Skip to:
Content

BuddyPress.org

Ticket #1728: 1728.003.diff

File 1728.003.diff, 54.2 KB (added by cnorris23, 14 years ago)

replace deprecated attribute_escape() with esc_attr()

  • bp-themes/bp-default/sidebar.php

     
    3939
    4040                <form name="login-form" id="sidebar-login-form" class="standard-form" action="<?php echo site_url( 'wp-login.php', 'login_post' ) ?>" method="post">
    4141                        <label><?php _e( 'Username', 'buddypress' ) ?><br />
    42                         <input type="text" name="log" id="sidebar-user-login" class="input" value="<?php echo attribute_escape(stripslashes($user_login)); ?>" /></label>
     42                        <input type="text" name="log" id="sidebar-user-login" class="input" value="<?php echo esc_attr(stripslashes($user_login)); ?>" /></label>
    4343
    4444                        <label><?php _e( 'Password', 'buddypress' ) ?><br />
    4545                        <input type="password" name="pwd" id="sidebar-user-pass" class="input" value="" /></label>
  • bp-themes/bp-default/_inc/ajax.php

     
    188188
    189189                                <div class="acomment-meta">
    190190                                        <?php echo bp_core_get_userlink( bp_get_activity_user_id() ) ?> &middot; <?php printf( __( '%s ago', 'buddypress' ), bp_core_time_since( gmdate( "Y-m-d H:i:s" ) ) ) ?> &middot;
    191                                         <a class="acomment-reply" href="#acomment-<?php bp_activity_id() ?>" id="acomment-reply-<?php echo attribute_escape( $_POST['form_id'] ) ?>"><?php _e( 'Reply', 'buddypress' ) ?></a>
     191                                        <a class="acomment-reply" href="#acomment-<?php bp_activity_id() ?>" id="acomment-reply-<?php echo esc_attr( $_POST['form_id'] ) ?>"><?php _e( 'Reply', 'buddypress' ) ?></a>
    192192                                         &middot; <a href="<?php echo wp_nonce_url( $bp->root_domain . '/' . $bp->activity->slug . '/delete/' . bp_get_activity_id() . '?cid=' . $comment_id, 'bp_activity_delete_link' ) ?>" class="delete acomment-delete confirm"><?php _e( 'Delete', 'buddypress' ) ?></a>
    193193                                </div>
    194194
     
    312312                echo '<h4>' . $user->user_link . '</h4>';
    313313                echo '<span class="activity">' . esc_attr( $user->last_active ) . '</span>';
    314314                echo '<div class="action">
    315                                 <a class="remove" href="' . wp_nonce_url( $bp->loggedin_user->domain . $bp->groups->slug . '/' . $_POST['group_id'] . '/invites/remove/' . $user->id, 'groups_invite_uninvite_user' ) . '" id="uid-' . attribute_escape( $user->id ) . '">' . __( 'Remove Invite', 'buddypress' ) . '</a>
     315                                <a class="remove" href="' . wp_nonce_url( $bp->loggedin_user->domain . $bp->groups->slug . '/' . $_POST['group_id'] . '/invites/remove/' . $user->id, 'groups_invite_uninvite_user' ) . '" id="uid-' . esc_attr( $user->id ) . '">' . __( 'Remove Invite', 'buddypress' ) . '</a>
    316316                          </div>';
    317317                echo '</li>';
    318318
     
    404404                        if ( !groups_join_group( $group->id ) ) {
    405405                                _e( 'Error joining group', 'buddypress' );
    406406                        } else {
    407                                 echo '<a id="group-' . attribute_escape( $group->id ) . '" class="leave-group" rel="leave" title="' . __( 'Leave Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'leave-group', 'groups_leave_group' ) . '">' . __( 'Leave Group', 'buddypress' ) . '</a>';
     407                                echo '<a id="group-' . esc_attr( $group->id ) . '" class="leave-group" rel="leave" title="' . __( 'Leave Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'leave-group', 'groups_leave_group' ) . '">' . __( 'Leave Group', 'buddypress' ) . '</a>';
    408408                        }
    409409
    410410                } else if ( 'private' == $group->status ) {
     
    414414                        if ( !groups_send_membership_request( $bp->loggedin_user->id, $group->id ) ) {
    415415                                _e( 'Error requesting membership', 'buddypress' );
    416416                        } else {
    417                                 echo '<a id="group-' . attribute_escape( $group->id ) . '" class="membership-requested" rel="membership-requested" title="' . __( 'Membership Requested', 'buddypress' ) . '" href="' . bp_get_group_permalink( $group ) . '">' . __( 'Membership Requested', 'buddypress' ) . '</a>';
     417                                echo '<a id="group-' . esc_attr( $group->id ) . '" class="membership-requested" rel="membership-requested" title="' . __( 'Membership Requested', 'buddypress' ) . '" href="' . bp_get_group_permalink( $group ) . '">' . __( 'Membership Requested', 'buddypress' ) . '</a>';
    418418                        }
    419419                }
    420420
     
    426426                        _e( 'Error leaving group', 'buddypress' );
    427427                } else {
    428428                        if ( 'public' == $group->status ) {
    429                                 echo '<a id="group-' . attribute_escape( $group->id ) . '" class="join-group" rel="join" title="' . __( 'Join Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'join', 'groups_join_group' ) . '">' . __( 'Join Group', 'buddypress' ) . '</a>';
     429                                echo '<a id="group-' . esc_attr( $group->id ) . '" class="join-group" rel="join" title="' . __( 'Join Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'join', 'groups_join_group' ) . '">' . __( 'Join Group', 'buddypress' ) . '</a>';
    430430                        } else if ( 'private' == $group->status ) {
    431                                 echo '<a id="group-' . attribute_escape( $group->id ) . '" class="request-membership" rel="join" title="' . __( 'Request Membership', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'request-membership', 'groups_send_membership_request' ) . '">' . __( 'Request Membership', 'buddypress' ) . '</a>';
     431                                echo '<a id="group-' . esc_attr( $group->id ) . '" class="request-membership" rel="join" title="' . __( 'Request Membership', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'request-membership', 'groups_send_membership_request' ) . '">' . __( 'Request Membership', 'buddypress' ) . '</a>';
    432432                        }
    433433                }
    434434        }
  • bp-core/bp-core-widgets.php

     
    5252                                <?php endwhile; ?>
    5353                        </ul>
    5454                        <?php wp_nonce_field( 'bp_core_widget_members', '_wpnonce-members' ); ?>
    55                         <input type="hidden" name="members_widget_max" id="members_widget_max" value="<?php echo attribute_escape( $instance['max_members'] ); ?>" />
     55                        <input type="hidden" name="members_widget_max" id="members_widget_max" value="<?php echo esc_attr( $instance['max_members'] ); ?>" />
    5656
    5757                <?php else: ?>
    5858
     
