: 360px ) {
......
......@@ -275,7 +275,7 @@ window.bp = window.bp || {};
'IO_ERROR': self.strings.io_error,
'HTTP_ERROR': self.strings.http_error,
'SECURITY_ERROR': self.strings.security_error,
'FILE_SIZE_ERROR': self.strings.file_exceeds_size_limit.replace( '%s' , pluploadError.file.name )
'FILE_SIZE_ERROR': self.strings.file_exceeds_size_limit.replace( '%s' , $( '<span />' ).text( pluploadError.file.name ).html() )
};
// Check for plupload errors.
......
window.wp=window.wp||{},window.bp=window.bp||{},function(e,i){"undefined"!=typeof BP_Uploader&&(_.extend(bp,_.pick(wp,"Backbone","ajax","template")),bp.Models=bp.Models||{},bp.Collections=bp.Collections||{},bp.Views=bp.Views||{},bp.Uploader={},bp.Uploader.uploader=function(){var e=this,t=-1!==navigator.userAgent.indexOf("Trident/")||-1!==navigator.userAgent.indexOf("MSIE ");this.params=BP_Uploader.settings,this.strings=BP_Uploader.strings,this.supports={upload:this.params.browser.supported},this.supported=this.supports.upload,this.supported?(t||"flash"!==plupload.predictRuntime(this.params.defaults)||this.params.defaults.required_features&&this.params.defaults.required_features.hasOwnProperty("send_binary_string")||(this.params.defaults.required_features=this.params.defaults.required_features||{},this.params.defaults.required_features.send_binary_string=!0),this.uploader=new plupload.Uploader(this.params.defaults),this.uploader.bind("Init",function(t){var s=i("#"+e.params.defaults.container),a=i("#"+e.params.defaults.drop_element);"html4"===t.runtime&&(t.settings.multipart_params.html4=!0),"bp_avatar_upload"===t.settings.multipart_params.action&&(t.settings.multipart_params.bp_params.ui_available_width=s.width()),t.features.dragdrop&&!e.params.browser.mobile?(s.addClass("drag-drop"),a.bind("dragover.wp-uploader",function(){s.addClass("drag-over")}).bind("dragleave.wp-uploader, drop.wp-uploader",function(){s.removeClass("drag-over")})):(s.removeClass("drag-drop"),a.unbind(".wp-uploader"))}),this.uploader.bind("postinit",function(e){e.refresh()}),this.uploader.init(),this.feedback=function(e,i,t){!_.isNull(t)&&t.item&&t.item.clear(),bp.Uploader.filesError.unshift({message:e,data:i,file:t})},this.uploader.bind("FilesAdded",function(t,s){var a=parseInt(t.settings.max_file_size,10),r=this;if(!t.settings.multi_selection&&s.length>1){for(var n in s)t.removeFile(s[n]);i(e).trigger("bp-uploader-warning",e.strings.unique_file_warning)}else _.each(s,function(e){var i;plupload.FAILED!==e.status&&(a>104857600&&e.size>104857600&&"html5"!==t.runtime?r.uploadSizeError(t,e,!0):(i=_.extend({id:e.id,file:e,uploading:!0,date:new Date,filename:e.name},_.pick(e,"loaded","size","percent")),e.item=new bp.Models.File(i),bp.Uploader.filesQueue.add(e.item)))}),t.refresh(),t.start()}),this.uploader.bind("UploadProgress",function(e,i){i.item.set(_.pick(i,"loaded","percent"))}),this.uploader.bind("FileUploaded",function(i,t,s){var a=e.strings.default_error;try{s=JSON.parse(s.response)}catch(i){return e.feedback(a,i,t)}return!_.isObject(s)||_.isUndefined(s.success)?e.feedback(a,null,t):s.success?