protected static function get_parameters()
{
// new items will always have "-new" appended to the querystring
// we need to strip "-new" to get the querystring
if (self::is_new_item()) {
// check to see if user ID is set, if not, return false
if (empty(self::$user->ID)) {
return false;
}
$new = strrpos(self::$querystring, '-new');
if ($new !== false) {
// get rid of "-new" from the querystring
$qs = substr(self::$querystring, 0, $new);
} else {
/**
* If new item querystring isn't default, let plugins render querystring.
*
* Plugins should return a querystring matching whitelisted parameters from the
* 'bp_rbe_allowed_params' filter.
*
* @since 1.0-RC4
*
* @param string $qs Current string.
*/
$qs = (string) apply_filters('bp_rbe_new_item_querystring', self::$querystring);
}
} else {
$qs = self::$querystring;
}
// only decode if querystring is a hexadecimal string
if (ctype_xdigit($qs)) {
// New posted items will pass $user_id along with $qs for decoding
// This is done as an additional security measure because the "From" header
// can be spoofed and is similar to how Basecamp handles posting new items
if (self::is_new_item()) {
// pass $user_id to bp_rbe_decode()
$qs = apply_filters('bp_rbe_decode_qs', bp_rbe_decode(array('string' => $qs, 'param' => self::$user->ID)), $qs, self::$user->ID);
// Replied items will use the regular $qs for decoding
} else {
$qs = apply_filters('bp_rbe_decode_qs', bp_rbe_decode(array('string' => self::$querystring)), $qs, false);
}
}
// These are the default params we want to check for
$defaults = array('a' => false, 'p' => false, 't' => false, 'm' => false, 'g' => false);
// Let 3rd-party plugins whitelist additional params
$defaults = apply_filters('bp_rbe_allowed_params', $defaults, $qs);
// Parse querystring into an array
wp_parse_str($qs, $params);
// Only allow parameters set from $defaults through
$params = array_intersect_key($params, $defaults);
// If no params, return false
if (empty($params)) {
return false;
}
return $params;
}
