Ticket #1728: 1728.003.diff
File 1728.003.diff, 54.2 KB (added by , 14 years ago) |
---|
-
bp-themes/bp-default/sidebar.php
39 39 40 40 <form name="login-form" id="sidebar-login-form" class="standard-form" action="<?php echo site_url( 'wp-login.php', 'login_post' ) ?>" method="post"> 41 41 <label><?php _e( 'Username', 'buddypress' ) ?><br /> 42 <input type="text" name="log" id="sidebar-user-login" class="input" value="<?php echo attribute_escape(stripslashes($user_login)); ?>" /></label>42 <input type="text" name="log" id="sidebar-user-login" class="input" value="<?php echo esc_attr(stripslashes($user_login)); ?>" /></label> 43 43 44 44 <label><?php _e( 'Password', 'buddypress' ) ?><br /> 45 45 <input type="password" name="pwd" id="sidebar-user-pass" class="input" value="" /></label> -
bp-themes/bp-default/_inc/ajax.php
188 188 189 189 <div class="acomment-meta"> 190 190 <?php echo bp_core_get_userlink( bp_get_activity_user_id() ) ?> · <?php printf( __( '%s ago', 'buddypress' ), bp_core_time_since( gmdate( "Y-m-d H:i:s" ) ) ) ?> · 191 <a class="acomment-reply" href="#acomment-<?php bp_activity_id() ?>" id="acomment-reply-<?php echo attribute_escape( $_POST['form_id'] ) ?>"><?php _e( 'Reply', 'buddypress' ) ?></a>191 <a class="acomment-reply" href="#acomment-<?php bp_activity_id() ?>" id="acomment-reply-<?php echo esc_attr( $_POST['form_id'] ) ?>"><?php _e( 'Reply', 'buddypress' ) ?></a> 192 192 · <a href="<?php echo wp_nonce_url( $bp->root_domain . '/' . $bp->activity->slug . '/delete/' . bp_get_activity_id() . '?cid=' . $comment_id, 'bp_activity_delete_link' ) ?>" class="delete acomment-delete confirm"><?php _e( 'Delete', 'buddypress' ) ?></a> 193 193 </div> 194 194 … … 312 312 echo '<h4>' . $user->user_link . '</h4>'; 313 313 echo '<span class="activity">' . esc_attr( $user->last_active ) . '</span>'; 314 314 echo '<div class="action"> 315 <a class="remove" href="' . wp_nonce_url( $bp->loggedin_user->domain . $bp->groups->slug . '/' . $_POST['group_id'] . '/invites/remove/' . $user->id, 'groups_invite_uninvite_user' ) . '" id="uid-' . attribute_escape( $user->id ) . '">' . __( 'Remove Invite', 'buddypress' ) . '</a>315 <a class="remove" href="' . wp_nonce_url( $bp->loggedin_user->domain . $bp->groups->slug . '/' . $_POST['group_id'] . '/invites/remove/' . $user->id, 'groups_invite_uninvite_user' ) . '" id="uid-' . esc_attr( $user->id ) . '">' . __( 'Remove Invite', 'buddypress' ) . '</a> 316 316 </div>'; 317 317 echo '</li>'; 318 318 … … 404 404 if ( !groups_join_group( $group->id ) ) { 405 405 _e( 'Error joining group', 'buddypress' ); 406 406 } else { 407 echo '<a id="group-' . attribute_escape( $group->id ) . '" class="leave-group" rel="leave" title="' . __( 'Leave Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'leave-group', 'groups_leave_group' ) . '">' . __( 'Leave Group', 'buddypress' ) . '</a>';407 echo '<a id="group-' . esc_attr( $group->id ) . '" class="leave-group" rel="leave" title="' . __( 'Leave Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'leave-group', 'groups_leave_group' ) . '">' . __( 'Leave Group', 'buddypress' ) . '</a>'; 408 408 } 409 409 410 410 } else if ( 'private' == $group->status ) { … … 414 414 if ( !groups_send_membership_request( $bp->loggedin_user->id, $group->id ) ) { 415 415 _e( 'Error requesting membership', 'buddypress' ); 416 416 } else { 417 echo '<a id="group-' . attribute_escape( $group->id ) . '" class="membership-requested" rel="membership-requested" title="' . __( 'Membership Requested', 'buddypress' ) . '" href="' . bp_get_group_permalink( $group ) . '">' . __( 'Membership Requested', 'buddypress' ) . '</a>';417 echo '<a id="group-' . esc_attr( $group->id ) . '" class="membership-requested" rel="membership-requested" title="' . __( 'Membership Requested', 'buddypress' ) . '" href="' . bp_get_group_permalink( $group ) . '">' . __( 'Membership Requested', 'buddypress' ) . '</a>'; 418 418 } 419 419 } 420 420 … … 426 426 _e( 'Error leaving group', 'buddypress' ); 427 427 } else { 428 428 if ( 'public' == $group->status ) { 429 echo '<a id="group-' . attribute_escape( $group->id ) . '" class="join-group" rel="join" title="' . __( 'Join Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'join', 'groups_join_group' ) . '">' . __( 'Join Group', 'buddypress' ) . '</a>';429 echo '<a id="group-' . esc_attr( $group->id ) . '" class="join-group" rel="join" title="' . __( 'Join Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'join', 'groups_join_group' ) . '">' . __( 'Join Group', 'buddypress' ) . '</a>'; 430 430 } else if ( 'private' == $group->status ) { 431 echo '<a id="group-' . attribute_escape( $group->id ) . '" class="request-membership" rel="join" title="' . __( 'Request Membership', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'request-membership', 'groups_send_membership_request' ) . '">' . __( 'Request Membership', 'buddypress' ) . '</a>';431 echo '<a id="group-' . esc_attr( $group->id ) . '" class="request-membership" rel="join" title="' . __( 'Request Membership', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'request-membership', 'groups_send_membership_request' ) . '">' . __( 'Request Membership', 'buddypress' ) . '</a>'; 432 432 } 433 433 } 434 434 } -
bp-core/bp-core-widgets.php