(_.each(["file","loaded","size","percent"],function(e){t.item.unset(e)}),t.item.set(_.extend(s.data,{uploading:!1})),void bp.Uploader.filesUploaded.add(t.item)):(s.data&&s.data.message&&(a=s.data.message),e.feedback(a,s.data,t))}),this.uploader.bind("BeforeUpload",function(t,s){i(e).trigger("bp-uploader-new-upload",t,s)}),this.uploader.bind("UploadComplete",function(t,s){i(e).trigger("bp-uploader-upload-complete",t,s),bp.Uploader.filesQueue.reset()}),this.uploader.bind("Error",function(t,s){var a,r=e.strings.default_error,n={FAILED:e.strings.upload_failed,FILE_EXTENSION_ERROR:e.strings.invalid_filetype,IMAGE_FORMAT_ERROR:e.strings.not_an_image,IMAGE_MEMORY_ERROR:e.strings.image_memory_exceeded,IMAGE_DIMENSIONS_ERROR:e.strings.image_dimensions_exceeded,GENERIC_ERROR:e.strings.upload_failed,IO_ERROR:e.strings.io_error,HTTP_ERROR:e.strings.http_error,SECURITY_ERROR:e.strings.security_error,FILE_SIZE_ERROR:e.strings.file_exceeds_size_limit.replace("%s",s.file.name)};for(a in n)if(s.code===plupload[a]){r=n[a];break}i(e).trigger("bp-uploader-warning",r),t.refresh()})):BP_Uploader=void 0},bp.Models.File=Backbone.Model.extend({file:{}}),i.extend(bp.Uploader,{filesQueue:new Backbone.Collection,filesUploaded:new Backbone.Collection,filesError:new Backbone.Collection}),bp.View=bp.Backbone.View.extend({inject:function(e){this.render(),i(e).html(this.el),this.views.ready()},prepare:function(){return!_.isUndefined(this.model)&&_.isFunction(this.model.toJSON)?this.model.toJSON():{}}}),bp.Views.Uploader=bp.View.extend({className:"bp-uploader-window",template:bp.template("upload-window"),defaults:_.pick(BP_Uploader.settings.defaults,"container","drop_element","browse_button"),initialize:function(){this.warnings=[],this.model=new Backbone.Model(this.defaults),this.on("ready",this.initUploader)},initUploader:function(){this.uploader=new bp.Uploader.uploader,i(this.uploader).on("bp-uploader-warning",_.bind(this.setWarning,this)),i(this.uploader).on("bp-uploader-new-upload",_.bind(this.resetWarning,this))},setWarning:function(e,i){if(!_.isUndefined(i)){var t=new bp.Views.uploaderWarning({value:i}).render();this.warnings.push(t),this.$el.after(t.el)}},resetWarning:function(){0!==this.warnings.length&&(_.each(this.warnings,function(e){e.remove()}),this.warnings=[])}}),bp.Views.uploaderWarning=bp.View.extend({tagName:"p",className:"warning",initialize:function(){this.value=this.options.value},render:function(){return this.$el.html(this.value),this}}),bp.Views.uploaderStatus=bp.View.extend({className:"files",initialize:function(){_.each(this.collection.models,this.addFile,this),this.collection.on("change:percent",this.progress,this),bp.Uploader.filesError.on("add",this.feedback,this)},addFile:function(e){this.views.add(new bp.Views.uploaderProgress({model:e}))},progress:function(e){_.isUndefined(e.get("percent"))||i("#"+e.get("id")+" .bp-progress .bp-bar").css("width",e.get("percent")+"%")},feedback:function(e){_.isUndefined(e.get("message"))||_.isUndefined(e.get("file"))||i("#"+e.get("file").id).html(e.get("message")).addClass("error")}}),bp.Views.uploaderProgress=bp.View.extend({className:"bp-uploader-progress",template:bp.template("progress-window")}))}(bp,jQuery);
\ No newline at end of file
