From 568c7f7c81be47056ba2e004788a88ee84724b5b Mon Sep 17 00:00:00 2001 From: Alex Kirk Date: Thu, 21 Nov 2024 19:07:38 +0100 Subject: [PATCH] Fix starring of a friend (#392) --- includes/class-frontend.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/class-frontend.php b/includes/class-frontend.php index ec0da2ab..5b491ac4 100644 --- a/includes/class-frontend.php +++ b/includes/class-frontend.php @@ -759,7 +759,7 @@ public function ajax_star_friend_user() { exit; } - $friend_id = intval( $_POST['friend_id'] ); + $friend_id = sanitize_text_field( wp_unslash( $_POST['friend_id'] ) ); check_ajax_referer( "star-$friend_id" ); $friend_user = User::get_by_username( $friend_id );