function bp_group_documents_forum_attachments_topic_text($topic_text) { global $bp; if (!empty($_FILES)) { $document = new BP_Group_Documents(); $document->user_id = get_current_user_id(); $document->group_id = $bp->groups->current_group->id; $document->name = $_POST['bp_group_documents_name']; $document->description = $_POST['bp_group_documents_description']; if ($document->save()) { do_action('bp_group_documents_add_success', $document); bp_core_add_message(__('Document successfully uploaded', 'bp-group-documents')); return $topic_text . bp_group_documents_forum_attachments_document_link($document); } } return $topic_text; }
/** * * @param type $topic_text * @return type * @version 1.2.2, stergatu 3/10/2013, sanitize_text_field * @since */ function bp_group_documents_forum_attachments_topic_text($topic_text) { $bp = buddypress(); if (!empty($_FILES)) { $document = new BP_Group_Documents(); $document->user_id = get_current_user_id(); $document->group_id = $bp->groups->current_group->id; /* Never trust an input box */ // $document->name = $_POST['bp_group_documents_name']; // $document->description = $_POST['bp_group_documents_description']; $document->name = sanitize_text_field($_POST['bp_group_documents_name']); $document->description = sanitize_text_field($_POST['bp_group_documents_description']); if ($document->save()) { do_action('bp_group_documents_add_success', $document); bp_core_add_message(__('Document successfully uploaded', 'bp-group-documents')); return $topic_text . bp_group_documents_forum_attachments_document_link($document); } } return $topic_text; }