window.wp=window.wp||{},window.bp=window.bp||{},function(e,i){"undefined"!=typeof BP_Uploader&&(_.extend(bp,_.pick(wp,"Backbone","ajax","template")),bp.Models=bp.Models||{},bp.Collections=bp.Collections||{},bp.Views=bp.Views||{},bp.Uploader={},bp.Uploader.uploader=function(){var e=this,t=-1!==navigator.userAgent.indexOf("Trident/")||-1!==navigator.userAgent.indexOf("MSIE ");this.params=BP_Uploader.settings,this.strings=BP_Uploader.strings,this.supports={upload:this.params.browser.supported},this.supported=this.supports.upload,this.supported?(t||"flash"!==plupload.predictRuntime(this.params.defaults)||this.params.defaults.required_features&&this.params.defaults.required_features.hasOwnProperty("send_binary_string")||(this.params.defaults.required_features=this.params.defaults.required_features||{},this.params.defaults.required_features.send_binary_string=!0),this.uploader=new plupload.Uploader(this.params.defaults),this.uploader.bind("Init",function(t){var s=i("#"+e.params.defaults.container),a=i("#"+e.params.defaults.drop_element);"html4"===t.runtime&&(t.settings.multipart_params.html4=!0),"bp_avatar_upload"===t.settings.multipart_params.action&&(t.settings.multipart_params.bp_params.ui_available_width=s.width()),t.features.dragdrop&&!e.params.browser.mobile?(s.addClass("drag-drop"),a.bind("dragover.wp-uploader",function(){s.addClass("drag-over")}).bind("dragleave.wp-uploader, drop.wp-uploader",function(){s.removeClass("drag-over")})):(s.removeClass("drag-drop"),a.unbind(".wp-uploader"))}),this.uploader.bind("postinit",function(e){e.refresh()}),this.uploader.init(),this.feedback=function(e,i,t){!_.isNull(t)&&t.item&&t.item.clear(),bp.Uploader.filesError.unshift({message:e,data:i,file:t})},this.uploader.bind("FilesAdded",function(t,s){var a=parseInt(t.settings.max_file_size,10),r=this;if(!t.settings.multi_selection&&s.length>1){for(var n in s)t.removeFile(s[n]);i(e).trigger("bp-uploader-warning",e.strings.unique_file_warning)}else _.each(s,function(e){var i;plupload.FAILED!==e.status&&(a>104857600&&e.size>104857600&&"html5"!==t.runtime?r.uploadSizeError(t,e,!0):(i=_.extend({id:e.id,file:e,uploading:!0,date:new Date,filename:e.name},_.pick(e,"loaded","size","percent")),e.item=new bp.Models.File(i),bp.Uploader.filesQueue.add(e.item)))}),t.refresh(),t.start()}),this.uploader.bind("UploadProgress",function(e,i){i.item.set(_.pick(i,"loaded","percent"))}),this.uploader.bind("FileUploaded",function(i,t,s){var a=e.strings.default_error;try{s=JSON.parse(s.response)}catch(i){return e.feedback(a,i,t)}return!_.isObject(s)||_.isUndefined(s.success)?e.feedback(a,null,t):s.success?(_.each(["file","loaded","size","percent"],function(e){t.item.unset(e)}),t.item.set(_.extend(s.data,{uploading:!1})),void bp.Uploader.filesUploaded.add(t.item)):(s.data&&s.data.message&&(a=s.data.message),e.feedback(a,s.data,t))}),this.uploader.bind("BeforeUpload",function(t,s){i(e).trigger("bp-uploader-new-upload",t,s)}),this.uploader.bind("UploadComplete",function(t,s){i(e).trigger("bp-uploader-upload-complete",t,s),bp.Uploader.filesQueue.reset()}),this.uploader.bind("Error",function(t,s){var a,r=e.strings.default_error,n={FAILED:e.strings.upload_failed,FILE_EXTENSION_ERROR:e.strings.invalid_filetype,IMAGE_FORMAT_ERROR:e.strings.not_an_image,IMAGE_MEMORY_ERROR:e.strings.image_memory_exceeded,IMAGE_DIMENSIONS_ERROR:e.strings.image_dimensions_exceeded,GENERIC_ERROR:e.strings.upload_failed,IO_ERROR:e.strings.io_error,HTTP_ERROR:e.strings.http_error,SECURITY_ERROR:e.strings.security_error,FILE_SIZE_ERROR:e.strings.file_exceeds_size_limit.replace("%s",i("<span />").text(s.file.name).html())};for(a in n)if(s.code===plupload[a]){r=n[a];break}i(e).trigger("bp-uploader-warning",r),t.refresh()})):BP_Uploader=void 0},bp.Models.File=Backbone.Model.extend({file:{}}),i.extend(bp.Uploader,{filesQueue:new Backbone.Collection,filesUploaded:new Backbone.Collection,filesError:new Backbone.Collection}),bp.View=bp.Backbone.View.extend({inject:function(e){this.render(),i(e).html(this.el),this.views.ready()},prepare:function(){return!