52 52 <?php endwhile; ?> 53 53 </ul> 54 54 <?php wp_nonce_field( 'bp_core_widget_members', '_wpnonce-members' ); ?> 55 <input type="hidden" name="members_widget_max" id="members_widget_max" value="<?php echo attribute_escape( $instance['max_members'] ); ?>" />55 <input type="hidden" name="members_widget_max" id="members_widget_max" value="<?php echo esc_attr( $instance['max_members'] ); ?>" /> 56 56 57 57 <?php else: ?> 58 58 … … 78 78 $max_members = strip_tags( $instance['max_members'] ); 79 79 ?> 80 80 81 <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo attribute_escape( $max_members ); ?>" style="width: 30%" /></label></p>81 <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" /></label></p> 82 82 <?php 83 83 } 84 84 } … … 132 132 $max_members = strip_tags( $instance['max_members'] ); 133 133 ?> 134 134 135 <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo attribute_escape( $max_members ); ?>" style="width: 30%" /></label></p>135 <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" /></label></p> 136 136 <?php 137 137 } 138 138 } … … 186 186 $max_members = strip_tags( $instance['max_members'] ); 187 187 ?> 188 188 189 <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo attribute_escape( $max_members ); ?>" style="width: 30%" /></label></p>189 <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" /></label></p> 190 190 <?php 191 191 } 192 192 } -
bp-core/bp-core-templatetags.php
325 325 function bp_get_member_registered() { 326 326 global $members_template; 327 327 328 $registered = attribute_escape( bp_core_get_last_activity( $members_template->member->user_registered, __( 'registered %s ago', 'buddypress' ) ) );328 $registered = esc_attr( bp_core_get_last_activity( $members_template->member->user_registered, __( 'registered %s ago', 'buddypress' ) ) ); 329 329 330 330 return apply_filters( 'bp_member_last_active', $registered ); 331 331 } … … 369 369 370 370 function bp_member_hidden_fields() { 371 371 if ( isset( $_REQUEST['s'] ) ) { 372 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['s'] ) . '" name="search_terms" />';372 echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['s'] ) . '" name="search_terms" />'; 373 373 } 374 374 375 375 if ( isset( $_REQUEST['letter'] ) ) { 376 echo '<input type="hidden" id="selected_letter" value="' . attribute_escape( $_REQUEST['letter'] ) . '" name="selected_letter" />';376 echo '<input type="hidden" id="selected_letter" value="' . esc_attr( $_REQUEST['letter'] ) . '" name="selected_letter" />'; 377 377 } 378 378 379 379 if ( isset( $_REQUEST['members_search'] ) ) { 380 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['members_search'] ) . '" name="search_terms" />';380 echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['members_search'] ) . '" name="search_terms" />'; 381 381 } 382 382 } 383 383 … … 390 390 391 391 ?> 392 392 <form action="" method="get" id="search-members-form"> 393 <label><input type="text" name="s" id="members_search" value="<?php echo attribute_escape( $search_value ) ?>" onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>393 <label><input type="text" name="s" id="members_search" value="<?php echo esc_attr( $search_value ) ?>" onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label> 394 394 <input type="submit" id="members_search_submit" name="members_search_submit" value="<?php _e( 'Search', 'buddypress' ) ?>" /> 395 395 </form> 396 396 <?php … … 541 541 if ( empty( $bp->bp_options_title ) ) 542 542 $bp->bp_options_title = __( 'Options', 'buddypress' ); 543 543 544 echo apply_filters( 'bp_get_options_title', attribute_escape( $bp->bp_options_title ) );544 echo apply_filters( 'bp_get_options_title', esc_attr( $bp->bp_options_title ) ); 545 545 } 546 546 547 547 -
bp-core/bp-core-classes.php
60 60 61 61 if ( $this->profile_data ) { 62 62 $this->user_url = bp_core_get_user_domain( $this->id, $this->profile_data['user_nicename'], $this->profile_data['user_login'] ); 63 $this->fullname = attribute_escape( $this->profile_data[BP_XPROFILE_FULLNAME_FIELD_NAME]['field_data'] );63 $this->fullname = esc_attr( $this->profile_data[BP_XPROFILE_FULLNAME_FIELD_NAME]['field_data'] ); 64 64 $this->user_link = "<a href='{$this->user_url}' title='{$this->fullname}'>{$this->fullname}</a>"; 65 $this->email = attribute_escape( $this->profile_data['user_email'] );65 $this->email = esc_attr( $this->profile_data['user_email'] ); 66 66 } else { 67 67 $this->user_url = bp_core_get_user_domain( $this->id ); 68 68 $this->user_link = bp_core_get_userlink( $this->id ); 69 $this->fullname = attribute_escape( bp_core_get_user_displayname( $this->id ) );70 $this->email = attribute_escape( bp_core_get_user_email( $this->id ) );69 $this->fullname = esc_attr( bp_core_get_user_displayname( $this->id ) ); 70 $this->email = esc_attr( bp_core_get_user_email( $this->id ) ); 71 71 } 72 72 73 73 /* Cache a few things that are fetched often */ -
bp-core/bp-core-settings.php
87 87 88 88 <form action="<?php echo $bp->loggedin_user->domain . BP_SETTINGS_SLUG . '/general' ?>" method="post" class="standard-form" id="settings-form"> 89 89 <label for="email"><?php _e( 'Account Email', 'buddypress' ) ?></label> 90 <input type="text" name="email" id="email" value="<?php echo attribute_escape( $current_user->user_email ); ?>" class="settings-input" />90 <input type="text" name="email" id="email" value="<?php echo esc_attr( $current_user->user_email ); ?>" class="settings-input" /> 91 91 92 92 <label for="pass1"><?php _e( 'Change Password <span>(leave blank for no change)</span>', 'buddypress' ) ?></label> 93 93 <input type="password" name="pass1" id="pass1" size="16" value="" class="settings-input small" /> <?php _e( 'New Password', 'buddypress' ) ?><br /> -
bp-xprofile/bp-xprofile-admin.php
