Changeset 3285063

Timestamp:

04/30/2025 04:59:10 PM (8 months ago)

Author:

shanebp

Message:

tag 2.5

Location:

bp-messages-tool/tags/2.5

Files:

• . (copied) (copied from bp-messages-tool/trunk)
• bpmt.php (modified) (6 diffs)
• loader.php (modified) (1 diff)
• readme.txt (modified) (2 diffs)

bp-messages-tool/tags/2.5/bpmt.php

@@ -19 +19 @@
         <?php
         if ( is_super_admin() && isset( $_GET['action'] ) ) {
-
-            switch( $_GET['action'] ) {
+            
+            $action = sanitize_text_field( $_GET['action'] );
+
+            switch( $action) {
 
                 case 'select-member':
@@ -113 +115 @@
 
         if( ! empty( $_POST['bpmt-user'] ) )
-            $bpmt_user = $_POST['bpmt-user'];
+            $bpmt_user = intval( sanitize_text_field($_POST['bpmt-user'] ) );
         else {
             _e("<div class='error below-h2'>ERROR -  Please enter a Member's login name or user id.</div>", 'bpmt');
@@ -121 +123 @@
 
     elseif( isset( $_GET['user_id'] ) )
-        $bpmt_user = intval( $_GET['user_id'] );
+        $bpmt_user = intval( sanitize_text_field( $_GET['user_id'] ) ); 
 
     else {
@@ -153 +155 @@
     global $bpmt_user_data;
 
-    $bpmt_user_data = bpmt_get_user_data( $_GET['user_id'] );
+    $bpmt_user_data = bpmt_get_user_data( sanitize_text_field( $_GET['user_id'] ) );
 
     if( $bpmt_user_data != NULL ) {
@@ -174 +176 @@
 function bpmt_get_thread_view() {
     global $bpmt_user_data;
-
-    $bpmt_user_data = bpmt_get_user_data( $_GET['user_id'] );
+    
+    $user_id = intval( sanitize_text_field( $_GET['user_id'] ) );
+
+    $bpmt_user_data = bpmt_get_user_data( $user_id );
 
     if( $bpmt_user_data != NULL ) {
@@ -369 +373 @@
         <tr>
             <td align="right"><em>Display Name:</em></td>
-            <td><?php echo $bpmt_user_data->display_name; ?></td>
+            <td><?php echo esc_html( $bpmt_user_data->display_name ) ?></td>
         </tr>
 
         <tr>
             <td align="right"><em>Login Name:</em></td>
-            <td><?php echo $bpmt_user_data->user_login; ?></td>
+            <td><?php echo esc_html( $bpmt_user_data->user_login ) ?></td>
         </tr>
 
         <tr>
             <td align="right"><em>ID:</em></td>
-            <td><?php echo $bpmt_user_data->ID; ?></td>
+            <td><?php echo esc_html( $bpmt_user_data->ID ) ?></td>
         </tr>
 
         <tr>
             <td align="right"><em>Box:</em></td>
-            <td><?php echo ucfirst( $bpmt_user_data->box ); ?></td>
+            <td><?php echo esc_html( ucfirst( $bpmt_user_data->box ) ) ?></td>
         </tr>
 

bp-messages-tool/tags/2.5/loader.php

@@ -4 +4 @@
 Plugin URI: https://www.philopress.com
 Description: View Messages for any BuddyPress member via wp-admin screen Tools > BP Messages
-Version: 2.4
+Version: 2.5
 Author: PhiloPress
 Author URI: https://www.philopress.com/

bp-messages-tool/tags/2.5/readme.txt

@@ -7 +7 @@
 Requires at least: WP 4.0
 Tested up to: 6.8
-Stable tag: 2.4
+Stable tag: 2.5
 License: GPLv2 or later
 
@@ -45 +45 @@
 == Changelog ==
 
-= 2.3 =
+= 2.5 =
 * fix XSS vulnerability