_.isUndefined(this.model)&&_.isFunction(this.model.toJSON)?this.model.toJSON():{}}}),bp.Views.Uploader=bp.View.extend({className:"bp-uploader-window",template:bp.template("upload-window"),defaults:_.pick(BP_Uploader.settings.defaults,"container","drop_element","browse_button"),initialize:function(){this.warnings=[],this.model=new Backbone.Model(this.defaults),this.on("ready",this.initUploader)},initUploader:function(){this.uploader=new bp.Uploader.uploader,i(this.uploader).on("bp-uploader-warning",_.bind(this.setWarning,this)),i(this.uploader).on("bp-uploader-new-upload",_.bind(this.resetWarning,this))},setWarning:function(e,i){if(!_.isUndefined(i)){var t=new bp.Views.uploaderWarning({value:i}).render();this.warnings.push(t),this.$el.after(t.el)}},resetWarning:function(){0!==this.warnings.length&&(_.each(this.warnings,function(e){e.remove()}),this.warnings=[])}}),bp.Views.uploaderWarning=bp.View.extend({tagName:"p",className:"warning",initialize:function(){this.value=this.options.value},render:function(){return this.$el.html(this.value),this}}),bp.Views.uploaderStatus=bp.View.extend({className:"files",initialize:function(){_.each(this.collection.models,this.addFile,this),this.collection.on("change:percent",this.progress,this),bp.Uploader.filesError.on("add",this.feedback,this)},addFile:function(e){this.views.add(new bp.Views.uploaderProgress({model:e}))},progress:function(e){_.isUndefined(e.get("percent"))||i("#"+e.get("id")+" .bp-progress .bp-bar").css("width",e.get("percent")+"%")},feedback:function(e){_.isUndefined(e.get("message"))||_.isUndefined(e.get("file"))||i("#"+e.get("file").id).html(e.get("message")).addClass("error")}}),bp.Views.uploaderProgress=bp.View.extend({className:"bp-uploader-progress",template:bp.template("progress-window")}))}(bp,jQuery);
\ No newline at end of file
......@@ -15,7 +15,7 @@
* Description: BuddyPress adds community features to WordPress. Member Profiles, Activity Streams, Direct Messaging, Notifications, and more!
* Author: The BuddyPress Community
* Author URI: https://buddypress.org/
* Version: 2.9.1
* Version: 2.9.2
* Text Domain: buddypress
* Domain Path: /bp-languages/
* License: GPLv2 or later (license.txt)
......
......@@ -680,7 +680,9 @@ class BP_Members_Admin {
// Conditionally add a referer if it exists in the existing request.
if ( ! empty( $_REQUEST['wp_http_referer'] ) ) {
$query_args['wp_http_referer'] = urlencode( stripslashes_deep( $_REQUEST['wp_http_referer'] ) );
$wp_http_referer = wp_unslash( $_REQUEST['wp_http_referer'] );
$wp_http_referer = wp_validate_redirect( esc_url_raw( $wp_http_referer ) );
$query_args['wp_http_referer'] = urlencode( $wp_http_referer );
}
// Setup the two distinct "edit" URL's.
......@@ -919,7 +921,9 @@ class BP_Members_Admin {
$form_action_url = add_query_arg( 'action', 'update', $request_url );
$wp_http_referer = false;
if ( ! empty( $_REQUEST['wp_http_referer'] ) ) {
$wp_http_referer = remove_query_arg( array( 'action', 'updated' ), $_REQUEST['wp_http_referer'] );
$wp_http_referer = wp_unslash( $_REQUEST['wp_http_referer'] );
$wp_http_referer = remove_query_arg( array( 'action', 'updated' ), $wp_http_referer );
$wp_http_referer = wp_validate_redirect( esc_url_raw( $wp_http_referer ) );
}
// Prepare notice for admin.