58 58 $type = ( $type == 'error' ) ? 'error' : 'updated'; ?> 59 59 60 60 <div id="message" class="<?php echo $type; ?> fade"> 61 <p><?php echo wp_specialchars( attribute_escape( $message ) ); ?></p>61 <p><?php echo wp_specialchars( esc_attr( $message ) ); ?></p> 62 62 </div> 63 63 <?php endif; ?> 64 64 … … 67 67 <?php 68 68 if ( $groups ) : 69 69 foreach ( $groups as $group ) { ?> 70 <li id="group_<?php echo $group->id; ?>"><a href="#tabs-<?php echo $group->id; ?>" class="ui-tab"><?php echo attribute_escape( $group->name ); ?><?php if ( !$group->can_delete ) : ?> <?php _e( '(Core)', 'buddypress'); endif; ?></a></li>70 <li id="group_<?php echo $group->id; ?>"><a href="#tabs-<?php echo $group->id; ?>" class="ui-tab"><?php echo esc_attr( $group->name ); ?><?php if ( !$group->can_delete ) : ?> <?php _e( '(Core)', 'buddypress'); endif; ?></a></li> 71 71 <?php } 72 72 endif; ?> 73 73 </ul> … … 75 75 <?php if ( $groups ) : 76 76 foreach ( $groups as $group ) { ?> 77 77 <noscript> 78 <h3><?php echo attribute_escape( $group->name ) ?></h3>78 <h3><?php echo esc_attr( $group->name ) ?></h3> 79 79 </noscript> 80 80 <div id="tabs-<?php echo $group->id; ?>" class="tab-wrapper"> 81 81 <div class="tab-toolbar"> 82 82 <div class="tab-toolbar-left"> 83 <a class="button" href="admin.php?page=bp-profile-setup&group_id=<?php echo attribute_escape( $group->id ); ?>&mode=add_field"><?php _e( 'Add New Field', 'buddypress' ); ?></a>84 <a class="button edit" href="admin.php?page=bp-profile-setup&mode=edit_group&group_id=<?php echo attribute_escape( $group->id ); ?>"><?php _e( 'Edit Group', 'buddypress' ); ?></a>83 <a class="button" href="admin.php?page=bp-profile-setup&group_id=<?php echo esc_attr( $group->id ); ?>&mode=add_field"><?php _e( 'Add New Field', 'buddypress' ); ?></a> 84 <a class="button edit" href="admin.php?page=bp-profile-setup&mode=edit_group&group_id=<?php echo esc_attr( $group->id ); ?>"><?php _e( 'Edit Group', 'buddypress' ); ?></a> 85 85 <?php if ( $group->can_delete ) : ?> 86 <a class="button delete" href="admin.php?page=bp-profile-setup&mode=delete_group&group_id=<?php echo attribute_escape( $group->id ); ?>"><?php _e( 'Delete Group', 'buddypress' ); ?></a>86 <a class="button delete" href="admin.php?page=bp-profile-setup&mode=delete_group&group_id=<?php echo esc_attr( $group->id ); ?>"><?php _e( 'Delete Group', 'buddypress' ); ?></a> 87 87 <?php endif; ?> 88 88 </div> 89 89 </div> 90 90 91 91 <fieldset id="<?php echo $group->id; ?>" class="connectedSortable field-group"> 92 92 <?php if( $group->description ) : ?> 93 <legend><?php echo attribute_escape( $group->description ) ?></legend>93 <legend><?php echo esc_attr( $group->description ) ?></legend> 94 94 <?php endif; 95 95 96 96 if ( $group->fields ) : … … 332 332 333 333 $field = $admin_field; 334 334 ?> 335 <fieldset id="field_<?php echo attribute_escape( $field->id ); ?>" class="sortable<?php echo ' ' . $field->type; if ( $class ) echo ' ' . $class; ?>">335 <fieldset id="field_<?php echo esc_attr( $field->id ); ?>" class="sortable<?php echo ' ' . $field->type; if ( $class ) echo ' ' . $class; ?>"> 336 336 <legend><?php bp_the_profile_field_name(); ?> <?php if( !$field->can_delete ) : ?> <?php _e( '(Core)', 'buddypress' ); endif; ?> <?php if ( bp_get_the_profile_field_is_required() ) : ?><?php _e( '(required)', 'buddypress' ) ?><?php endif; ?></legend> 337 337 <div class="field-wrapper"> 338 338 <?php … … 393 393 394 394 <?php } ?> 395 395 <div class="actions"> 396 <a class="button edit" href="admin.php?page=bp-profile-setup&group_id=<?php echo attribute_escape( $admin_group->id ); ?>&field_id=<?php echo attribute_escape( $field->id ); ?>&mode=edit_field"><?php _e( 'Edit', 'buddypress' ); ?></a>397 <?php if ( !$field->can_delete ) : ?> <?php else : ?><a class="button delete" href="admin.php?page=bp-profile-setup&field_id=<?php echo attribute_escape( $field->id ); ?>&mode=delete_field"><?php _e( 'Delete', 'buddypress' ); ?></a><?php endif; ?>396 <a class="button edit" href="admin.php?page=bp-profile-setup&group_id=<?php echo esc_attr( $admin_group->id ); ?>&field_id=<?php echo esc_attr( $field->id ); ?>&mode=edit_field"><?php _e( 'Edit', 'buddypress' ); ?></a> 397 <?php if ( !$field->can_delete ) : ?> <?php else : ?><a class="button delete" href="admin.php?page=bp-profile-setup&field_id=<?php echo esc_attr( $field->id ); ?>&mode=delete_field"><?php _e( 'Delete', 'buddypress' ); ?></a><?php endif; ?> 398 398 399 399 </div> 400 400 <?php if ( $field->description ) : ?> 401 <p class="description"><?php echo attribute_escape( $field->description ); ?></p>401 <p class="description"><?php echo esc_attr( $field->description ); ?></p> 402 402 <?php endif; ?> 403 403 </div> 404 404 </fieldset> -
bp-xprofile/bp-xprofile-templatetags.php
176 176 $css_classes = array(); 177 177 178 178 if ( $class ) 179 $css_classes[] = sanitize_title( attribute_escape( $class ) );179 $css_classes[] = sanitize_title( esc_attr( $class ) ); 180 180 181 181 /* Set a class with the field ID */ 182 182 $css_classes[] = 'field_' . $profile_template->field->id; … … 390 390 else 391 391 $selected = ''; 392 392 393 $html .= apply_filters( 'bp_get_the_profile_field_options_select', '<option' . $selected . ' value="' . attribute_escape( stripslashes( $options[$k]->name ) ) . '">' . attribute_escape( stripslashes( $options[$k]->name ) ) . '</option>', $options[$k] );393 $html .= apply_filters( 'bp_get_the_profile_field_options_select', '<option' . $selected . ' value="' . esc_attr( stripslashes( $options[$k]->name ) ) . '">' . esc_attr( stripslashes( $options[$k]->name ) ) . '</option>', $options[$k] ); 394 394 } 395 395 break; 396 396 … … 411 411 else 412 412 $selected = ''; 413 413 414 $html .= apply_filters( 'bp_get_the_profile_field_options_radio', '<label><input' . $selected . ' type="radio" name="field_' . $field->id . '" id="option_' . $options[$k]->id . '" value="' . attribute_escape( $options[$k]->name ) . '"> ' . attribute_escape( $options[$k]->name ) . '</label>', $options[$k] );414 $html .= apply_filters( 'bp_get_the_profile_field_options_radio', '<label><input' . $selected . ' type="radio" name="field_' . $field->id . '" id="option_' . $options[$k]->id . '" value="' . esc_attr( $options[$k]->name ) . '"> ' . esc_attr( $options[$k]->name ) . '</label>', $options[$k] ); 415 415 } 416 416 417 417 $html .= '</div>'; … … 436 436 } 437 437 } 438 438 439 $html .