    7878                $max_members = strip_tags( $instance['max_members'] );
    7979                ?>
    8080
    81                 <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo attribute_escape( $max_members ); ?>" style="width: 30%" /></label></p>
     81                <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" /></label></p>
    8282        <?php
    8383        }
    8484}
     
    132132                $max_members = strip_tags( $instance['max_members'] );
    133133                ?>
    134134
    135                 <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo attribute_escape( $max_members ); ?>" style="width: 30%" /></label></p>
     135                <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" /></label></p>
    136136        <?php
    137137        }
    138138}
     
    186186                $max_members = strip_tags( $instance['max_members'] );
    187187                ?>
    188188
    189                 <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo attribute_escape( $max_members ); ?>" style="width: 30%" /></label></p>
     189                <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" /></label></p>
    190190        <?php
    191191        }
    192192}
  • bp-core/bp-core-templatetags.php

     
    325325        function bp_get_member_registered() {
    326326                global $members_template;
    327327
    328                 $registered = attribute_escape( bp_core_get_last_activity( $members_template->member->user_registered, __( 'registered %s ago', 'buddypress' ) ) );
     328                $registered = esc_attr( bp_core_get_last_activity( $members_template->member->user_registered, __( 'registered %s ago', 'buddypress' ) ) );
    329329
    330330                return apply_filters( 'bp_member_last_active', $registered );
    331331        }
     
    369369
    370370function bp_member_hidden_fields() {
    371371        if ( isset( $_REQUEST['s'] ) ) {
    372                 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['s'] ) . '" name="search_terms" />';
     372                echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['s'] ) . '" name="search_terms" />';
    373373        }
    374374
    375375        if ( isset( $_REQUEST['letter'] ) ) {
    376                 echo '<input type="hidden" id="selected_letter" value="' . attribute_escape( $_REQUEST['letter'] ) . '" name="selected_letter" />';
     376                echo '<input type="hidden" id="selected_letter" value="' . esc_attr( $_REQUEST['letter'] ) . '" name="selected_letter" />';
    377377        }
    378378
    379379        if ( isset( $_REQUEST['members_search'] ) ) {
    380                 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['members_search'] ) . '" name="search_terms" />';
     380                echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['members_search'] ) . '" name="search_terms" />';
    381381        }
    382382}
    383383
     
    390390
    391391        ?>
    392392        <form action="" method="get" id="search-members-form">
    393                 <label><input type="text" name="s" id="members_search" value="<?php echo attribute_escape( $search_value ) ?>"  onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
     393                <label><input type="text" name="s" id="members_search" value="<?php echo esc_attr( $search_value ) ?>"  onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
    394394                <input type="submit" id="members_search_submit" name="members_search_submit" value="<?php _e( 'Search', 'buddypress' ) ?>" />
    395395        </form>
    396396<?php
     
    541541        if ( empty( $bp->bp_options_title ) )
    542542                $bp->bp_options_title = __( 'Options', 'buddypress' );
    543543
    544         echo apply_filters( 'bp_get_options_title', attribute_escape( $bp->bp_options_title ) );
     544        echo apply_filters( 'bp_get_options_title', esc_attr( $bp->bp_options_title ) );
    545545}
    546546
    547547
  • bp-core/bp-core-classes.php

     
    6060
    6161                if ( $this->profile_data ) {
    6262                        $this->user_url = bp_core_get_user_domain( $this->id, $this->profile_data['user_nicename'], $this->profile_data['user_login'] );
    63                         $this->fullname = attribute_escape( $this->profile_data[BP_XPROFILE_FULLNAME_FIELD_NAME]['field_data'] );
     63                        $this->fullname = esc_attr( $this->profile_data[BP_XPROFILE_FULLNAME_FIELD_NAME]['field_data'] );
    6464                        $this->user_link = "<a href='{$this->user_url}' title='{$this->fullname}'>{$this->fullname}</a>";
    65                         $this->email = attribute_escape( $this->profile_data['user_email'] );
     65                        $this->email = esc_attr( $this->profile_data['user_email'] );
    6666                } else {
    6767                        $this->user_url = bp_core_get_user_domain( $this->id );
    6868                        $this->user_link = bp_core_get_userlink( $this->id );
    69                         $this->fullname = attribute_escape( bp_core_get_user_displayname( $this->id ) );
    70                         $this->email = attribute_escape( bp_core_get_user_email( $this->id ) );
     69                        $this->fullname = esc_attr( bp_core_get_user_displayname( $this->id ) );
     70                        $this->email = esc_attr( bp_core_get_user_email( $this->id ) );
    7171                }
    7272
    7373                /* Cache a few things that are fetched often */
  • bp-core/bp-core-settings.php

     
    8787
    8888        <form action="<?php echo $bp->loggedin_user->domain . BP_SETTINGS_SLUG . '/general' ?>" method="post" class="standard-form" id="settings-form">
    8989                <label for="email"><?php _e( 'Account Email', 'buddypress' ) ?></label>
    90                 <input type="text" name="email" id="email" value="<?php echo attribute_escape( $current_user->user_email ); ?>" class="settings-input" />
     90                <input type="text" name="email" id="email" value="<?php echo esc_attr( $current_user->user_email ); ?>" class="settings-input" />
    9191
    9292                <label for="pass1"><?php _e( 'Change Password <span>(leave blank for no change)</span>', 'buddypress' ) ?></label>
    9393                <input type="password" name="pass1" id="pass1" size="16" value="" class="settings-input small" /> &nbsp;<?php _e( 'New Password', 'buddypress' ) ?><br />
  • bp-xprofile/bp-xprofile-admin.php

     
    5858                                $type = ( $type == 'error' ) ? 'error' : 'updated'; ?>
    5959
    6060                                <div id="message" class="<?php echo $type; ?> fade">
    61                                         <p><?php echo wp_specialchars( attribute_escape( $message ) ); ?></p>
     61                                        <p><?php echo wp_specialchars( esc_attr( $message ) ); ?></p>
    6262                                </div>
    6363<?php           endif; ?>
    6464
     
    6767<?php
    6868                        if ( $groups ) :
    6969                                foreach ( $groups as $group ) { ?>
    70                                         <li id="group_<?php echo $group->id; ?>"><a href="#tabs-<?php echo $group->id; ?>" class="ui-tab"><?php echo attribute_escape( $group->name ); ?><?php if ( !$group->can_delete ) : ?> <?php _e( '(Core)', 'buddypress'); endif; ?></a></li>
     70                                        <li id="group_<?php echo $group->id; ?>"><a href="#tabs-<?php echo $group->id; ?>" class="ui-tab"><?php echo esc_attr( $group->name ); ?><?php if ( !$group->can_delete ) : ?> <?php _e( '(Core)', 'buddypress'); endif; ?></a></li>
    7171<?php                   }
    7272                        endif; ?>
    7373                                </ul>
     
    7575<?php           if ( $groups ) :
    7676                                foreach ( $groups as $group ) { ?>
    7777                                        <noscript>
    78                                                 <h3><?php echo attribute_escape( $group->name ) ?></h3>
     78                                                <h3><?php echo esc_attr( $group->name ) ?></h3>
    7979                                        </noscript>
    8080                                        <div id="tabs-<?php echo $group->id; ?>" class="tab-wrapper">
    8181                                                <div class="tab-toolbar">
    8282                                                        <div class="tab-toolbar-left">
    83                                                                 <a class="button" href="admin.php?page=bp-profile-setup&amp;group_id=<?php echo attribute_escape( $group->id ); ?>&amp;mode=add_field"><?php _e( 'Add New Field', 'buddypress' ); ?></a>
    84                                                                 <a class="button edit" href="admin.php?page=bp-profile-setup&amp;mode=edit_group&amp;group_id=<?php echo attribute_escape( $group->id ); ?>"><?php _e( 'Edit Group', 'buddypress' ); ?></a>
     83                                                                <a class="button" href="admin.php?page=bp-profile-setup&amp;group_id=<?php echo esc_attr( $group->id ); ?>&amp;mode=add_field"><?php _e( 'Add New Field', 'buddypress' ); ?></a>
     84                                                                <a class="button edit" href="admin.php?page=bp-profile-setup&amp;mode=edit_group&amp;group_id=<?php echo esc_attr( $group->id ); ?>"><?php _e( 'Edit Group', 'buddypress' ); ?></a>
    8585<?php                           if ( $group->can_delete ) : ?>
    86                                                                 <a class="button delete" href="admin.php?page=bp-profile-setup&amp;mode=delete_group&amp;group_id=<?php echo attribute_escape( $group->id ); ?>"><?php _e( 'Delete Group', 'buddypress' ); ?></a>
     86                                                                <a class="button delete" href="admin.php?page=bp-profile-setup&amp;mode=delete_group&amp;group_id=<?php echo esc_attr( $group->id ); ?>"><?php _e( 'Delete Group', 'buddypress' ); ?></a>
    8787<?php                           endif; ?>
    8888                                                        </div>
    8989                                                </div>
    9090
    9191                                                <fieldset id="<?php echo $group->id; ?>" class="connectedSortable field-group">
    9292<?php                           if( $group->description ) : ?>
    93                                                         <legend><?php echo attribute_escape( $group->description ) ?></legend>
     93                                                        <legend><?php echo esc_attr( $group->description ) ?></legend>
    9494<?php                           endif;
    9595
    9696                                        if ( $group->fields ) :
     
    332332       
    333333        $field = $admin_field;
    334334?>
    335                                                 <fieldset id="field_<?php echo attribute_escape( $field->id ); ?>" class="sortable<?php echo ' ' . $field->type; if ( $class ) echo ' ' . $class; ?>">
     335                                                <fieldset id="field_<?php echo esc_attr( $field->id ); ?>" class="sortable<?php echo ' ' . $field->type; if ( $class ) echo ' ' . $class; ?>">
    336336                                                        <legend><?php bp_the_profile_field_name(); ?> <?php if( !$field->can_delete ) : ?> <?php _e( '(Core)', 'buddypress' ); endif; ?> <?php if ( bp_get_the_profile_field_is_required() ) : ?><?php _e( '(required)', 'buddypress' ) ?><?php endif; ?></legend>
    337337                                                        <div class="field-wrapper">
    338338<?php
     
    393393
    394394<?php } ?>
    395395                                                                <div class="actions">
    396                                                                         <a class="button edit" href="admin.php?page=bp-profile-setup&amp;group_id=<?php echo attribute_escape( $admin_group->id ); ?>&amp;field_id=<?php echo attribute_escape( $field->id ); ?>&amp;mode=edit_field"><?php _e( 'Edit', 'buddypress' ); ?></a>
    397                                                                         <?php if ( !$field->can_delete ) : ?>&nbsp;<?php else : ?><a class="button delete" href="admin.php?page=bp-profile-setup&amp;field_id=<?php echo attribute_escape( $field->id ); ?>&amp;mode=delete_field"><?php _e( 'Delete', 'buddypress' ); ?></a><?php endif; ?>
     396                                                                        <a class="button edit" href="admin.php?page=bp-profile-setup&amp;group_id=<?php echo esc_attr( $admin_group->id ); ?>&amp;field_id=<?php echo esc_attr( $field->id ); ?>&amp;mode=edit_field"><?php _e( 'Edit', 'buddypress' ); ?></a>
     397                                                                        <?php if ( !$field->can_delete ) : ?>&nbsp;<?php else : ?><a class="button delete" href="admin.php?page=bp-profile-setup&amp;field_id=<?php echo esc_attr( $field->id ); ?>&amp;mode=delete_field"><?php _e( 'Delete', 'buddypress' ); ?></a><?php endif; ?>
    398398
    399399                                                                </div>
    400400<?php if ( $field->description ) : ?>
    401                                                                 <p class="description"><?php echo attribute_escape( $field->description ); ?></p>
     401                                                                <p class="description"><?php echo esc_attr( $field->description ); ?></p>
    402402<?php endif; ?>
    403403                                                        </div>
    404404                                                </fieldset>
  • bp-xprofile/bp-xprofile-templatetags.php

     
    176176                $css_classes = array();
    177177
    178178                if ( $class )
    179                         $css_classes[] = sanitize_title( attribute_escape( $class ) );
     179                        $css_classes[] = sanitize_title( esc_attr( $class ) );
    180180
    181181                /* Set a class with the field ID */
    182182                $css_classes[] = 'field_' . $profile_template->field->id;
     
    390390                                        else
    391391                                                $selected = '';
    392392
    393                                         $html .= apply_filters( 'bp_get_the_profile_field_options_select', '<option' . $selected . ' value="' . attribute_escape( stripslashes( $options[$k]->name ) ) . '">' . attribute_escape( stripslashes( $options[$k]->name ) ) . '</option>', $options[$k] );
     393                                        $html .= apply_filters( 'bp_get_the_profile_field_options_select', '<option' . $selected . ' value="' . esc_attr( stripslashes( $options[$k]->name ) ) . '">' . esc_attr( stripslashes( $options[$k]->name ) ) . '</option>', $options[$k] );
    394394                                }
    395395                                break;
    396396
     
    411411                                        else
    412412                                                $selected = '';
    413413
    414                                         $html .= apply_filters( 'bp_get_the_profile_field_options_radio', '<label><input' . $selected . ' type="radio" name="field_' . $field->id . '" id="option_' . $options[$k]->id . '" value="' . attribute_escape( $options[$k]->name ) . '"> ' . attribute_escape( $options[$k]->name ) . '</label>', $options[$k] );
     414                                        $html .= apply_filters( 'bp_get_the_profile_field_options_radio', '<label><input' . $selected . ' type="radio" name="field_' . $field->id . '" id="option_' . $options[$k]->id . '" value="' . esc_attr( $options[$k]->name ) . '"> ' . esc_attr( $options[$k]->name ) . '</label>', $options[$k] );
    415415                                }
    416416
    417417                                $html .= '</div>';
     
    436436                                                }
    437437                                        }
    438438
    439                                         $html .= apply_filters( 'bp_get_the_profile_field_options_checkbox', '<label><input' . $selected . ' type="checkbox" name="field_' . $field->id . '[]" id="field_' . $options[$k]->id . '_' . $k . '" value="' . attribute_escape( $options[$k]->name ) . '"> ' . attribute_escape( $options[$k]->name ) . '</label>', $options[$k] );
     439                                        $html .= apply_filters( 'bp_get_the_profile_field_options_checkbox', '<label><input' . $selected . ' type="checkbox" name="field_' . $field->id . '[]" id="field_' . $options[$k]->id . '_' . $k . '" value="' . esc_attr( $options[$k]->name ) . '"> ' . esc_attr( $options[$k]->name ) . '</label>', $options[$k] );
    440440                                        $selected = '';
    441441                                }
    442442                                break;
     
    468468
    469469                                switch ( $type ) {
    470470                                        case 'day':
    471                                                 $html .= '<option value=""' . attribute_escape( $default_select ) . '>--</option>';
     471                                                $html .= '<option value=""' . esc_attr( $default_select ) . '>--</option>';
    472472
    473473                                                for ( $i = 1; $i < 32; $i++ ) {
    474474                                                        if ( $day == $i )
     
    489489                                                                 __( 'October', 'buddypress' ), __( 'November', 'buddypress' ), __( 'December', 'buddypress' )
    490490                                                                );
    491491
    492                                                 $html .= '<option value=""' . attribute_escape( $default_select ) . '>------</option>';
     492                                                $html .= '<option value=""' . esc_attr( $default_select ) . '>------</option>';
    493493
    494494                                                for ( $i = 0; $i < 12; $i++ ) {
    495495                                                        if ( $month == $eng_months[$i] )
     
    502502                                                break;
    503503
    504504                                        case 'year':
    505                                                 $html .= '<option value=""' . attribute_escape( $default_select ) . '>----</option>';
     505                                                $html .= '<option value=""' . esc_attr( $default_select ) . '>----</option>';
    506506
    507507                                                for ( $i = date( 'Y', time() ); $i > 1899; $i-- ) {
    508508                                                        if ( $year == $i )
     
    575575                        $selected = '';
    576576
    577577                if ( $groups[$i]->fields )
    578                         echo '<li' . $selected . '><a href="' . $bp->displayed_user->domain . $bp->profile->slug . '/edit/group/' . $groups[$i]->id . '">' . attribute_escape( $groups[$i]->name ) . '</a></li>';
     578                        echo '<li' . $selected . '><a href="' . $bp->displayed_user->domain . $bp->profile->slug . '/edit/group/' . $groups[$i]->id . '">' . esc_attr( $groups[$i]->name ) . '</a></li>';
    579579        }
    580580
    581581        do_action( 'xprofile_profile_group_tabs' );
  • bp-xprofile/bp-xprofile-classes.php

     
    201201                                </div>
    202202<?php endif; ?>
    203203                        <div id="poststuff">
    204                                 <form action="<?php echo attribute_escape( $action ); ?>" method="post">
     204                                <form action="<?php echo esc_attr( $action ); ?>" method="post">
    205205                                        <div id="titlediv">
    206206                                                <h3><label for="group_name"><?php _e( "Field Group Title", 'buddypress') ?> *</label></h3>
    207207                                                <div id="titlewrap">
    208                                                         <input type="text" name="group_name" id="title" value="<?php echo attribute_escape( $this->name ); ?>" style="width:50%" />
     208                                                        <input type="text" name="group_name" id="title" value="<?php echo esc_attr( $this->name ); ?>" style="width:50%" />
    209209                                                </div>
    210210                                        </div>
    211211
     
    219219<?php endif; ?>
    220220
    221221                                        <p class="submit">
    222                                                 <input type="hidden" name="group_order" id="group_order" value="<?php echo attribute_escape( $this->group_order ); ?>" />
    223                                                 <input type="submit" name="save_group" value="<?php echo attribute_escape( $button ); ?>" class="button-primary"/>
     222                                                <input type="hidden" name="group_order" id="group_order" value="<?php echo esc_attr( $this->group_order ); ?>" />
     223                                                <input type="submit" name="save_group" value="<?php echo esc_attr( $button ); ?>" class="button-primary"/>
    224224                                                <?php _e( 'or', 'buddypress' ); ?> <a href="admin.php?page=bp-profile-setup" class="deletion"><?php _e( 'Cancel', 'buddypress' ); ?></a>
    225225                                        </p>
    226226                                </form>
     
    546546                                                        $default_name = '[' . $j . ']';
    547547?>
    548548                                                <p><?php _e('Option', 'buddypress'); ?> <?php echo $j; ?>:
    549                                                    <input type="text" name="<?php echo $type; ?>_option[<?php echo $j; ?>]" id="<?php echo $type; ?>_option<?php echo $j; ?>" value="<?php echo attribute_escape( $options[$i]->name ); ?>" />
     549                                                   <input type="text" name="<?php echo $type; ?>_option[<?php echo $j; ?>]" id="<?php echo $type; ?>_option<?php echo $j; ?>" value="<?php echo esc_attr( $options[$i]->name ); ?>" />
    550550                                                   <input type="<?php echo $default_input; ?>" name="isDefault_<?php echo $type; ?>_option<?php echo $default_name; ?>" <?php if ( (int) $options[$i]->is_default_option ) {?> checked="checked"<?php } ?> " value="<?php echo $j; ?>" /> <?php _e( 'Default Value', 'buddypress' ); ?>
    551551<?php
    552552                                        if ( $j != 1 && $options[$i]->id != -1 ) : ?>
     
    609609                                <div id="titlediv">
    610610                                        <h3><label for="title"><?php _e( 'Field Title', 'buddypress' ); ?> *</label></h3>
    611611                                        <div id="titlewrap">
    612                                                 <input type="text" name="title" id="title" value="<?php echo attribute_escape( $this->name ); ?>" style="width:50%" />
     612                                                <input type="text" name="title" id="title" value="<?php echo esc_attr( $this->name ); ?>" style="width:50%" />
    613613                                        </div>
    614614                                </div>
    615615<?php
     
    649649                                <input type="hidden" name="fieldtype" id="fieldtype" value="textbox" />
    650650<?php   } ?>
    651651                                <p class="submit">
    652                                         <input type="hidden" name="field_order" id="field_order" value="<?php echo attribute_escape( $this->field_order ); ?>" />
     652                                        <input type="hidden" name="field_order" id="field_order" value="<?php echo esc_attr( $this->field_order ); ?>" />
    653653                                        <input type="submit" value="<?php _e( 'Save', 'buddypress' ); ?>" name="saveField" id="saveField" style="font-weight: bold" class="button-primary" />
    654654                                        <?php _e( 'or', 'buddypress' ); ?> <a href="admin.php?page=bp-profile-setup" class="deletion"><?php _e( 'Cancel', 'buddypress' ); ?></a>
    655655                                </p>
  • bp-friends/bp-friends-templatetags.php

     
    108108                <input type="search" name="friend-search-box" id="friend-search-box" value="<?php echo $value ?>"<?php echo $disabled ?> />
    109109
    110110                <?php wp_nonce_field( 'friends_search', '_wpnonce_friend_search' ) ?>
    111                 <input type="hidden" name="initiator" id="initiator" value="<?php echo attribute_escape( $bp->displayed_user->id ) ?>" />
     111                <input type="hidden" name="initiator" id="initiator" value="<?php echo esc_attr( $bp->displayed_user->id ) ?>" />
    112112
    113113                </form>
    114114        <?php
  • bp-activity/bp-activity-templatetags.php

     
    772772                        else
    773773                                unset($selected);
    774774
    775                         $component = attribute_escape( $component );
     775                        $component = esc_attr( $component );
    776776
    777777                        switch ( $style ) {
    778778                                case 'list':
     
    800800                        /* Make sure all core internal component names are translatable */
    801801                        $translatable_components = array( __( 'profile', 'buddypress'), __( 'friends', 'buddypress' ), __( 'groups', 'buddypress' ), __( 'status', 'buddypress' ), __( 'blogs', 'buddypress' ) );
    802802
    803                         $component_links[] = $before . '<a href="' . attribute_escape( $link ) . '">' . ucwords( __( $component, 'buddypress' ) ) . '</a>' . $after;
     803                        $component_links[] = $before . '<a href="' . esc_attr( $link ) . '">' . ucwords( __( $component, 'buddypress' ) ) . '</a>' . $after;
    804804                }
    805805
    806806                $link = remove_query_arg( 'afilter' , $link );
    807807
    808808                if ( isset( $_GET['afilter'] ) )
    809                         $component_links[] = '<' . $tag . ' id="afilter-clear"><a href="' . attribute_escape( $link ) . '"">' . __( 'Clear Filter', 'buddypress' ) . '</a></' . $tag . '>';
     809                        $component_links[] = '<' . $tag . ' id="afilter-clear"><a href="' . esc_attr( $link ) . '"">' . __( 'Clear Filter', 'buddypress' ) . '</a></' . $tag . '>';
    810810
    811811                return apply_filters( 'bp_get_activity_filter_links', implode( "\n", $component_links ) );
    812812        }
  • bp-blogs.php

     
    287287                /* Record this in activity streams */
    288288                bp_blogs_record_activity( array(
    289289                        'user_id' => $recorded_blog->user_id,
    290                         'action' => apply_filters( 'bp_blogs_activity_created_blog_action', sprintf( __( '%1$s created the blog %2$s', 'buddypress'), bp_core_get_userlink( $recorded_blog->user_id ), '<a href="' . get_blog_option( $recorded_blog->blog_id, 'siteurl' ) . '">' . attribute_escape( $name ) . '</a>' ), &$recorded_blog, $name, $description ),
     290                        'action' => apply_filters( 'bp_blogs_activity_created_blog_action', sprintf( __( '%1$s created the blog %2$s', 'buddypress'), bp_core_get_userlink( $recorded_blog->user_id ), '<a href="' . get_blog_option( $recorded_blog->blog_id, 'siteurl' ) . '">' . esc_attr( $name ) . '</a>' ), &$recorded_blog, $name, $description ),
    291291                        'primary_link' => apply_filters( 'bp_blogs_activity_created_blog_primary_link', get_blog_option( $recorded_blog->blog_id, 'siteurl' ), $recorded_blog->blog_id ),
    292292                        'type' => 'new_blog',
    293293                        'item_id' => $recorded_blog->blog_id
  • bp-groups.php

     
    9999                        $bp->bp_options_title = $bp->groups->current_group->name;
    100100
    101101                        if ( !$bp->bp_options_avatar = bp_core_fetch_avatar( array( 'item_id' => $bp->groups->current_group->id, 'object' => 'group', 'type' => 'thumb', 'avatar_dir' => 'group-avatars', 'alt' => __( 'Group Avatar', 'buddypress' ) ) ) )
    102                                 $bp->bp_options_avatar = '<img src="' . attribute_escape( $group->avatar_full ) . '" class="avatar" alt="' . attribute_escape( $group->name ) . '" />';
     102                                $bp->bp_options_avatar = '<img src="' . esc_attr( $group->avatar_full ) . '" class="avatar" alt="' . esc_attr( $group->name ) . '" />';
    103103
    104104                        $group_link = $bp->root_domain . '/' . $bp->groups->slug . '/' . $bp->groups->current_group->slug . '/';
    105105
     
    225225                        $group = new BP_Groups_Group( $group_id );
    226226
    227227                        groups_record_activity( array(
    228                                 'action' => apply_filters( 'groups_activity_accepted_invite_action', sprintf( __( '%1$s joined the group %2$s', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $group ) . '">' . attribute_escape( $group->name ) . '</a>' ), $bp->loggedin_user->id, &$group ),
     228                                'action' => apply_filters( 'groups_activity_accepted_invite_action', sprintf( __( '%1$s joined the group %2$s', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $group ) . '">' . esc_attr( $group->name ) . '</a>' ), $bp->loggedin_user->id, &$group ),
    229229                                'type' => 'joined_group',
    230230                                'item_id' => $group->id
    231231                        ) );
     
    10471047
    10481048                        /* Once we compelete all steps, record the group creation in the activity stream. */
    10491049                        groups_record_activity( array(
    1050                                 'action' => apply_filters( 'groups_activity_created_group_action', sprintf( __( '%1$s created the group %2$s', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' ) ),
     1050                                'action' => apply_filters( 'groups_activity_created_group_action', sprintf( __( '%1$s created the group %2$s', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ) ),
    10511051                                'type' => 'created_group',
    10521052                                'item_id' => $bp->groups->new_group_id
    10531053                        ) );
     
    16201620
    16211621        /* Record this in activity streams */
    16221622        groups_record_activity( array(
    1623                 'action' => apply_filters( 'groups_activity_joined_group', sprintf( __( '%1$s joined the group %2$s', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' ) ),
     1623                'action' => apply_filters( 'groups_activity_joined_group', sprintf( __( '%1$s joined the group %2$s', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ) ),
    16241624                'type' => 'joined_group',
    16251625                'item_id' => $group_id
    16261626        ) );
     
    17751775                return false;
    17761776
    17771777        /* Record this in activity streams */
    1778         $activity_action = sprintf( __( '%1$s posted an update in the group %2$s:', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );
     1778        $activity_action = sprintf( __( '%1$s posted an update in the group %2$s:', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' );
    17791779        $activity_content = $content;
    17801780
    17811781        $activity_id = groups_record_activity( array(
     
    18281828        if ( $post_id = bp_forums_insert_post( array( 'post_text' => $post_text, 'topic_id' => $topic_id ) ) ) {
    18291829                $topic = bp_forums_get_topic_details( $topic_id );
    18301830
    1831                 $activity_action = sprintf( __( '%1$s posted on the forum topic %2$s in the group %3$s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );
     1831                $activity_action = sprintf( __( '%1$s posted on the forum topic %2$s in the group %3$s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . esc_attr( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' );
    18321832                $activity_content = bp_create_excerpt( $post_text );
    18331833                $primary_link = bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug . '/';
    18341834
     
    18671867        if ( $topic_id = bp_forums_new_topic( array( 'topic_title' => $topic_title, 'topic_text' => $topic_text, 'topic_tags' => $topic_tags, 'forum_id' => $forum_id ) ) ) {
    18681868                $topic = bp_forums_get_topic_details( $topic_id );
    18691869
    1870                 $activity_action = sprintf( __( '%1$s started the forum topic %2$s in the group %3$s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );
     1870                $activity_action = sprintf( __( '%1$s started the forum topic %2$s in the group %3$s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . esc_attr( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' );
    18711871                $activity_content = bp_create_excerpt( $topic_text );
    18721872
    18731873                /* Record this in activity streams */
     
    18991899                if ( function_exists( 'bp_activity_delete_by_item_id' ) )
    19001900                        bp_activity_delete_by_item_id( array( 'item_id' => $bp->groups->current_group->id, 'secondary_item_id' => $topic_id, 'component' => $bp->groups->id, 'type' => 'new_forum_topic' ) );
    19011901
    1902                 $activity_action = sprintf( __( '%1$s started the forum topic %2$s in the group %3$s:', 'buddypress'), bp_core_get_userlink( $topic->topic_poster ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );
     1902                $activity_action = sprintf( __( '%1$s started the forum topic %2$s in the group %3$s:', 'buddypress'), bp_core_get_userlink( $topic->topic_poster ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . esc_attr( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' );
    19031903                $activity_content = bp_create_excerpt( $topic_text );
    19041904
    19051905                /* Record this in activity streams */
     
    19331933        if ( $post_id = bp_forums_insert_post( array( 'post_id' => $post_id, 'post_text' => $post_text, 'post_time' => $post->post_time, 'topic_id' => $topic_id, 'poster_id' => $post->poster_id ) ) ) {
    19341934                $topic = bp_forums_get_topic_details( $topic_id );
    19351935
    1936                 $activity_action = sprintf( __( '%1$s posted on the forum topic %2$s in the group %3$s:', 'buddypress'), bp_core_get_userlink( $post->poster_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );
     1936                $activity_action = sprintf( __( '%1$s posted on the forum topic %2$s in the group %3$s:', 'buddypress'), bp_core_get_userlink( $post->poster_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'">' . esc_attr( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' );
    19371937                $activity_content = bp_create_excerpt( $post_text );
    19381938                $primary_link = bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug . '/';
    19391939
     
    22542254        $group = new BP_Groups_Group( $group_id );
    22552255
    22562256        groups_record_activity( array(
    2257                 'action' => apply_filters( 'groups_activity_membership_accepted_action', sprintf( __( '%1$s joined the group %2$s', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $group ) . '">' . attribute_escape( $group->name ) . '</a>' ), $user_id, &$group ),
     2257                'action' => apply_filters( 'groups_activity_membership_accepted_action', sprintf( __( '%1$s joined the group %2$s', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $group ) . '">' . esc_attr( $group->name ) . '</a>' ), $user_id, &$group ),
    22582258                'type' => 'joined_group',
    22592259                'item_id' => $group->id,
    22602260                'user_id' => $user_id
  • bp-blogs/bp-blogs-widgets.php

     
    8080                $max_posts = strip_tags( $instance['max_posts'] );
    8181                ?>
    8282
    83                 <p><label for="bp-blogs-widget-posts-max"><?php _e('Max posts to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_posts' ); ?>" name="<?php echo $this->get_field_name( 'max_posts' ); ?>" type="text" value="<?php echo attribute_escape( $max_posts ); ?>" style="width: 30%" /></label></p>
     83                <p><label for="bp-blogs-widget-posts-max"><?php _e('Max posts to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_posts' ); ?>" name="<?php echo $this->get_field_name( 'max_posts' ); ?>" type="text" value="<?php echo esc_attr( $max_posts ); ?>" style="width: 30%" /></label></p>
    8484        <?php
    8585        }
    8686}
  • bp-blogs/bp-blogs-templatetags.php

     
    266266
    267267function bp_blog_hidden_fields() {
    268268        if ( isset( $_REQUEST['s'] ) ) {
    269                 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['s'] ). '" name="search_terms" />';
     269                echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['s'] ). '" name="search_terms" />';
    270270        }
    271271
    272272        if ( isset( $_REQUEST['letter'] ) ) {
    273                 echo '<input type="hidden" id="selected_letter" value="' . attribute_escape( $_REQUEST['letter'] ) . '" name="selected_letter" />';
     273                echo '<input type="hidden" id="selected_letter" value="' . esc_attr( $_REQUEST['letter'] ) . '" name="selected_letter" />';
    274274        }
    275275
    276276        if ( isset( $_REQUEST['blogs_search'] ) ) {
    277                 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['blogs_search'] ) . '" name="search_terms" />';
     277                echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['blogs_search'] ) . '" name="search_terms" />';
    278278        }
    279279}
    280280
  • bp-forums/bp-forums-filters.php

     
    22
    33/* Apply WordPress defined filters */
    44add_filter( 'bp_forums_bbconfig_location', 'wp_filter_kses', 1 );
    5 add_filter( 'bp_forums_bbconfig_location', 'attribute_escape', 1 );
     5add_filter( 'bp_forums_bbconfig_location', 'esc_attr', 1 );
    66
    77add_filter( 'bp_get_the_topic_title', 'wp_filter_kses', 1 );
    88add_filter( 'bp_get_the_topic_latest_post_excerpt', 'bp_forums_filter_kses', 1 );
  • bp-forums/bp-forums-templatetags.php