......@@ -1241,7 +1245,9 @@ class BP_Members_Admin {
}
// Add the referer.
$args['wp_http_referer'] = urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) );
$wp_http_referer = wp_unslash( $_SERVER['REQUEST_URI'] );
$wp_http_referer = wp_validate_redirect( esc_url_raw( $wp_http_referer ) );
$args['wp_http_referer'] = urlencode( $wp_http_referer );
// Add the "Extended" link if the current user can edit this user.
if ( current_user_can( 'edit_user', $user->ID ) || bp_current_user_can( 'bp_moderate' ) ) {
......
......@@ -131,34 +131,38 @@ add_action( 'bp_actions', 'bp_messages_action_create_message' );
*
* @since 2.4.0 This function was split from messages_screen_notices(). See #6505.
*
* @global int $notice_id
*
* @return boolean
*/
function bp_messages_action_edit_notice() {
global $notice_id;
// Bail if not viewing a single notice URL.
if ( ! bp_is_messages_component() || ! bp_is_current_action( 'notices' ) || ! bp_action_variable( 1 ) ) {
if ( ! bp_is_messages_component() || ! bp_is_current_action( 'notices' ) ) {
return false;
}
// Get action variables.
$action = bp_action_variable( 0 ); // deactivate|activate|delete.
$notice_id = bp_action_variable( 1 ); // 1|2|3|etc...
// Get the notice ID (1|2|3).
$notice_id = bp_action_variable( 1 );
// Bail if notice ID is not numeric.
if ( ! is_numeric( $notice_id ) ) {
return;
if ( empty( $notice_id ) || ! is_numeric( $notice_id ) ) {
return false;
}
// Define local variables.
$redirect_to = '';
$feedback = '';
$success = false;
// Bail if the current user doesn't have administrator privileges.
if ( ! bp_current_user_can( 'bp_moderate' ) ) {
return false;
}
// Get the action (deactivate|activate|delete).
$action = sanitize_key( bp_action_variable( 0 ) );
// Check the nonce.
check_admin_referer( "messages_{$action}_notice" );
// Get the notice from database.
$notice = new BP_Messages_Notice( $notice_id );
$notice = new BP_Messages_Notice( $notice_id );
$success = false;
$feedback = '';
// Take action.
switch ( $action ) {
......
......@@ -688,7 +688,7 @@ function bp_legacy_theme_ajax_querystring( $query_string, $object ) {
// Activity stream filtering on action.
if ( ! empty( $_BP_COOKIE['bp-' . $object . '-filter'] ) && '-1' != $_BP_COOKIE['bp-' . $object . '-filter'] ) {
$qs[] = 'type=' . $_BP_COOKIE['bp-' . $object . '-filter'];
$qs[] = 'type=' . urlencode( $_BP_COOKIE['bp-' . $object . '-filter'] );
if ( bp_is_active( 'activity' ) ) {
$actions = bp_activity_get_actions_for_context();
......@@ -711,7 +711,7 @@ function bp_legacy_theme_ajax_querystring( $query_string, $object ) {
// Activity stream scope only on activity directory.
if ( 'all' != $_BP_COOKIE['bp-' . $object . '-scope'] && ! bp_displayed_user_id() && ! bp_is_single_item() )
$qs[] = 'scope=' . $_BP_COOKIE['bp-' . $object . '-scope'];
$qs[] = 'scope=' . urlencode( $_BP_COOKIE['bp-' . $object . '-scope'] );
}
// If page and search_terms have been passed via the AJAX post request, use those.
......