= apply_filters( 'bp_get_the_profile_field_options_checkbox', '<label><input' . $selected . ' type="checkbox" name="field_' . $field->id . '[]" id="field_' . $options[$k]->id . '_' . $k . '" value="' . attribute_escape( $options[$k]->name ) . '"> ' . attribute_escape( $options[$k]->name ) . '</label>', $options[$k] );439 $html .= apply_filters( 'bp_get_the_profile_field_options_checkbox', '<label><input' . $selected . ' type="checkbox" name="field_' . $field->id . '[]" id="field_' . $options[$k]->id . '_' . $k . '" value="' . esc_attr( $options[$k]->name ) . '"> ' . esc_attr( $options[$k]->name ) . '</label>', $options[$k] ); 440 440 $selected = ''; 441 441 } 442 442 break; … … 468 468 469 469 switch ( $type ) { 470 470 case 'day': 471 $html .= '<option value=""' . attribute_escape( $default_select ) . '>--</option>';471 $html .= '<option value=""' . esc_attr( $default_select ) . '>--</option>'; 472 472 473 473 for ( $i = 1; $i < 32; $i++ ) { 474 474 if ( $day == $i ) … … 489 489 __( 'October', 'buddypress' ), __( 'November', 'buddypress' ), __( 'December', 'buddypress' ) 490 490 ); 491 491 492 $html .= '<option value=""' . attribute_escape( $default_select ) . '>------</option>';492 $html .= '<option value=""' . esc_attr( $default_select ) . '>------</option>'; 493 493 494 494 for ( $i = 0; $i < 12; $i++ ) { 495 495 if ( $month == $eng_months[$i] ) … … 502 502 break; 503 503 504 504 case 'year': 505 $html .= '<option value=""' . attribute_escape( $default_select ) . '>----</option>';505 $html .= '<option value=""' . esc_attr( $default_select ) . '>----</option>'; 506 506 507 507 for ( $i = date( 'Y', time() ); $i > 1899; $i-- ) { 508 508 if ( $year == $i ) … … 575 575 $selected = ''; 576 576 577 577 if ( $groups[$i]->fields ) 578 echo '<li' . $selected . '><a href="' . $bp->displayed_user->domain . $bp->profile->slug . '/edit/group/' . $groups[$i]->id . '">' . attribute_escape( $groups[$i]->name ) . '</a></li>';578 echo '<li' . $selected . '><a href="' . $bp->displayed_user->domain . $bp->profile->slug . '/edit/group/' . $groups[$i]->id . '">' . esc_attr( $groups[$i]->name ) . '</a></li>'; 579 579 } 580 580 581 581 do_action( 'xprofile_profile_group_tabs' ); -
bp-xprofile/bp-xprofile-classes.php
201 201 </div> 202 202 <?php endif; ?> 203 203 <div id="poststuff"> 204 <form action="<?php echo attribute_escape( $action ); ?>" method="post">204 <form action="<?php echo esc_attr( $action ); ?>" method="post"> 205 205 <div id="titlediv"> 206 206 <h3><label for="group_name"><?php _e( "Field Group Title", 'buddypress') ?> *</label></h3> 207 207 <div id="titlewrap"> 208 <input type="text" name="group_name" id="title" value="<?php echo attribute_escape( $this->name ); ?>" style="width:50%" />208 <input type="text" name="group_name" id="title" value="<?php echo esc_attr( $this->name ); ?>" style="width:50%" /> 209 209 </div> 210 210 </div> 211 211 … … 219 219 <?php endif; ?> 220 220 221 221 <p class="submit"> 222 <input type="hidden" name="group_order" id="group_order" value="<?php echo attribute_escape( $this->group_order ); ?>" />223 <input type="submit" name="save_group" value="<?php echo attribute_escape( $button ); ?>" class="button-primary"/>222 <input type="hidden" name="group_order" id="group_order" value="<?php echo esc_attr( $this->group_order ); ?>" /> 223 <input type="submit" name="save_group" value="<?php echo esc_attr( $button ); ?>" class="button-primary"/> 224 224 <?php _e( 'or', 'buddypress' ); ?> <a href="admin.php?page=bp-profile-setup" class="deletion"><?php _e( 'Cancel', 'buddypress' ); ?></a> 225 225 </p> 226 226 </form> … … 546 546 $default_name = '[' . $j . ']'; 547 547 ?> 548 548 <p><?php _e('Option', 'buddypress'); ?> <?php echo $j; ?>: 549 <input type="text" name="<?php echo $type; ?>_option[<?php echo $j; ?>]" id="<?php echo $type; ?>_option<?php echo $j; ?>" value="<?php echo attribute_escape( $options[$i]->name ); ?>" />549 <input type="text" name="<?php echo $type; ?>_option[<?php echo $j; ?>]" id="<?php echo $type; ?>_option<?php echo $j; ?>" value="<?php echo esc_attr( $options[$i]->name ); ?>" /> 550 550 <input type="<?php echo $default_input; ?>" name="isDefault_<?php echo $type; ?>_option<?php echo $default_name; ?>" <?php if ( (int) $options[$i]->is_default_option ) {?> checked="checked"<?php } ?> " value="<?php echo $j; ?>" /> <?php _e( 'Default Value', 'buddypress' ); ?> 551 551 <?php 552 552 if ( $j != 1 && $options[$i]->id != -1 ) : ?> … … 609 609 <div id="titlediv"> 610 610 <h3><label for="title"><?php _e( 'Field Title', 'buddypress' ); ?> *</label></h3> 611 611 <div id="titlewrap"> 612 <input type="text" name="title" id="title" value="<?php echo attribute_escape( $this->name ); ?>" style="width:50%" />612 <input type="text" name="title" id="title" value="<?php echo esc_attr( $this->name ); ?>" style="width:50%" /> 613 613 </div> 614 614 </div> 615 615 <?php … … 649 649 <input type="hidden" name="fieldtype" id="fieldtype" value="textbox" /> 650 650 <?php } ?> 651 651 <p class="submit"> 652 <input type="hidden" name="field_order" id="field_order" value="<?php echo attribute_escape( $this->field_order ); ?>" />652 <input type="hidden" name="field_order" id="field_order" value="<?php echo esc_attr( $this->field_order ); ?>" /> 653 653 <input type="submit" value="<?php _e( 'Save', 'buddypress' ); ?>" name="saveField" id="saveField" style="font-weight: bold" class="button-primary" /> 654 654 <?php _e( 'or', 'buddypress' ); ?> <a href="admin.php?page=bp-profile-setup" class="deletion"><?php _e( 'Cancel', 'buddypress' ); ?></a> 655 655 </p> -
bp-friends/bp-friends-templatetags.php
108 108 <input type="search" name="friend-search-box" id="friend-search-box" value="<?php echo $value ?>"<?php echo $disabled ?> /> 109 109 110 110 <?php wp_nonce_field( 'friends_search', '_wpnonce_friend_search' ) ?> 111 <input type="hidden" name="initiator" id="initiator" value="<?php echo attribute_escape( $bp->displayed_user->id ) ?>" />111 <input type="hidden" name="initiator" id="initiator" value="<?php echo esc_attr( $bp->displayed_user->id ) ?>" /> 112 112 113 113 </form> 114 114 <?php -
bp-activity/bp-activity-templatetags.php
772 772 else 773 773 unset($selected); 774 774 775 $component = attribute_escape( $component );775 $component = esc_attr( $component ); 776 776 777 777 switch ( $style ) { 778 778 case 'list': … … 800 800 /* Make sure all core internal component names are translatable */ 801 801 $translatable_components = array( __( 'profile', 'buddypress'), __( 'friends', 'buddypress' ), __( 'groups', 'buddypress' ), __( 'status', 'buddypress' ), __( 'blogs', 'buddypress' ) ); 802 802 803 $component_links[] = $before . '<a href="' . attribute_escape( $link ) . '">' . ucwords( __( $component, 'buddypress' ) ) . '</a>' . $after;803 $component_links[] = $before . '<a href="' . esc_attr( $link ) . '">' . ucwords( __( $component, 'buddypress' ) ) . '</a>' . $after; 804 804 } 805 805 806 806 $link = remove_query_arg( 'afilter' , $link ); 807 807 808 808 if ( isset( $_GET['afilter'] ) ) 809 $component_links[] = '<' . $tag . ' id="afilter-clear"><a href="' . attribute_escape( $link ) . '"">' . __( 'Clear Filter', 'buddypress' ) . '</a></' . $tag . '>';809 $component_links[] = '<' . $tag . ' id="afilter-clear"><a href="' . esc_attr( $link ) . '"">' . __( 'Clear Filter', 'buddypress' ) . '</a></' . $tag . '>'; 810 810 811 811 return apply_filters( 'bp_get_activity_filter_links', implode( "\n", $component_links ) ); 812 812 } -
bp-blogs.php
287 287 /* Record this in activity streams */ 288 288 bp_blogs_record_activity( array( 289 289 'user_id' => $recorded_blog->user_id, 290 'action' => apply_filters( 'bp_blogs_activity_created_blog_action', sprintf( __( '%1$s created the blog %2$s', 'buddypress'), bp_core_get_userlink( $recorded_blog->user_id ), '<a href="' . get_blog_option( $recorded_blog->blog_id, 'siteurl' ) . '">' . attribute_escape( $name ) . '</a>' ), &$recorded_blog, $name, $description ),290 'action' => apply_filters( 'bp_blogs_activity_created_blog_action', sprintf( __( '%1$s created the blog %2$s', 'buddypress'), bp_core_get_userlink( $recorded_blog->user_id ), '<a href="' . get_blog_option( $recorded_blog->blog_id, 'siteurl' ) . '">' . esc_attr( $name ) . '</a>' ), &$recorded_blog, $name, $description ), 291 291 'primary_link' => apply_filters( 'bp_blogs_activity_created_blog_primary_link', get_blog_option( $recorded_blog->blog_id, 'siteurl' ), $recorded_blog->blog_id ), 292 292 'type' => 'new_blog', 293 293 'item_id' => $recorded_blog->blog_id -
bp-groups.php
99 99 $bp->bp_options_title = $bp->groups->current_group->name; 100 100 101 101 if ( !$bp->bp_options_avatar = bp_core_fetch_avatar( array( 'item_id' => $bp->groups->current_group->id, 'object' => 'group', 'type' => 'thumb', 'avatar_dir' => 'group-avatars', 'alt' => __( 'Group Avatar', 'buddypress' ) ) ) ) 102 $bp->bp_options_avatar = '<img src="' . attribute_escape( $group->avatar_full ) . '" class="avatar" alt="' . attribute_escape( $group->name ) . '" />';102 $bp->bp_options_avatar = '<img src="' . esc_attr( $group->avatar_full ) . '" class="avatar" alt="' . esc_attr( $group->name ) . '" />'; 103 103 104 104 $group_link = $bp->root_domain . '/' . $bp->groups->slug . '/' . $bp->groups->current_group->slug . '/'; 105 105 … … 225 225 $group = new BP_Groups_Group( $group_id ); 226 226 227 227 groups_record_activity( array( 228 'action' => apply_filters( 'groups_activity_accepted_invite_action', sprintf( __( '%1$s joined the group %2$s', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $group ) . '">' . attribute_escape( $group->name ) . '</a>' ), $bp->loggedin_user->id, &$group ),228 'action' => apply_filters( 'groups_activity_accepted_invite_action', sprintf( __( '%1$s joined the group %2$s', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $group ) . '">' . esc_attr( $group->name ) . '</a>' ), $bp->loggedin_user->id, &$group ), 229 229 'type' => 'joined_group', 230 230 'item_id' => $group->id 231 231 ) ); … … 1047 1047 1048 1048 /* Once we compelete all steps, record the group creation in the activity stream. */ 1049 1049 groups_record_activity( array( 1050 'action' => apply_filters( 'groups_activity_created_group_action', sprintf( __( '%1$s created the group %2$s', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' ) ),1050 'action' => apply_filters( 'groups_activity_created_group_action', sprintf( __( '%1$s created the group %2$s', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ) ), 1051 1051 'type' => 'created_group', 1052 1052 'item_id' => $bp->groups->new_group_id 1053 1053 ) ); … … 1620 1620 1621 1621 /* Record this in activity streams */ 1622 1622 groups_record_activity( array( 1623 'action' => apply_filters( 'groups_activity_joined_group', sprintf( __( '%1$s joined the group %2$s', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' ) ),1623 'action' => apply_filters( 'groups_activity_joined_group', sprintf( __( '%1$s joined the group %2$s', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ) ), 1624 1624 'type' => 'joined_group', 1625 1625 'item_id' => $group_id 1626 1626 ) ); … … 1775 1775 return false; 1776 1776 1777 1777 /* Record this in activity streams */ 1778 $activity_action = sprintf( __( '%1$s posted an update in the group %2$s:', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );1778 $activity_action = sprintf( __( '%1$s posted an update in the group %2$s:', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ); 1779 1779 $activity_content = $content; 1780 1780 1781 1781 $activity_id = groups_record_activity( array( … … 1828 1828 if ( $post_id = bp_forums_insert_post( array( 'post_text' => $post_text, 'topic_id' => $topic_id ) ) ) { 1829 1829 $topic = bp_forums_get_topic_details( $topic_id ); 1830 1830 1831 $activity_action = sprintf( __( '%1$s posted on the forum topic %2$s in the group %3$s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );1831 $activity_action = sprintf( __( '%1$s posted on the forum topic %2$s in the group %3$s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . esc_attr( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ); 1832 1832 $activity_content = bp_create_excerpt( $post_text ); 1833 1833 $primary_link = bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug . '/'; 1834 1834 … … 1867 1867 if ( $topic_id = bp_forums_new_topic( array( 'topic_title' => $topic_title, 'topic_text' => $topic_text, 'topic_tags' => $topic_tags, 'forum_id' => $forum_id ) ) ) { 1868 1868 $topic = bp_forums_get_topic_details( $topic_id ); 1869 1869 1870 $activity_action = sprintf( __( '%1$s started the forum topic %2$s in the group %3$s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );1870 $activity_action = sprintf( __( '%1$s started the forum topic %2$s in the group %3$s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . esc_attr( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ); 1871 1871 $activity_content = bp_create_excerpt( $topic_text ); 1872 1872 1873 1873 /* Record this in activity streams */ … … 1899 1899 if ( function_exists( 'bp_activity_delete_by_item_id' ) ) 1900 1900 bp_activity_delete_by_item_id( array( 'item_id' => $bp->groups->current_group->id, 'secondary_item_id' => $topic_id, 'component' => $bp->groups->id, 'type' => 'new_forum_topic' ) ); 1901 1901 1902 $activity_action = sprintf( __( '%1$s started the forum topic %2$s in the group %3$s:', 'buddypress'), bp_core_get_userlink( $topic->topic_poster ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );1902 $activity_action = sprintf( __( '%1$s started the forum topic %2$s in the group %3$s:', 'buddypress'), bp_core_get_userlink( $topic->topic_poster ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . esc_attr( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ); 1903 1903 $activity_content = bp_create_excerpt( $topic_text ); 1904 1904 1905 1905 /* Record this in activity streams */ … … 1933 1933 if ( $post_id = bp_forums_insert_post( array( 'post_id' => $post_id, 'post_text' => $post_text, 'post_time' => $post->post_time, 'topic_id' => $topic_id, 'poster_id' => $post->poster_id ) ) ) { 1934 1934 $topic = bp_forums_get_topic_details( $topic_id ); 1935 1935 1936 $activity_action = sprintf( __( '%1$s posted on the forum topic %2$s in the group %3$s:', 'buddypress'), bp_core_get_userlink( $post->poster_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );1936 $activity_action = sprintf( __( '%1$s posted on the forum topic %2$s in the group %3$s:', 'buddypress'), bp_core_get_userlink( $post->poster_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'">' . esc_attr( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ); 1937 1937 $activity_content = bp_create_excerpt( $post_text ); 1938 1938 $primary_link = bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug . '/'; 1939 1939 … … 2254 2254 $group = new BP_Groups_Group( $group_id ); 2255 2255 2256 2256 groups_record_activity( array( 2257 'action' => apply_filters( 'groups_activity_membership_accepted_action', sprintf( __( '%1$s joined the group %2$s', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $group ) . '">' . attribute_escape( $group->name ) . '</a>' ), $user_id, &$group ),2257 'action' => apply_filters( 'groups_activity_membership_accepted_action', sprintf( __( '%1$s joined the group %2$s', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $group ) . '">' . esc_attr( $group->name ) . '</a>' ), $user_id, &$group ), 2258 2258 'type' => 'joined_group', 2259 2259 'item_id' => $group->id, 2260 2260 'user_id' => $user_id -
bp-blogs/bp-blogs-widgets.php
80 80 $max_posts = strip_tags( $instance['max_posts'] ); 81 81 ?> 82 82 83 <p><label for="bp-blogs-widget-posts-max"><?php _e('Max posts to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_posts' ); ?>" name="<?php echo $this->get_field_name( 'max_posts' ); ?>" type="text" value="<?php echo attribute_escape( $max_posts ); ?>" style="width: 30%" /></label></p>83 <p><label for="bp-blogs-widget-posts-max"><?php _e('Max posts to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_posts' ); ?>" name="<?php echo $this->get_field_name( 'max_posts' ); ?>" type="text" value="<?php echo esc_attr( $max_posts ); ?>" style="width: 30%" /></label></p> 84 84 <?php 85 85 } 86 86 } -
bp-blogs/bp-blogs-templatetags.php
266 266 267 267 function bp_blog_hidden_fields() { 268 268 if ( isset( $_REQUEST['s'] ) ) { 269 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['s'] ). '" name="search_terms" />';269 echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['s'] ). '" name="search_terms" />'; 270 270 } 271 271 272 272 if ( isset( $_REQUEST['letter'] ) ) { 273 echo '<input type="hidden" id="selected_letter" value="' . attribute_escape( $_REQUEST['letter'] ) . '" name="selected_letter" />';273 echo '<input type="hidden" id="selected_letter" value="' . esc_attr( $_REQUEST['letter'] ) . '" name="selected_letter" />'; 274 274 } 275 275 276 276 if ( isset( $_REQUEST['blogs_search'] ) ) { 277 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['blogs_search'] ) . '" name="search_terms" />';277 echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['blogs_search'] ) . '" name="search_terms" />'; 278 278 } 279 279 } 280 280 -
bp-forums/bp-forums-filters.php
2 2 3 3 /* Apply WordPress defined filters */ 4 4 add_filter( 'bp_forums_bbconfig_location', 'wp_filter_kses', 1 ); 5 add_filter( 'bp_forums_bbconfig_location', ' attribute_escape', 1 );5 add_filter( 'bp_forums_bbconfig_location', 'esc_attr', 1 ); 6 6 7 7 add_filter( 'bp_get_the_topic_title', 'wp_filter_kses', 1 ); 8 8 add_filter( 'bp_get_the_topic_latest_post_excerpt', 'bp_forums_filter_kses', 1 ); -
bp-forums/bp-forums-templatetags.php
253 253 global $forum_template; 254 254 255 255 $post = bb_get_first_post( (int)$forum_template->topic->topic_id, false ); 256 return apply_filters( 'bp_get_the_topic_text', attribute_escape( $post->post_text ) );256 return apply_filters( 'bp_get_the_topic_text', esc_attr( $post->post_text ) ); 257 257 } 258 258 259 259 function bp_the_topic_poster_id() { … … 937 937 global $bp; 938 938 939 939 $post = bp_forums_get_post( $bp->action_variables[4] ); 940 return apply_filters( 'bp_get_the_topic_post_edit_text', attribute_escape( $post->post_text ) );940 return apply_filters( 'bp_get_the_topic_post_edit_text', esc_attr( $post->post_text ) ); 941 941 } 942 942 943 943 function bp_the_topic_pagination() { … … 979 979 980 980 ?> 981 981 <form action="" method="get" id="search-forums-form"> 982 <label><input type="text" name="s" id="forums_search" value="<?php echo attribute_escape($search_value) ?>" onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>982 <label><input type="text" name="s" id="forums_search" value="<?php echo esc_attr($search_value) ?>" onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label> 983 983 <input type="submit" id="forums_search_submit" name="forums_search_submit" value="<?php _e( 'Search', 'buddypress' ) ?>" /> 984 984 </form> 985 985 <?php … … 1027 1027 function bp_get_forum_action() { 1028 1028 global $topic_template; 1029 1029 1030 return apply_filters( 'bp_get_forum_action', $bp->root_domain . attribute_escape( $_SERVER['REQUEST_URI'] ) );1030 return apply_filters( 'bp_get_forum_action', $bp->root_domain . esc_attr( $_SERVER['REQUEST_URI'] ) ); 1031 1031 } 1032 1032 1033 1033 function bp_forum_topic_action() { … … 1036 1036 function bp_get_forum_topic_action() { 1037 1037 global $bp; 1038 1038 1039 return apply_filters( 'bp_get_forum_topic_action', $bp->root_domain . attribute_escape( $_SERVER['REQUEST_URI'] ) );1039 return apply_filters( 'bp_get_forum_topic_action', $bp->root_domain . esc_attr( $_SERVER['REQUEST_URI'] ) ); 1040 1040 } 1041 1041 1042 1042 function bp_forum_topic_count_for_user( $user_id = false ) { -
bp-core.php
1305 1305 $type = ( 'success' == $bp->template_message_type ) ? 'updated' : 'error'; 1306 1306 ?> 1307 1307 <div id="message" class="<?php echo $type; ?>"> 1308 <p><?php echo stripslashes( attribute_escape( $bp->template_message ) ); ?></p>1308 <p><?php echo stripslashes( esc_attr( $bp->template_message ) ); ?></p> 1309 1309 </div> 1310 1310 <?php 1311 1311 do_action( 'bp_core_render_message' ); -
bp-xprofile.php
132 132 <a href=""><?php _e( 'Admin Options', 'buddypress' ) ?></a> 133 133 134 134 <ul> 135 <li><a href="<?php echo $bp->displayed_user->domain . $bp->profile->slug ?>/edit/"><?php printf( __( "Edit %s's Profile", 'buddypress' ), attribute_escape( $bp->displayed_user->fullname ) ) ?></a></li>136 <li><a href="<?php echo $bp->displayed_user->domain . $bp->profile->slug ?>/change-avatar/"><?php printf( __( "Edit %s's Avatar", 'buddypress' ), attribute_escape( $bp->displayed_user->fullname ) ) ?></a></li>135 <li><a href="<?php echo $bp->displayed_user->domain . $bp->profile->slug ?>/edit/"><?php printf( __( "Edit %s's Profile", 'buddypress' ), esc_attr( $bp->displayed_user->fullname ) ) ?></a></li> 136 <li><a href="<?php echo $bp->displayed_user->domain . $bp->profile->slug ?>/change-avatar/"><?php printf( __( "Edit %s's Avatar", 'buddypress' ), esc_attr( $bp->displayed_user->fullname ) ) ?></a></li> 137 137 <?php if ( !bp_core_is_user_spammer( $bp->displayed_user->id ) ) : ?> 138 138 139 139 <li><a href="<?php echo wp_nonce_url( $bp->displayed_user->domain . 'admin/mark-spammer/', 'mark-unmark-spammer' ) ?>" class="confirm"><?php _e( "Mark as Spammer", 'buddypress' ) ?></a></li> … … 142 142 <li><a href="<?php echo wp_nonce_url( $bp->displayed_user->domain . 'admin/unmark-spammer/', 'mark-unmark-spammer' ) ?>" class="confirm"><?php _e( "Not a Spammer", 'buddypress' ) ?></a></li> 143 143 <?php endif; ?> 144 144 145 <li><a href="<?php echo wp_nonce_url( $bp->displayed_user->domain . 'admin/delete-user/', 'delete-user' ) ?>" class="confirm"><?php printf( __( "Delete %s", 'buddypress' ), attribute_escape( $bp->displayed_user->fullname ) ) ?></a></li>145 <li><a href="<?php echo wp_nonce_url( $bp->displayed_user->domain . 'admin/delete-user/', 'delete-user' ) ?>" class="confirm"><?php printf( __( "Delete %s", 'buddypress' ), esc_attr( $bp->displayed_user->fullname ) ) ?></a></li> 146 146 <?php do_action( 'xprofile_adminbar_menu_items' ) ?> 147 147 148 148 </ul> -
bp-groups/bp-groups-classes.php
1001 1001 1002 1002 /* When we are viewing the extension display page, set the title and options title */ 1003 1003 if ( $bp->current_component == $bp->groups->slug && $bp->is_single_item && $bp->current_action == $this->slug ) { 1004 add_action( 'bp_template_content_header', create_function( '', 'echo "' . attribute_escape( $this->name ) . '";' ) );1005 add_action( 'bp_template_title', create_function( '', 'echo "' . attribute_escape( $this->name ) . '";' ) );1004 add_action( 'bp_template_content_header', create_function( '', 'echo "' . esc_attr( $this->name ) . '";' ) ); 1005 add_action( 'bp_template_title', create_function( '', 'echo "' . esc_attr( $this->name ) . '";' ) ); 1006 1006 } 1007 1007 } 1008 1008 … … 1024 1024 1025 1025 /* Construct the admin edit tab for the new group extension */ 1026 1026 if ( $this->enable_edit_item ) { 1027 add_action( 'groups_admin_tabs', create_function( '$current, $group_slug', 'if ( "' . attribute_escape( $this->slug ) . '" == $current ) $selected = " class=\"current\""; echo "<li{$selected}><a href=\"' . $bp->root_domain . '/' . $bp->groups->slug . '/{$group_slug}/admin/' . attribute_escape( $this->slug ) . '\">' . attribute_escape( $this->name ) . '</a></li>";' ), 10, 2 );1027 add_action( 'groups_admin_tabs', create_function( '$current, $group_slug', 'if ( "' . esc_attr( $this->slug ) . '" == $current ) $selected = " class=\"current\""; echo "<li{$selected}><a href=\"' . $bp->root_domain . '/' . $bp->groups->slug . '/{$group_slug}/admin/' . esc_attr( $this->slug ) . '\">' . esc_attr( $this->name ) . '</a></li>";' ), 10, 2 ); 1028 1028 1029 1029 /* Catch the edit screen and forward it to the plugin template */ 1030 1030 if ( $bp->current_component == $bp->groups->slug && 'admin' == $bp->current_action && $this->slug == $bp->action_variables[0] ) { -
bp-groups/bp-groups-widgets.php
50 50 <?php endwhile; ?> 51 51 </ul> 52 52 <?php wp_nonce_field( 'groups_widget_groups_list', '_wpnonce-groups' ); ?> 53 <input type="hidden" name="groups_widget_max" id="groups_widget_max" value="<?php echo attribute_escape( $instance['max_groups'] ); ?>" />53 <input type="hidden" name="groups_widget_max" id="groups_widget_max" value="<?php echo esc_attr( $instance['max_groups'] ); ?>" /> 54 54 55 55 <?php else: ?> 56 56 … … 76 76 $max_groups = strip_tags( $instance['max_groups'] ); 77 77 ?> 78 78 79 <p><label for="bp-groups-widget-groups-max"><?php _e('Max groups to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_groups' ); ?>" name="<?php echo $this->get_field_name( 'max_groups' ); ?>" type="text" value="<?php echo attribute_escape( $max_groups ); ?>" style="width: 30%" /></label></p>79 <p><label for="bp-groups-widget-groups-max"><?php _e('Max groups to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_groups' ); ?>" name="<?php echo $this->get_field_name( 'max_groups' ); ?>" type="text" value="<?php echo esc_attr( $max_groups ); ?>" style="width: 30%" /></label></p> 80 80 <?php 81 81 } 82 82 } … … 129 129 <?php endwhile; ?> 130 130 </ul> 131 131 <?php wp_nonce_field( 'groups_widget_groups_list', '_wpnonce-groups' ); ?> 132 <input type="hidden" name="groups_widget_max" id="groups_widget_max" value="<?php echo attribute_escape( $_POST['max_groups'] ); ?>" />132 <input type="hidden" name="groups_widget_max" id="groups_widget_max" value="<?php echo esc_attr( $_POST['max_groups'] ); ?>" /> 133 133 134 134 <?php else: ?> 135 135 -
bp-groups/bp-groups-templatetags.php
285 285 286 286 /* Fetch the avatar from the folder, if not provide backwards compat. */ 287 287 if ( !$avatar = bp_core_fetch_avatar( array( 'item_id' => $groups_template->group->id, 'object' => 'group', 'type' => $type, 'avatar_dir' => 'group-avatars', 'alt' => $alt, 'css_id' => $id, 'class' => $class, 'width' => $width, 'height' => $height ) ) ) 288 $avatar = '<img src="' . attribute_escape( $groups_template->group->avatar_thumb ) . '" class="avatar" alt="' . attribute_escape( $groups_template->group->name ) . '" />';288 $avatar = '<img src="' . esc_attr( $groups_template->group->avatar_thumb ) . '" class="avatar" alt="' . esc_attr( $groups_template->group->name ) . '" />'; 289 289 290 290 return apply_filters( 'bp_get_group_avatar', $avatar ); 291 291 } … … 1117 1117 1118 1118 function bp_group_hidden_fields() { 1119 1119 if ( isset( $_REQUEST['s'] ) ) { 1120 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['s'] ) . '" name="search_terms" />';1120 echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['s'] ) . '" name="search_terms" />'; 1121 1121 } 1122 1122 1123 1123 if ( isset( $_REQUEST['letter'] ) ) { 1124 echo '<input type="hidden" id="selected_letter" value="' . attribute_escape( $_REQUEST['letter'] ) . '" name="selected_letter" />';1124 echo '<input type="hidden" id="selected_letter" value="' . esc_attr( $_REQUEST['letter'] ) . '" name="selected_letter" />'; 1125 1125 } 1126 1126 1127 1127 if ( isset( $_REQUEST['groups_search'] ) ) { 1128 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['groups_search'] ) . '" name="search_terms" />';1128 echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['groups_search'] ) . '" name="search_terms" />'; 1129 1129 } 1130 1130 } 1131 1131 … … 1672 1672 } 1673 1673 } 1674 1674 1675 $items[] = '<' . $separator . '><input' . $checked . ' type="checkbox" name="friends[]" id="f-' . $friends[$i]['id'] . '" value="' . attribute_escape( $friends[$i]['id'] ) . '" /> ' . $friends[$i]['full_name'] . '</' . $separator . '>';1675 $items[] = '<' . $separator . '><input' . $checked . ' type="checkbox" name="friends[]" id="f-' . $friends[$i]['id'] . '" value="' . esc_attr( $friends[$i]['id'] ) . '" /> ' . $friends[$i]['full_name'] . '</' . $separator . '>'; 1676 1676 } 1677 1677 } 1678 1678 … … 1688 1688 1689 1689 ?> 1690 1690 <form action="" method="get" id="search-groups-form"> 1691 <label><input type="text" name="s" id="groups_search" value="<?php echo attribute_escape($search_value) ?>" onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>1691 <label><input type="text" name="s" id="groups_search" value="<?php echo esc_attr($search_value) ?>" onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label> 1692 1692 <input type="submit" id="groups_search_submit" name="groups_search_submit" value="<?php _e( 'Search', 'buddypress' ) ?>" /> 1693 1693 </form> 1694 1694 <?php … … 1755 1755 global $bp; 1756 1756 1757 1757 if ( $bp->groups->current_group->avatar_full ) { ?> 1758 <img src="<?php echo attribute_escape( $bp->groups->current_group->avatar_full ) ?>" alt="<?php _e( 'Group Avatar', 'buddypress' ) ?>" class="avatar" />1758 <img src="<?php echo esc_attr( $bp->groups->current_group->avatar_full ) ?>" alt="<?php _e( 'Group Avatar', 'buddypress' ) ?>" class="avatar" /> 1759 1759 <?php } else { ?> 1760 1760 <img src="<?php echo $bp->groups->image_base . '/none.gif' ?>" alt="<?php _e( 'No Group Avatar', 'buddypress' ) ?>" class="avatar" /> 1761 1761 <?php }