     
    253253                global $forum_template;
    254254
    255255                $post = bb_get_first_post( (int)$forum_template->topic->topic_id, false );
    256                 return apply_filters( 'bp_get_the_topic_text', attribute_escape( $post->post_text ) );
     256                return apply_filters( 'bp_get_the_topic_text', esc_attr( $post->post_text ) );
    257257        }
    258258
    259259function bp_the_topic_poster_id() {
     
    937937                global $bp;
    938938
    939939                $post = bp_forums_get_post( $bp->action_variables[4] );
    940                 return apply_filters( 'bp_get_the_topic_post_edit_text', attribute_escape( $post->post_text ) );
     940                return apply_filters( 'bp_get_the_topic_post_edit_text', esc_attr( $post->post_text ) );
    941941        }
    942942
    943943function bp_the_topic_pagination() {
     
    979979
    980980?>
    981981        <form action="" method="get" id="search-forums-form">
    982                 <label><input type="text" name="s" id="forums_search" value="<?php echo attribute_escape($search_value) ?>"  onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
     982                <label><input type="text" name="s" id="forums_search" value="<?php echo esc_attr($search_value) ?>"  onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
    983983                <input type="submit" id="forums_search_submit" name="forums_search_submit" value="<?php _e( 'Search', 'buddypress' ) ?>" />
    984984        </form>
    985985<?php
     
    10271027        function bp_get_forum_action() {
    10281028                global $topic_template;
    10291029
    1030                 return apply_filters( 'bp_get_forum_action', $bp->root_domain . attribute_escape( $_SERVER['REQUEST_URI'] ) );
     1030                return apply_filters( 'bp_get_forum_action', $bp->root_domain . esc_attr( $_SERVER['REQUEST_URI'] ) );
    10311031        }
    10321032
    10331033function bp_forum_topic_action() {
     
    10361036        function bp_get_forum_topic_action() {
    10371037                global $bp;
    10381038
    1039                 return apply_filters( 'bp_get_forum_topic_action', $bp->root_domain . attribute_escape( $_SERVER['REQUEST_URI'] ) );
     1039                return apply_filters( 'bp_get_forum_topic_action', $bp->root_domain . esc_attr( $_SERVER['REQUEST_URI'] ) );
    10401040        }
    10411041
    10421042function bp_forum_topic_count_for_user( $user_id = false ) {
  • bp-core.php

     
    13051305                $type = ( 'success' == $bp->template_message_type ) ? 'updated' : 'error';
    13061306        ?>
    13071307                <div id="message" class="<?php echo $type; ?>">
    1308                         <p><?php echo stripslashes( attribute_escape( $bp->template_message ) ); ?></p>
     1308                        <p><?php echo stripslashes( esc_attr( $bp->template_message ) ); ?></p>
    13091309                </div>
    13101310        <?php
    13111311                do_action( 'bp_core_render_message' );
  • bp-xprofile.php

     
    132132                <a href=""><?php _e( 'Admin Options', 'buddypress' ) ?></a>
    133133
    134134                <ul>
    135                         <li><a href="<?php echo $bp->displayed_user->domain . $bp->profile->slug ?>/edit/"><?php printf( __( "Edit %s's Profile", 'buddypress' ), attribute_escape( $bp->displayed_user->fullname ) ) ?></a></li>
    136                         <li><a href="<?php echo $bp->displayed_user->domain . $bp->profile->slug ?>/change-avatar/"><?php printf( __( "Edit %s's Avatar", 'buddypress' ), attribute_escape( $bp->displayed_user->fullname ) ) ?></a></li>
     135                        <li><a href="<?php echo $bp->displayed_user->domain . $bp->profile->slug ?>/edit/"><?php printf( __( "Edit %s's Profile", 'buddypress' ), esc_attr( $bp->displayed_user->fullname ) ) ?></a></li>
     136                        <li><a href="<?php echo $bp->displayed_user->domain . $bp->profile->slug ?>/change-avatar/"><?php printf( __( "Edit %s's Avatar", 'buddypress' ), esc_attr( $bp->displayed_user->fullname ) ) ?></a></li>
    137137<?php if ( !bp_core_is_user_spammer( $bp->displayed_user->id ) ) : ?>
    138138
    139139                        <li><a href="<?php echo wp_nonce_url( $bp->displayed_user->domain . 'admin/mark-spammer/', 'mark-unmark-spammer' ) ?>" class="confirm"><?php _e( "Mark as Spammer", 'buddypress' ) ?></a></li>
     
    142142                        <li><a href="<?php echo wp_nonce_url( $bp->displayed_user->domain . 'admin/unmark-spammer/', 'mark-unmark-spammer' ) ?>" class="confirm"><?php _e( "Not a Spammer", 'buddypress' ) ?></a></li>
    143143<?php endif; ?>
    144144
    145                         <li><a href="<?php echo wp_nonce_url( $bp->displayed_user->domain . 'admin/delete-user/', 'delete-user' ) ?>" class="confirm"><?php printf( __( "Delete %s", 'buddypress' ), attribute_escape( $bp->displayed_user->fullname ) ) ?></a></li>
     145                        <li><a href="<?php echo wp_nonce_url( $bp->displayed_user->domain . 'admin/delete-user/', 'delete-user' ) ?>" class="confirm"><?php printf( __( "Delete %s", 'buddypress' ), esc_attr( $bp->displayed_user->fullname ) ) ?></a></li>
    146146<?php do_action( 'xprofile_adminbar_menu_items' ) ?>
    147147
    148148                </ul>
  • bp-groups/bp-groups-classes.php

     
    10011001
    10021002                                /* When we are viewing the extension display page, set the title and options title */
    10031003                                if ( $bp->current_component == $bp->groups->slug && $bp->is_single_item && $bp->current_action == $this->slug ) {
    1004                                         add_action( 'bp_template_content_header', create_function( '', 'echo "' . attribute_escape( $this->name ) . '";' ) );
    1005                                         add_action( 'bp_template_title', create_function( '', 'echo "' . attribute_escape( $this->name ) . '";' ) );
     1004                                        add_action( 'bp_template_content_header', create_function( '', 'echo "' . esc_attr( $this->name ) . '";' ) );
     1005                                        add_action( 'bp_template_title', create_function( '', 'echo "' . esc_attr( $this->name ) . '";' ) );
    10061006                                }
    10071007                        }
    10081008
     
    10241024
    10251025                /* Construct the admin edit tab for the new group extension */
    10261026                if ( $this->enable_edit_item ) {
    1027                         add_action( 'groups_admin_tabs', create_function( '$current, $group_slug', 'if ( "' . attribute_escape( $this->slug ) . '" == $current ) $selected = " class=\"current\""; echo "<li{$selected}><a href=\"' . $bp->root_domain . '/' . $bp->groups->slug . '/{$group_slug}/admin/' . attribute_escape( $this->slug ) . '\">' . attribute_escape( $this->name ) . '</a></li>";' ), 10, 2 );
     1027                        add_action( 'groups_admin_tabs', create_function( '$current, $group_slug', 'if ( "' . esc_attr( $this->slug ) . '" == $current ) $selected = " class=\"current\""; echo "<li{$selected}><a href=\"' . $bp->root_domain . '/' . $bp->groups->slug . '/{$group_slug}/admin/' . esc_attr( $this->slug ) . '\">' . esc_attr( $this->name ) . '</a></li>";' ), 10, 2 );
    10281028
    10291029                        /* Catch the edit screen and forward it to the plugin template */
    10301030                        if ( $bp->current_component == $bp->groups->slug && 'admin' == $bp->current_action && $this->slug == $bp->action_variables[0] ) {
  • bp-groups/bp-groups-widgets.php

     
    5050                                <?php endwhile; ?>
    5151                        </ul>
    5252                        <?php wp_nonce_field( 'groups_widget_groups_list', '_wpnonce-groups' ); ?>
    53                         <input type="hidden" name="groups_widget_max" id="groups_widget_max" value="<?php echo attribute_escape( $instance['max_groups'] ); ?>" />
     53                        <input type="hidden" name="groups_widget_max" id="groups_widget_max" value="<?php echo esc_attr( $instance['max_groups'] ); ?>" />
    5454
    5555                <?php else: ?>
    5656
     
    7676                $max_groups = strip_tags( $instance['max_groups'] );
    7777                ?>
    7878
    79                 <p><label for="bp-groups-widget-groups-max"><?php _e('Max groups to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_groups' ); ?>" name="<?php echo $this->get_field_name( 'max_groups' ); ?>" type="text" value="<?php echo attribute_escape( $max_groups ); ?>" style="width: 30%" /></label></p>
     79                <p><label for="bp-groups-widget-groups-max"><?php _e('Max groups to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_groups' ); ?>" name="<?php echo $this->get_field_name( 'max_groups' ); ?>" type="text" value="<?php echo esc_attr( $max_groups ); ?>" style="width: 30%" /></label></p>
    8080        <?php
    8181        }
    8282}
     
    129129                        <?php endwhile; ?>
    130130                </ul>
    131131                <?php wp_nonce_field( 'groups_widget_groups_list', '_wpnonce-groups' ); ?>
    132                 <input type="hidden" name="groups_widget_max" id="groups_widget_max" value="<?php echo attribute_escape( $_POST['max_groups'] ); ?>" />
     132                <input type="hidden" name="groups_widget_max" id="groups_widget_max" value="<?php echo esc_attr( $_POST['max_groups'] ); ?>" />
    133133
    134134        <?php else: ?>
    135135
  • bp-groups/bp-groups-templatetags.php

     
    285285
    286286                /* Fetch the avatar from the folder, if not provide backwards compat. */
    287287                if ( !$avatar = bp_core_fetch_avatar( array( 'item_id' => $groups_template->group->id, 'object' => 'group', 'type' => $type, 'avatar_dir' => 'group-avatars', 'alt' => $alt, 'css_id' => $id, 'class' => $class, 'width' => $width, 'height' => $height ) ) )
    288                         $avatar = '<img src="' . attribute_escape( $groups_template->group->avatar_thumb ) . '" class="avatar" alt="' . attribute_escape( $groups_template->group->name ) . '" />';
     288                        $avatar = '<img src="' . esc_attr( $groups_template->group->avatar_thumb ) . '" class="avatar" alt="' . esc_attr( $groups_template->group->name ) . '" />';
    289289
    290290                return apply_filters( 'bp_get_group_avatar', $avatar );
    291291        }
     
    11171117
    11181118function bp_group_hidden_fields() {
    11191119        if ( isset( $_REQUEST['s'] ) ) {
    1120                 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['s'] ) . '" name="search_terms" />';
     1120                echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['s'] ) . '" name="search_terms" />';
    11211121        }
    11221122
    11231123        if ( isset( $_REQUEST['letter'] ) ) {
    1124                 echo '<input type="hidden" id="selected_letter" value="' . attribute_escape( $_REQUEST['letter'] ) . '" name="selected_letter" />';
     1124                echo '<input type="hidden" id="selected_letter" value="' . esc_attr( $_REQUEST['letter'] ) . '" name="selected_letter" />';
    11251125        }
    11261126
    11271127        if ( isset( $_REQUEST['groups_search'] ) ) {
    1128                 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['groups_search'] ) . '" name="search_terms" />';
     1128                echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['groups_search'] ) . '" name="search_terms" />';
    11291129        }
    11301130}
    11311131
     
    16721672                                        }
    16731673                                }
    16741674
    1675                                 $items[] = '<' . $separator . '><input' . $checked . ' type="checkbox" name="friends[]" id="f-' . $friends[$i]['id'] . '" value="' . attribute_escape( $friends[$i]['id'] ) . '" /> ' . $friends[$i]['full_name'] . '</' . $separator . '>';
     1675                                $items[] = '<' . $separator . '><input' . $checked . ' type="checkbox" name="friends[]" id="f-' . $friends[$i]['id'] . '" value="' . esc_attr( $friends[$i]['id'] ) . '" /> ' . $friends[$i]['full_name'] . '</' . $separator . '>';
    16761676                        }
    16771677                }
    16781678
     
    16881688
    16891689?>
    16901690        <form action="" method="get" id="search-groups-form">
    1691                 <label><input type="text" name="s" id="groups_search" value="<?php echo attribute_escape($search_value) ?>"  onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
     1691                <label><input type="text" name="s" id="groups_search" value="<?php echo esc_attr($search_value) ?>"  onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
    16921692                <input type="submit" id="groups_search_submit" name="groups_search_submit" value="<?php _e( 'Search', 'buddypress' ) ?>" />
    16931693        </form>
    16941694<?php
     
    17551755        global $bp;
    17561756
    17571757        if ( $bp->groups->current_group->avatar_full ) { ?>
    1758                 <img src="<?php echo attribute_escape( $bp->groups->current_group->avatar_full ) ?>" alt="<?php _e( 'Group Avatar', 'buddypress' ) ?>" class="avatar" />
     1758                <img src="<?php echo esc_attr( $bp->groups->current_group->avatar_full ) ?>" alt="<?php _e( 'Group Avatar', 'buddypress' ) ?>" class="avatar" />
    17591759        <?php } else { ?>
    17601760                <img src="<?php echo $bp->groups->image_base . '/none.gif' ?>" alt="<?php _e( 'No Group Avatar', 'buddypress' ) ?>" class="avatar" />
    17611761        <?php }