......@@ -107,8 +107,8 @@ function bp_dtheme_ajax_querystring( $query_string, $object ) {
// Activity stream filtering on action
if ( ! empty( $_BP_COOKIE['bp-' . $object . '-filter'] ) && '-1' != $_BP_COOKIE['bp-' . $object . '-filter'] ) {
$qs[] = 'type=' . $_BP_COOKIE['bp-' . $object . '-filter'];
$qs[] = 'action=' . $_BP_COOKIE['bp-' . $object . '-filter'];
$qs[] = 'type=' . urlencode( $_BP_COOKIE['bp-' . $object . '-filter'] );
$qs[] = 'action=' . urlencode( $_BP_COOKIE['bp-' . $object . '-filter'] );
}
if ( ! empty( $_BP_COOKIE['bp-' . $object . '-scope'] ) ) {
......@@ -119,7 +119,7 @@ function bp_dtheme_ajax_querystring( $query_string, $object ) {
// Activity stream scope only on activity directory.
if ( 'all' != $_BP_COOKIE['bp-' . $object . '-scope'] && ! bp_displayed_user_id() && ! bp_is_single_item() )
$qs[] = 'scope=' . $_BP_COOKIE['bp-' . $object . '-scope'];
$qs[] = 'scope=' . urlencode( $_BP_COOKIE['bp-' . $object . '-scope'] );
}
// If page and search_terms have been passed via the AJAX post request, use those.
......@@ -134,7 +134,7 @@ function bp_dtheme_ajax_querystring( $query_string, $object ) {
$object_search_text = bp_get_search_default_text( $object );
if ( ! empty( $_POST['search_terms'] ) && $object_search_text != $_POST['search_terms'] && 'false' != $_POST['search_terms'] && 'undefined' != $_POST['search_terms'] )
$qs[] = 'search_terms=' . $_POST['search_terms'];
$qs[] = 'search_terms=' . urlencode( $_POST['search_terms'] );
// Now pass the querystring to override default values.
$query_string = empty( $qs ) ? '' : join( '&', (array) $qs );
......
......@@ -168,11 +168,16 @@ function xprofile_sanitize_data_value_before_save( $field_value, $field_id = 0,
return $field_value;
}
// Value might be serialized.
// Force reserialization if serialized (avoids mutation, retains integrity)
if ( is_serialized( $field_value ) && ( false === $reserialize ) ) {
$reserialize = true;
}
// Value might be a serialized array of options.
$field_value = maybe_unserialize( $field_value );
// Filter single value.
if ( !is_array( $field_value ) ) {
// Sanitize single field value.
if ( ! is_array( $field_value ) ) {
$kses_field_value = xprofile_filter_kses( $field_value, $data_obj );
$filtered_field_value = wp_rel_nofollow( force_balance_tags( $kses_field_value ) );
......@@ -187,16 +192,15 @@ function xprofile_sanitize_data_value_before_save( $field_value, $field_id = 0,
*/
$filtered_field_value = apply_filters( 'xprofile_filtered_data_value_before_save', $filtered_field_value, $field_value, $data_obj );
// Filter each array item independently.
// Sanitize multiple individual option values.
} else {
$filtered_values = array();
foreach ( (array) $field_value as $value ) {
$kses_field_value = xprofile_filter_kses( $value, $data_obj );
$filtered_value = wp_rel_nofollow( force_balance_tags( $kses_field_value ) );
$kses_field_value = xprofile_filter_kses( $value, $data_obj );
$filtered_value = wp_rel_nofollow( force_balance_tags( $kses_field_value ) );
/** This filter is documented in bp-xprofile/bp-xprofile-filters.php */
$filtered_values[] = apply_filters( 'xprofile_filtered_data_value_before_save', $filtered_value, $value, $data_obj );
}
if ( !empty( $reserialize ) ) {
......
......@@ -464,6 +464,8 @@ function xprofile_set_field_data( $field, $user_id, $value, $is_required = false
$field = new BP_XProfile_ProfileData();
$field->field_id = $field_id;
$field->user_id = $user_id;
// Gets un/reserialized via xprofile_sanitize_data_value_before_save()
$field->value = maybe_serialize( $value );
return $field->save();
......
......@@ -588,27 +588,22 @@ function bp_the_profile_field_edit_value() {
function bp_get_the_profile_field_edit_value() {
global $field;
/**
* Check to see if the posted value is different, if it is re-display this
* value as long as it's not empty and a required field.
*/
// Make sure field data object exists
if ( ! isset( $field->data ) ) {
$field->data = new stdClass;
}
// Default to empty value
if ( ! isset( $field->data->value ) ) {
$field->data->value = '';
}
if ( isset( $_POST['field_' . $field->id] ) && $field->data->value != $_POST['field_' . $field->id] ) {
if ( ! empty( $_POST['field_' . $field->id] ) ) {
$field->data->value = $_POST['field_' . $field->id];
} else {
$field->data->value = '';
}
}
// Was a new value posted? If so, use it instead.
if ( isset( $_POST['field_' . $field->id] ) ) {
$field_value = isset( $field->data->value ) ? bp_unserialize_profile_field( $field->data->value ) : '';
// This is sanitized via the filter below (based on the field type)
$field->data->value = $_POST['field_' . $field->id];
}
/**
* Filters the XProfile field edit value.
......@@ -619,7 +614,7 @@ function bp_the_profile_field_edit_value() {
* @param string $type Type for the profile field.
* @param int $id ID for the profile field.
*/
return apply_filters( 'bp_get_the_profile_field_edit_value', $field_value, $field->type, $field->id );
return apply_filters( 'bp_get_the_profile_field_edit_value', $field->data->value, $field->type, $field->id );
}
/**
......@@ -904,7 +899,8 @@ function bp_the_profile_field_visibility_level_label() {
}
/**
* Return unserialized profile field data.
* Return unserialized profile field data, and combine any array items into a
* comma-separated string.
*
* @since 1.0.0
*
......@@ -913,7 +909,7 @@ function bp_the_profile_field_visibility_level_label() {
*/
function bp_unserialize_profile_field( $value ) {
if ( is_serialized($value) ) {
$field_value = maybe_unserialize($value);
$field_value = @unserialize($value);
$field_value = implode( ', ', $field_value );
return $field_value;
}
......
......@@ -464,7 +464,10 @@ class BP_XProfile_User_Admin {
);
if ( ! empty( $_REQUEST['wp_http_referer'] ) ) {
$query_args['wp_http_referer'] = urlencode( wp_unslash( $_REQUEST['wp_http_referer'] ) );
$wp_http_referer = wp_unslash( $_REQUEST['wp_http_referer'] );
$wp_http_referer = remove_query_arg( array( 'action', 'updated' ), $wp_http_referer );
$wp_http_referer = wp_validate_redirect( esc_url_raw( $wp_http_referer ) );
$query_args['wp_http_referer'] = urlencode( $wp_http_referer );
}
$community_url = add_query_arg( $query_args, buddypress()->members->admin->edit_profile_url );
......
......@@ -293,7 +293,7 @@ class BuddyPress {
/** Versions **********************************************************/
$this->version = '2.9.1';
$this->version = '2.9.2';
$this->db_version = 11105;
/** Loading ***********************************************************/
......
......@@ -2,8 +2,9 @@
Contributors: johnjamesjacoby, DJPaul, boonebgorges, r-a-y, imath, mercime, tw2113, dcavins, hnla
Tags: social networking, activity, profiles, messaging, friends, groups, forums, notifications, settings, social, community, networks, networking
Requires at least: 4.4
Tested up to: 4.8.1
Stable tag: 2.9.1
Tested up to: 4.9
Requires PHP: 5.3
Stable tag: 2.9.2
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html
......@@ -116,10 +117,10 @@ Please consider helping translate BuddyPress at our <a href="https://translate.w
== Upgrade Notice ==
= 2.9.1 =
See: https://codex.buddypress.org/releases/version-2-9-1/
= 2.9.2 =
See: https://codex.buddypress.org/releases/version-2-9-2/
== Changelog ==
= 2.9.1 =
See: https://codex.buddypress.org/releases/version-2-9-1/
= 2.9.2 =
See: https://codex.buddypress.org/releases/version-2-9-2/
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment