Skip to:
Content

BuddyPress.org

Ticket #2525: 2525.001.diff

File 2525.001.diff, 57.2 KB (added by cnorris23, 14 years ago)
  • Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-themes/bp-default/sidebar.php

     
    3939
    4040                <form name="login-form" id="sidebar-login-form" class="standard-form" action="<?php echo site_url( 'wp-login.php', 'login_post' ) ?>" method="post">
    4141                        <label><?php _e( 'Username', 'buddypress' ) ?><br />
    42                         <input type="text" name="log" id="sidebar-user-login" class="input" value="<?php echo attribute_escape(stripslashes($user_login)); ?>" /></label>
     42                        <input type="text" name="log" id="sidebar-user-login" class="input" value="<?php echo esc_attr(stripslashes($user_login)); ?>" /></label>
    4343
    4444                        <label><?php _e( 'Password', 'buddypress' ) ?><br />
    4545                        <input type="password" name="pwd" id="sidebar-user-pass" class="input" value="" /></label>
  • Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-themes/bp-default/_inc/ajax.php

     
    188188
    189189                                <div class="acomment-meta">
    190190                                        <?php echo bp_core_get_userlink( bp_get_activity_user_id() ) ?> &middot; <?php printf( __( '%s ago', 'buddypress' ), bp_core_time_since( gmdate( "Y-m-d H:i:s" ) ) ) ?> &middot;
    191                                         <a class="acomment-reply" href="#acomment-<?php bp_activity_id() ?>" id="acomment-reply-<?php echo attribute_escape( $_POST['form_id'] ) ?>"><?php _e( 'Reply', 'buddypress' ) ?></a>
     191                                        <a class="acomment-reply" href="#acomment-<?php bp_activity_id() ?>" id="acomment-reply-<?php echo esc_attr( $_POST['form_id'] ) ?>"><?php _e( 'Reply', 'buddypress' ) ?></a>
    192192                                         &middot; <a href="<?php echo wp_nonce_url( $bp->root_domain . '/' . $bp->activity->slug . '/delete/' . bp_get_activity_id() . '?cid=' . $comment_id, 'bp_activity_delete_link' ) ?>" class="delete acomment-delete confirm"><?php _e( 'Delete', 'buddypress' ) ?></a>
    193193                                </div>
    194194
     
    312312                echo '<h4>' . $user->user_link . '</h4>';
    313313                echo '<span class="activity">' . esc_attr( $user->last_active ) . '</span>';
    314314                echo '<div class="action">
    315                                 <a class="remove" href="' . wp_nonce_url( $bp->loggedin_user->domain . $bp->groups->slug . '/' . $_POST['group_id'] . '/invites/remove/' . $user->id, 'groups_invite_uninvite_user' ) . '" id="uid-' . attribute_escape( $user->id ) . '">' . __( 'Remove Invite', 'buddypress' ) . '</a>
     315                                <a class="remove" href="' . wp_nonce_url( $bp->loggedin_user->domain . $bp->groups->slug . '/' . $_POST['group_id'] . '/invites/remove/' . $user->id, 'groups_invite_uninvite_user' ) . '" id="uid-' . esc_attr( $user->id ) . '">' . __( 'Remove Invite', 'buddypress' ) . '</a>
    316316                          </div>';
    317317                echo '</li>';
    318318
     
    404404                        if ( !groups_join_group( $group->id ) ) {
    405405                                _e( 'Error joining group', 'buddypress' );
    406406                        } else {
    407                                 echo '<a id="group-' . attribute_escape( $group->id ) . '" class="leave-group" rel="leave" title="' . __( 'Leave Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'leave-group', 'groups_leave_group' ) . '">' . __( 'Leave Group', 'buddypress' ) . '</a>';
     407                                echo '<a id="group-' . esc_attr( $group->id ) . '" class="leave-group" rel="leave" title="' . __( 'Leave Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'leave-group', 'groups_leave_group' ) . '">' . __( 'Leave Group', 'buddypress' ) . '</a>';
    408408                        }
    409409
    410410                } else if ( 'private' == $group->status ) {
     
    414414                        if ( !groups_send_membership_request( $bp->loggedin_user->id, $group->id ) ) {
    415415                                _e( 'Error requesting membership', 'buddypress' );
    416416                        } else {
    417                                 echo '<a id="group-' . attribute_escape( $group->id ) . '" class="membership-requested" rel="membership-requested" title="' . __( 'Membership Requested', 'buddypress' ) . '" href="' . bp_get_group_permalink( $group ) . '">' . __( 'Membership Requested', 'buddypress' ) . '</a>';
     417                                echo '<a id="group-' . esc_attr( $group->id ) . '" class="membership-requested" rel="membership-requested" title="' . __( 'Membership Requested', 'buddypress' ) . '" href="' . bp_get_group_permalink( $group ) . '">' . __( 'Membership Requested', 'buddypress' ) . '</a>';
    418418                        }
    419419                }
    420420
     
    426426                        _e( 'Error leaving group', 'buddypress' );
    427427                } else {
    428428                        if ( 'public' == $group->status ) {
    429                                 echo '<a id="group-' . attribute_escape( $group->id ) . '" class="join-group" rel="join" title="' . __( 'Join Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'join', 'groups_join_group' ) . '">' . __( 'Join Group', 'buddypress' ) . '</a>';
     429                                echo '<a id="group-' . esc_attr( $group->id ) . '" class="join-group" rel="join" title="' . __( 'Join Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'join', 'groups_join_group' ) . '">' . __( 'Join Group', 'buddypress' ) . '</a>';
    430430                        } else if ( 'private' == $group->status ) {
    431                                 echo '<a id="group-' . attribute_escape( $group->id ) . '" class="request-membership" rel="join" title="' . __( 'Request Membership', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'request-membership', 'groups_send_membership_request' ) . '">' . __( 'Request Membership', 'buddypress' ) . '</a>';
     431                                echo '<a id="group-' . esc_attr( $group->id ) . '" class="request-membership" rel="join" title="' . __( 'Request Membership', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'request-membership', 'groups_send_membership_request' ) . '">' . __( 'Request Membership', 'buddypress' ) . '</a>';
    432432                        }
    433433                }
    434434        }
  • Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-core/bp-core-widgets.php

     
    5252                                <?php endwhile; ?>
    5353                        </ul>
    5454                        <?php wp_nonce_field( 'bp_core_widget_members', '_wpnonce-members' ); ?>
    55                         <input type="hidden" name="members_widget_max" id="members_widget_max" value="<?php echo attribute_escape( $instance['max_members'] ); ?>" />
     55                        <input type="hidden" name="members_widget_max" id="members_widget_max" value="<?php echo esc_attr( $instance['max_members'] ); ?>" />
    5656
    5757                <?php else: ?>
    5858
     
    7878                $max_members = strip_tags( $instance['max_members'] );
    7979                ?>
    8080
    81                 <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo attribute_escape( $max_members ); ?>" style="width: 30%" /></label></p>
     81                <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" /></label></p>
    8282        <?php
    8383        }
    8484}
     
    132132                $max_members = strip_tags( $instance['max_members'] );
    133133                ?>
    134134
    135                 <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo attribute_escape( $max_members ); ?>" style="width: 30%" /></label></p>
     135                <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" /></label></p>
    136136        <?php
    137137        }
    138138}
     
    186186                $max_members = strip_tags( $instance['max_members'] );
    187187                ?>
    188188
    189                 <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo attribute_escape( $max_members ); ?>" style="width: 30%" /></label></p>
     189                <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" /></label></p>
    190190        <?php
    191191        }
    192192}
  • Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-core/bp-core-templatetags.php

     
    412412        function bp_get_member_registered() {
    413413                global $members_template;
    414414
    415                 $registered = attribute_escape( bp_core_get_last_activity( $members_template->member->user_registered, __( 'registered %s ago', 'buddypress' ) ) );
     415                $registered = esc_attr( bp_core_get_last_activity( $members_template->member->user_registered, __( 'registered %s ago', 'buddypress' ) ) );
    416416
    417417                return apply_filters( 'bp_member_last_active', $registered );
    418418        }
     
    456456
    457457function bp_member_hidden_fields() {
    458458        if ( isset( $_REQUEST['s'] ) ) {
    459                 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['s'] ) . '" name="search_terms" />';
     459                echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['s'] ) . '" name="search_terms" />';
    460460        }
    461461
    462462        if ( isset( $_REQUEST['letter'] ) ) {
    463                 echo '<input type="hidden" id="selected_letter" value="' . attribute_escape( $_REQUEST['letter'] ) . '" name="selected_letter" />';
     463                echo '<input type="hidden" id="selected_letter" value="' . esc_attr( $_REQUEST['letter'] ) . '" name="selected_letter" />';
    464464        }
    465465
    466466        if ( isset( $_REQUEST['members_search'] ) ) {
    467                 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['members_search'] ) . '" name="search_terms" />';
     467                echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['members_search'] ) . '" name="search_terms" />';
    468468        }
    469469}
    470470
     
    477477
    478478        ?>
    479479        <form action="" method="get" id="search-members-form">
    480                 <label><input type="text" name="s" id="members_search" value="<?php echo attribute_escape( $search_value ) ?>"  onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
     480                <label><input type="text" name="s" id="members_search" value="<?php echo esc_attr( $search_value ) ?>"  onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
    481481                <input type="submit" id="members_search_submit" name="members_search_submit" value="<?php _e( 'Search', 'buddypress' ) ?>" />
    482482        </form>
    483483<?php
     
    625625        if ( empty( $bp->bp_options_title ) )
    626626                $bp->bp_options_title = __( 'Options', 'buddypress' );
    627627
    628         echo apply_filters( 'bp_get_options_title', attribute_escape( $bp->bp_options_title ) );
     628        echo apply_filters( 'bp_get_options_title', esc_attr( $bp->bp_options_title ) );
    629629}
    630630
    631631
  • Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-core/bp-core-classes.php

     
    6060
    6161                if ( $this->profile_data ) {
    6262                        $this->user_url = bp_core_get_user_domain( $this->id, $this->profile_data['user_nicename'], $this->profile_data['user_login'] );
    63                         $this->fullname = attribute_escape( $this->profile_data[BP_XPROFILE_FULLNAME_FIELD_NAME]['field_data'] );
     63                        $this->fullname = esc_attr( $this->profile_data[BP_XPROFILE_FULLNAME_FIELD_NAME]['field_data'] );
    6464                        $this->user_link = "<a href='{$this->user_url}' title='{$this->fullname}'>{$this->fullname}</a>";
    65                         $this->email = attribute_escape( $this->profile_data['user_email'] );
     65                        $this->email = esc_attr( $this->profile_data['user_email'] );
    6666                } else {
    6767                        $this->user_url = bp_core_get_user_domain( $this->id );
    6868                        $this->user_link = bp_core_get_userlink( $this->id );
    69                         $this->fullname = attribute_escape( bp_core_get_user_displayname( $this->id ) );
    70                         $this->email = attribute_escape( bp_core_get_user_email( $this->id ) );
     69                        $this->fullname = esc_attr( bp_core_get_user_displayname( $this->id ) );
     70                        $this->email = esc_attr( bp_core_get_user_email( $this->id ) );
    7171                }
    7272
    7373                /* Cache a few things that are fetched often */
  • Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-core/bp-core-settings.php

     
    8787
    8888        <form action="<?php echo $bp->loggedin_user->domain . BP_SETTINGS_SLUG . '/general' ?>" method="post" class="standard-form" id="settings-form">
    8989                <label for="email"><?php _e( 'Account Email', 'buddypress' ) ?></label>
    90                 <input type="text" name="email" id="email" value="<?php echo attribute_escape( $current_user->user_email ); ?>" class="settings-input" />
     90                <input type="text" name="email" id="email" value="<?php echo esc_attr( $current_user->user_email ); ?>" class="settings-input" />
    9191
    9292                <label for="pass1"><?php _e( 'Change Password <span>(leave blank for no change)</span>', 'buddypress' ) ?></label>
    9393                <input type="password" name="pass1" id="pass1" size="16" value="" class="settings-input small" /> &nbsp;<?php _e( 'New Password', 'buddypress' ) ?><br />
  • Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-xprofile/bp-xprofile-admin.php

     
    4949                                        $type = ( $type == 'error' ) ? 'error' : 'updated';
    5050                        ?>
    5151                                <div id="message" class="<?php echo $type; ?> fade">
    52                                         <p><?php echo wp_specialchars( attribute_escape( $message ) ); ?></p>
     52                                        <p><?php echo wp_specialchars( esc_attr( $message ) ); ?></p>
    5353                                </div>
    5454                        <?php }
    5555
     
    6262                                                <thead>
    6363                                                    <tr>
    6464                                                                <th scope="col" width="10">&nbsp;</th>
    65                                                         <th scope="col" colspan="<?php if ( $groups[$i]->can_delete ) { ?>3<?php } else { ?>5<?php } ?>"><?php echo attribute_escape( $groups[$i]->name ); ?></th>
     65                                                        <th scope="col" colspan="<?php if ( $groups[$i]->can_delete ) { ?>3<?php } else { ?>5<?php } ?>"><?php echo esc_attr( $groups[$i]->name ); ?></th>
    6666                                                                <?php if ( $groups[$i]->can_delete ) { ?>
    67                                                                         <th scope="col"><a class="edit" href="admin.php?page=bp-profile-setup&amp;mode=edit_group&amp;group_id=<?php echo attribute_escape( $groups[$i]->id ); ?>"><?php _e( 'Edit', 'buddypress' ) ?></a></th>
    68                                                                 <th scope="col"><a class="delete" href="admin.php?page=bp-profile-setup&amp;mode=delete_group&amp;group_id=<?php echo attribute_escape( $groups[$i]->id ); ?>"><?php _e( 'Delete', 'buddypress' ) ?></a></th>
     67                                                                        <th scope="col"><a class="edit" href="admin.php?page=bp-profile-setup&amp;mode=edit_group&amp;group_id=<?php echo esc_attr( $groups[$i]->id ); ?>"><?php _e( 'Edit', 'buddypress' ) ?></a></th>
     68                                                                <th scope="col"><a class="delete" href="admin.php?page=bp-profile-setup&amp;mode=delete_group&amp;group_id=<?php echo esc_attr( $groups[$i]->id ); ?>"><?php _e( 'Delete', 'buddypress' ) ?></a></th>
    6969                                                                <?php } ?>
    7070                                                        </tr>
    7171                                                        <tr class="header">
     
    8686                                                                        <?php $field = new BP_XProfile_Field($groups[$i]->fields[$j]->id); ?>
    8787                                                                        <?php if ( !$field->can_delete ) { $class .= ' core'; } ?>
    8888
    89                                                                         <tr id="field_<?php echo attribute_escape( $field->id ); ?>" class="sortable<?php if ( $class ) { echo ' ' . $class; } ?>">
     89                                                                        <tr id="field_<?php echo esc_attr( $field->id ); ?>" class="sortable<?php if ( $class ) { echo ' ' . $class; } ?>">
    9090                                                                        <td width="10"><img src="<?php echo BP_PLUGIN_URL ?>/bp-xprofile/admin/images/move.gif" alt="<?php _e( 'Drag', 'buddypress' ) ?>" /></td>
    91                                                                                 <td><span title="<?php echo $field->description; ?>"><?php echo attribute_escape( $field->name ); ?> <?php if(!$field->can_delete) { ?> <?php _e( '(Core Field)', 'buddypress' ) ?><?php } ?></span></td>
    92                                                                         <td><?php echo attribute_escape( $field->type ); ?></td>
     91                                                                                <td><span title="<?php echo $field->description; ?>"><?php echo esc_attr( $field->name ); ?> <?php if(!$field->can_delete) { ?> <?php _e( '(Core Field)', 'buddypress' ) ?><?php } ?></span></td>
     92                                                                        <td><?php echo esc_attr( $field->type ); ?></td>
    9393                                                                        <td style="text-align:center;"><?php if ( $field->is_required ) { echo '<img src="' . BP_PLUGIN_URL . '/bp-xprofile/admin/images/tick.gif" alt="' . __( 'Yes', 'buddypress' ) . '" />'; } else { ?>--<?php } ?></td>
    94                                                                         <td style="text-align:center;"><?php if ( !$field->can_delete ) { ?><strike><?php _e( 'Edit', 'buddypress' ) ?></strike><?php } else { ?><a class="edit" href="admin.php?page=bp-profile-setup&amp;group_id=<?php echo attribute_escape( $groups[$i]->id ); ?>&amp;field_id=<?php echo attribute_escape( $field->id ); ?>&amp;mode=edit_field"><?php _e( 'Edit', 'buddypress' ) ?></a><?php } ?></td>
    95                                                                         <td style="text-align:center;"><?php if ( !$field->can_delete ) { ?><strike><?php _e( 'Delete', 'buddypress' ) ?></strike><?php } else { ?><a class="delete" href="admin.php?page=bp-profile-setup&amp;field_id=<?php echo attribute_escape( $field->id ); ?>&amp;mode=delete_field"><?php _e( 'Delete', 'buddypress' ) ?></a><?php } ?></td>
     94                                                                        <td style="text-align:center;"><?php if ( !$field->can_delete ) { ?><strike><?php _e( 'Edit', 'buddypress' ) ?></strike><?php } else { ?><a class="edit" href="admin.php?page=bp-profile-setup&amp;group_id=<?php echo esc_attr( $groups[$i]->id ); ?>&amp;field_id=<?php echo esc_attr( $field->id ); ?>&amp;mode=edit_field"><?php _e( 'Edit', 'buddypress' ) ?></a><?php } ?></td>
     95                                                                        <td style="text-align:center;"><?php if ( !$field->can_delete ) { ?><strike><?php _e( 'Delete', 'buddypress' ) ?></strike><?php } else { ?><a class="delete" href="admin.php?page=bp-profile-setup&amp;field_id=<?php echo esc_attr( $field->id ); ?>&amp;mode=delete_field"><?php _e( 'Delete', 'buddypress' ) ?></a><?php } ?></td>
    9696                                                                    </tr>
    9797
    9898                                                                <?php } ?>
     
    110110                                                <tfoot>
    111111
    112112                                                                <tr class="nodrag">
    113                                                                         <td colspan="6"><a href="admin.php?page=bp-profile-setup&amp;group_id=<?php echo attribute_escape( $groups[$i]->id ); ?>&amp;mode=add_field"><?php _e( 'Add New Field', 'buddypress' ) ?></a></td>
     113                                                                        <td colspan="6"><a href="admin.php?page=bp-profile-setup&amp;group_id=<?php echo esc_attr( $groups[$i]->id ); ?>&amp;mode=add_field"><?php _e( 'Add New Field', 'buddypress' ) ?></a></td>
    114114                                                                </tr>
    115115
    116116                                                </tfoot>
  • Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-xprofile/bp-xprofile-templatetags.php

     
    179179                $css_classes = array();
    180180
    181181                if ( $class )
    182                         $css_classes[] = sanitize_title( attribute_escape( $class ) );
     182                        $css_classes[] = sanitize_title( esc_attr( $class ) );
    183183
    184184                /* Set a class with the field ID */
    185185                $css_classes[] = 'field_' . $profile_template->field->id;
     
    393393                                                $selected = '';
    394394                                        }
    395395
    396                                         $html .= apply_filters( 'bp_get_the_profile_field_options_select', '<option' . $selected . ' value="' . attribute_escape( $options[$k]->name ) . '">' . attribute_escape( $options[$k]->name ) . '</option>', $options[$k] );
     396                                        $html .= apply_filters( 'bp_get_the_profile_field_options_select', '<option' . $selected . ' value="' . esc_attr( $options[$k]->name ) . '">' . esc_attr( $options[$k]->name ) . '</option>', $options[$k] );
    397397                                }
    398398                                break;
    399399
     
    415415                                                $selected = '';
    416416                                        }
    417417
    418                                         $html .= apply_filters( 'bp_get_the_profile_field_options_radio', '<label><input' . $selected . ' type="radio" name="field_' . $field->id . '" id="option_' . $options[$k]->id . '" value="' . attribute_escape( $options[$k]->name ) . '"> ' . attribute_escape( $options[$k]->name ) . '</label>', $options[$k] );
     418                                        $html .= apply_filters( 'bp_get_the_profile_field_options_radio', '<label><input' . $selected . ' type="radio" name="field_' . $field->id . '" id="option_' . $options[$k]->id . '" value="' . esc_attr( $options[$k]->name ) . '"> ' . esc_attr( $options[$k]->name ) . '</label>', $options[$k] );
    419419                                }
    420420
    421421                                $html .= '</div>';
     
    440440                                                }
    441441                                        }
    442442
    443                                         $html .= apply_filters( 'bp_get_the_profile_field_options_checkbox', '<label><input' . $selected . ' type="checkbox" name="field_' . $field->id . '[]" id="field_' . $options[$k]->id . '_' . $k . '" value="' . attribute_escape( $options[$k]->name ) . '"> ' . attribute_escape( $options[$k]->name ) . '</label>', $options[$k] );
     443                                        $html .= apply_filters( 'bp_get_the_profile_field_options_checkbox', '<label><input' . $selected . ' type="checkbox" name="field_' . $field->id . '[]" id="field_' . $options[$k]->id . '_' . $k . '" value="' . esc_attr( $options[$k]->name ) . '"> ' . esc_attr( $options[$k]->name ) . '</label>', $options[$k] );
    444444                                        $selected = '';
    445445                                }
    446446                                break;
     
    472472
    473473                                switch ( $type ) {
    474474                                        case 'day':
    475                                                 $html .= '<option value=""' . attribute_escape( $default_select ) . '>--</option>';
     475                                                $html .= '<option value=""' . esc_attr( $default_select ) . '>--</option>';
    476476
    477477                                                for ( $i = 1; $i < 32; $i++ ) {
    478478                                                        if ( $day == $i ) {
     
    493493                                                                 __( 'October', 'buddypress' ), __( 'November', 'buddypress' ), __( 'December', 'buddypress' )
    494494                                                                );
    495495
    496                                                 $html .= '<option value=""' . attribute_escape( $default_select ) . '>------</option>';
     496                                                $html .= '<option value=""' . esc_attr( $default_select ) . '>------</option>';
    497497
    498498                                                for ( $i = 0; $i < 12; $i++ ) {
    499499                                                        if ( $month == $eng_months[$i] ) {
     
    507507                                                break;
    508508
    509509                                        case 'year':
    510                                                 $html .= '<option value=""' . attribute_escape( $default_select ) . '>----</option>';
     510                                                $html .= '<option value=""' . esc_attr( $default_select ) . '>----</option>';
    511511
    512512                                                for ( $i = date( 'Y', time() ); $i > 1899; $i-- ) {
    513513                                                        if ( $year == $i ) {
     
    582582                }
    583583
    584584                if ( $groups[$i]->fields )
    585                         echo '<li' . $selected . '><a href="' . $bp->displayed_user->domain . $bp->profile->slug . '/edit/group/' . $groups[$i]->id . '">' . attribute_escape( $groups[$i]->name ) . '</a></li>';
     585                        echo '<li' . $selected . '><a href="' . $bp->displayed_user->domain . $bp->profile->slug . '/edit/group/' . $groups[$i]->id . '">' . esc_attr( $groups[$i]->name ) . '</a></li>';
    586586        }
    587587
    588588        do_action( 'xprofile_profile_group_tabs' );
  • Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-xprofile/bp-xprofile-classes.php

     
    189189                                </div>
    190190                        <?php } ?>
    191191
    192                         <form action="<?php echo attribute_escape( $action ); ?>" method="post">
     192                        <form action="<?php echo esc_attr( $action ); ?>" method="post">
    193193
    194194                                <div id="titlediv">
    195195                                        <label for="group_name"><?php _e( "Field Group Name", 'buddypress') ?></label>
    196196                                        <div>
    197                                                 <input type="text" name="group_name" id="group_name" value="<?php echo attribute_escape( $this->name ) ?>" style="width:50%" />
     197                                                <input type="text" name="group_name" id="group_name" value="<?php echo esc_attr( $this->name ) ?>" style="width:50%" />
    198198                                        </div>
    199199                                </div>
    200200
    201201                                <p class="submit" style="text-align: left">
    202                                         <input type="submit" name="saveGroup" value="<?php echo attribute_escape( $title ); ?> &rarr;" />
     202                                        <input type="submit" name="saveGroup" value="<?php echo esc_attr( $title ); ?> &rarr;" />
    203203                                </p>
    204204
    205205                        </form>
     
    527527                                                        $default_name = '[' . $j . ']';
    528528                                        ?>
    529529                                                <p><?php _e('Option', 'buddypress') ?> <?php echo $j ?>:
    530                                                    <input type="text" name="<?php echo $type ?>_option[<?php echo $j ?>]" id="<?php echo $type ?>_option<?php echo $j ?>" value="<?php echo attribute_escape( $options[$i]->name ) ?>" />
     530                                                   <input type="text" name="<?php echo $type ?>_option[<?php echo $j ?>]" id="<?php echo $type ?>_option<?php echo $j ?>" value="<?php echo esc_attr( $options[$i]->name ) ?>" />
    531531                                                   <input type="<?php echo $default_input ?>" name="isDefault_<?php echo $type ?>_option<?php echo $default_name ?>" <?php if ( (int) $options[$i]->is_default_option ) {?> checked="checked"<?php } ?> " value="<?php echo $j ?>" /> <?php _e( 'Default Value', 'buddypress' ) ?>
    532532                                                        <?php if ( $j != 1 &&
    533533                                                                $options[$i]->id != -1 ) : ?><a href="admin.php?page=bp-profile-setup&amp;mode=delete_option&amp;option_id=<?php echo $options[$i]->id ?>" class="ajax-option-delete" id="delete-<?php echo $options[$i]->id ?>">[x]</a><?php endif ?></p>
     
    587587                                <div id="titlediv">
    588588                                        <h3><label for="title"><?php _e("Field Title", 'buddypress') ?> *</label></h3>
    589589                                        <div id="titlewrap">
    590                                                 <input type="text" name="title" id="title" value="<?php echo attribute_escape( $this->name ) ?>" style="width:50%" />
     590                                                <input type="text" name="title" id="title" value="<?php echo esc_attr( $this->name ) ?>" style="width:50%" />
    591591                                        </div>
    592592                                </div>
    593593
  • Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-friends/bp-friends-templatetags.php

     
    108108                <input type="search" name="friend-search-box" id="friend-search-box" value="<?php echo $value ?>"<?php echo $disabled ?> />
    109109
    110110                <?php wp_nonce_field( 'friends_search', '_wpnonce_friend_search' ) ?>
    111                 <input type="hidden" name="initiator" id="initiator" value="<?php echo attribute_escape( $bp->displayed_user->id ) ?>" />
     111                <input type="hidden" name="initiator" id="initiator" value="<?php echo esc_attr( $bp->displayed_user->id ) ?>" />
    112112
    113113                </form>
    114114        <?php
  • Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-activity/bp-activity-templatetags.php

     
    767767                        else
    768768                                unset($selected);
    769769
    770                         $component = attribute_escape( $component );
     770                        $component = esc_attr( $component );
    771771
    772772                        switch ( $style ) {
    773773                                case 'list':
     
    795795                        /* Make sure all core internal component names are translatable */
    796796                        $translatable_components = array( __( 'profile', 'buddypress'), __( 'friends', 'buddypress' ), __( 'groups', 'buddypress' ), __( 'status', 'buddypress' ), __( 'blogs', 'buddypress' ) );
    797797
    798                         $component_links[] = $before . '<a href="' . attribute_escape( $link ) . '">' . ucwords( __( $component, 'buddypress' ) ) . '</a>' . $after;
     798                        $component_links[] = $before . '<a href="' . esc_attr( $link ) . '">' . ucwords( __( $component, 'buddypress' ) ) . '</a>' . $after;
    799799                }
    800800
    801801                $link = remove_query_arg( 'afilter' , $link );
    802802
    803803                if ( isset( $_GET['afilter'] ) )
    804                         $component_links[] = '<' . $tag . ' id="afilter-clear"><a href="' . attribute_escape( $link ) . '"">' . __( 'Clear Filter', 'buddypress' ) . '</a></' . $tag . '>';
     804                        $component_links[] = '<' . $tag . ' id="afilter-clear"><a href="' . esc_attr( $link ) . '"">' . __( 'Clear Filter', 'buddypress' ) . '</a></' . $tag . '>';
    805805
    806806                return apply_filters( 'bp_get_activity_filter_links', implode( "\n", $component_links ) );
    807807        }
  • Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-blogs.php

     
    345345                /* Record this in activity streams */
    346346                bp_blogs_record_activity( array(
    347347                        'user_id' => $recorded_blog->user_id,
    348                         'action' => apply_filters( 'bp_blogs_activity_created_blog_action', sprintf( __( '%s created the blog %s', 'buddypress'), bp_core_get_userlink( $recorded_blog->user_id ), '<a href="' . get_blog_option( $recorded_blog->blog_id, 'siteurl' ) . '">' . attribute_escape( $name ) . '</a>' ), &$recorded_blog, $name, $description ),
     348                        'action' => apply_filters( 'bp_blogs_activity_created_blog_action', sprintf( __( '%s created the blog %s', 'buddypress'), bp_core_get_userlink( $recorded_blog->user_id ), '<a href="' . get_blog_option( $recorded_blog->blog_id, 'siteurl' ) . '">' . esc_attr( $name ) . '</a>' ), &$recorded_blog, $name, $description ),
    349349                        'primary_link' => apply_filters( 'bp_blogs_activity_created_blog_primary_link', get_blog_option( $recorded_blog->blog_id, 'siteurl' ), $recorded_blog->blog_id ),
    350350                        'type' => 'new_blog',
    351351                        'item_id' => $recorded_blog->blog_id
  • Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-groups.php

     
    172172                        $bp->bp_options_title = $bp->groups->current_group->name;
    173173
    174174                        if ( !$bp->bp_options_avatar = bp_core_fetch_avatar( array( 'item_id' => $bp->groups->current_group->id, 'object' => 'group', 'type' => 'thumb', 'avatar_dir' => 'group-avatars', 'alt' => __( 'Group Avatar', 'buddypress' ) ) ) )
    175                                 $bp->bp_options_avatar = '<img src="' . attribute_escape( $group->avatar_full ) . '" class="avatar" alt="' . attribute_escape( $group->name ) . '" />';
     175                                $bp->bp_options_avatar = '<img src="' . esc_attr( $group->avatar_full ) . '" class="avatar" alt="' . esc_attr( $group->name ) . '" />';
    176176
    177177                        $group_link = $bp->root_domain . '/' . $bp->groups->slug . '/' . $bp->groups->current_group->slug . '/';
    178178
     
    298298                        $group = new BP_Groups_Group( $group_id );
    299299
    300300                        groups_record_activity( array(
    301                                 'action' => apply_filters( 'groups_activity_accepted_invite_action', sprintf( __( '%s joined the group %s', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $group ) . '">' . attribute_escape( $group->name ) . '</a>' ), $bp->loggedin_user->id, &$group ),
     301                                'action' => apply_filters( 'groups_activity_accepted_invite_action', sprintf( __( '%s joined the group %s', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $group ) . '">' . esc_attr( $group->name ) . '</a>' ), $bp->loggedin_user->id, &$group ),
    302302                                'type' => 'joined_group',
    303303                                'item_id' => $group->id
    304304                        ) );
     
    11251125
    11261126                        /* Once we compelete all steps, record the group creation in the activity stream. */
    11271127                        groups_record_activity( array(
    1128                                 'action' => apply_filters( 'groups_activity_created_group_action', sprintf( __( '%s created the group %s', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' ) ),
     1128                                'action' => apply_filters( 'groups_activity_created_group_action', sprintf( __( '%s created the group %s', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ) ),
    11291129                                'type' => 'created_group',
    11301130                                'item_id' => $bp->groups->new_group_id
    11311131                        ) );
     
    17371737
    17381738        /* Record this in activity streams */
    17391739        groups_record_activity( array(
    1740                 'action' => apply_filters( 'groups_activity_joined_group', sprintf( __( '%s joined the group %s', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' ) ),
     1740                'action' => apply_filters( 'groups_activity_joined_group', sprintf( __( '%s joined the group %s', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ) ),
    17411741                'type' => 'joined_group',
    17421742                'item_id' => $group_id
    17431743        ) );
     
    19131913                return false;
    19141914
    19151915        /* Record this in activity streams */
    1916         $activity_action = sprintf( __( '%s posted an update in the group %s:', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );
     1916        $activity_action = sprintf( __( '%s posted an update in the group %s:', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' );
    19171917        $activity_content = $content;
    19181918
    19191919        $activity_id = groups_record_activity( array(
     
    19841984        if ( $post_id = bp_forums_insert_post( array( 'post_text' => $post_text, 'topic_id' => $topic_id ) ) ) {
    19851985                $topic = bp_forums_get_topic_details( $topic_id );
    19861986
    1987                 $activity_action = sprintf( __( '%s posted on the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );
     1987                $activity_action = sprintf( __( '%s posted on the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . esc_attr( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' );
    19881988                $activity_content = bp_create_excerpt( $post_text );
    19891989                $primary_link = bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug . '/';
    19901990
     
    20232023        if ( $topic_id = bp_forums_new_topic( array( 'topic_title' => $topic_title, 'topic_text' => $topic_text, 'topic_tags' => $topic_tags, 'forum_id' => $forum_id ) ) ) {
    20242024                $topic = bp_forums_get_topic_details( $topic_id );
    20252025
    2026                 $activity_action = sprintf( __( '%s started the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );
     2026                $activity_action = sprintf( __( '%s started the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . esc_attr( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' );
    20272027                $activity_content = bp_create_excerpt( $topic_text );
    20282028
    20292029                /* Record this in activity streams */
     
    20552055                if ( function_exists( 'bp_activity_delete_by_item_id' ) )
    20562056                        bp_activity_delete_by_item_id( array( 'item_id' => $bp->groups->current_group->id, 'secondary_item_id' => $topic_id, 'component' => $bp->groups->id, 'type' => 'new_forum_topic' ) );
    20572057
    2058                 $activity_action = sprintf( __( '%s started the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $topic->topic_poster ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );
     2058                $activity_action = sprintf( __( '%s started the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $topic->topic_poster ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . esc_attr( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' );
    20592059                $activity_content = bp_create_excerpt( $topic_text );
    20602060
    20612061                /* Record this in activity streams */
     
    20892089        if ( $post_id = bp_forums_insert_post( array( 'post_id' => $post_id, 'post_text' => $post_text, 'post_time' => $post->post_time, 'topic_id' => $topic_id, 'poster_id' => $post->poster_id ) ) ) {
    20902090                $topic = bp_forums_get_topic_details( $topic_id );
    20912091
    2092                 $activity_action = sprintf( __( '%s posted on the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $post->poster_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );
     2092                $activity_action = sprintf( __( '%s posted on the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $post->poster_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'">' . esc_attr( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' );
    20932093                $activity_content = bp_create_excerpt( $post_text );
    20942094                $primary_link = bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug . '/';
    20952095
     
    24182418        $group = new BP_Groups_Group( $membership->group_id );
    24192419
    24202420        groups_record_activity( array(
    2421                 'action'        => apply_filters( 'groups_activity_membership_accepted_action', sprintf( __( '%s joined the group %s', 'buddypress'), bp_core_get_userlink( $membership->user_id ), '<a href="' . bp_get_group_permalink( $group ) . '">' . attribute_escape( $group->name ) . '</a>' ), $membership->user_id, &$group ),
     2421                'action'        => apply_filters( 'groups_activity_membership_accepted_action', sprintf( __( '%s joined the group %s', 'buddypress'), bp_core_get_userlink( $membership->user_id ), '<a href="' . bp_get_group_permalink( $group ) . '">' . esc_attr( $group->name ) . '</a>' ), $membership->user_id, &$group ),
    24222422                'type'          => 'joined_group',
    24232423                'item_id'       => $membership->group_id,
    24242424                'user_id'       => $membership->user_id
  • Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-blogs/bp-blogs-widgets.php

     
    7777                $max_posts = strip_tags( $instance['max_posts'] );
    7878                ?>
    7979
    80                 <p><label for="bp-blogs-widget-posts-max"><?php _e('Max posts to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_posts' ); ?>" name="<?php echo $this->get_field_name( 'max_posts' ); ?>" type="text" value="<?php echo attribute_escape( $max_posts ); ?>" style="width: 30%" /></label></p>
     80                <p><label for="bp-blogs-widget-posts-max"><?php _e('Max posts to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_posts' ); ?>" name="<?php echo $this->get_field_name( 'max_posts' ); ?>" type="text" value="<?php echo esc_attr( $max_posts ); ?>" style="width: 30%" /></label></p>
    8181        <?php
    8282        }
    8383}
  • Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-blogs/bp-blogs-templatetags.php

     
    267267
    268268function bp_blog_hidden_fields() {
    269269        if ( isset( $_REQUEST['s'] ) ) {
    270                 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['s'] ). '" name="search_terms" />';
     270                echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['s'] ). '" name="search_terms" />';
    271271        }
    272272
    273273        if ( isset( $_REQUEST['letter'] ) ) {
    274                 echo '<input type="hidden" id="selected_letter" value="' . attribute_escape( $_REQUEST['letter'] ) . '" name="selected_letter" />';
     274                echo '<input type="hidden" id="selected_letter" value="' . esc_attr( $_REQUEST['letter'] ) . '" name="selected_letter" />';
    275275        }
    276276
    277277        if ( isset( $_REQUEST['blogs_search'] ) ) {
    278                 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['blogs_search'] ) . '" name="search_terms" />';
     278                echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['blogs_search'] ) . '" name="search_terms" />';
    279279        }
    280280}
    281281
  • Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-forums/bp-forums-filters.php

     
    22
    33/* Apply WordPress defined filters */
    44add_filter( 'bp_forums_bbconfig_location', 'wp_filter_kses', 1 );
    5 add_filter( 'bp_forums_bbconfig_location', 'attribute_escape', 1 );
     5add_filter( 'bp_forums_bbconfig_location', 'esc_attr', 1 );
    66
    77add_filter( 'bp_get_the_topic_title', 'wp_filter_kses', 1 );
    88add_filter( 'bp_get_the_topic_latest_post_excerpt', 'bp_forums_filter_kses', 1 );
  • Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-forums/bp-forums-templatetags.php

     
    256256                global $forum_template;
    257257
    258258                $post = bb_get_first_post( (int)$forum_template->topic->topic_id, false );
    259                 return apply_filters( 'bp_get_the_topic_text', attribute_escape( $post->post_text ) );
     259                return apply_filters( 'bp_get_the_topic_text', esc_attr( $post->post_text ) );
    260260        }
    261261
    262262function bp_the_topic_poster_id() {
     
    970970                global $bp;
    971971
    972972                $post = bp_forums_get_post( $bp->action_variables[4] );
    973                 return apply_filters( 'bp_get_the_topic_post_edit_text', attribute_escape( $post->post_text ) );
     973                return apply_filters( 'bp_get_the_topic_post_edit_text', esc_attr( $post->post_text ) );
    974974        }
    975975
    976976function bp_the_topic_pagination() {
     
    10141014
    10151015?>
    10161016        <form action="" method="get" id="search-forums-form">
    1017                 <label><input type="text" name="s" id="forums_search" value="<?php echo attribute_escape($search_value) ?>"  onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
     1017                <label><input type="text" name="s" id="forums_search" value="<?php echo esc_attr($search_value) ?>"  onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
    10181018                <input type="submit" id="forums_search_submit" name="forums_search_submit" value="<?php _e( 'Search', 'buddypress' ) ?>" />
    10191019        </form>
    10201020<?php
     
    10621062        function bp_get_forum_action() {
    10631063                global $topic_template;
    10641064
    1065                 return apply_filters( 'bp_get_forum_action', $bp->root_domain . attribute_escape( $_SERVER['REQUEST_URI'] ) );
     1065                return apply_filters( 'bp_get_forum_action', $bp->root_domain . esc_attr( $_SERVER['REQUEST_URI'] ) );
    10661066        }
    10671067
    10681068function bp_forum_topic_action() {
     
    10711071        function bp_get_forum_topic_action() {
    10721072                global $bp;
    10731073
    1074                 return apply_filters( 'bp_get_forum_topic_action', $bp->root_domain . attribute_escape( $_SERVER['REQUEST_URI'] ) );
     1074                return apply_filters( 'bp_get_forum_topic_action', $bp->root_domain . esc_attr( $_SERVER['REQUEST_URI'] ) );
    10751075        }
    10761076
    10771077function bp_forum_topic_count_for_user( $user_id = false ) {
  • Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-core.php

     
    13751375                $type = ( 'success' == $bp->template_message_type ) ? 'updated' : 'error';
    13761376        ?>
    13771377                <div id="message" class="<?php echo $type; ?>">
    1378                         <p><?php echo stripslashes( attribute_escape( $bp->template_message ) ); ?></p>
     1378                        <p><?php echo stripslashes( esc_attr( $bp->template_message ) ); ?></p>
    13791379                </div>
    13801380        <?php
    13811381                do_action( 'bp_core_render_message' );
  • Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-xprofile.php

     
    212212                <a href=""><?php _e( 'Admin Options', 'buddypress' ) ?></a>
    213213
    214214                <ul>
    215                         <li><a href="<?php echo $bp->displayed_user->domain . $bp->profile->slug ?>/edit/"><?php printf( __( "Edit %s's Profile", 'buddypress' ), attribute_escape( $bp->displayed_user->fullname ) ) ?></a></li>
    216                         <li><a href="<?php echo $bp->displayed_user->domain . $bp->profile->slug ?>/change-avatar/"><?php printf( __( "Edit %s's Avatar", 'buddypress' ), attribute_escape( $bp->displayed_user->fullname ) ) ?></a></li>
     215                        <li><a href="<?php echo $bp->displayed_user->domain . $bp->profile->slug ?>/edit/"><?php printf( __( "Edit %s's Profile", 'buddypress' ), esc_attr( $bp->displayed_user->fullname ) ) ?></a></li>
     216                        <li><a href="<?php echo $bp->displayed_user->domain . $bp->profile->slug ?>/change-avatar/"><?php printf( __( "Edit %s's Avatar", 'buddypress' ), esc_attr( $bp->displayed_user->fullname ) ) ?></a></li>
    217217
    218218                        <?php if ( !bp_core_is_user_spammer( $bp->displayed_user->id ) ) : ?>
    219219                                <li><a href="<?php echo wp_nonce_url( $bp->displayed_user->domain . 'admin/mark-spammer/', 'mark-unmark-spammer' ) ?>" class="confirm"><?php _e( "Mark as Spammer", 'buddypress' ) ?></a></li>
     
    221221                                <li><a href="<?php echo wp_nonce_url( $bp->displayed_user->domain . 'admin/unmark-spammer/', 'mark-unmark-spammer' ) ?>" class="confirm"><?php _e( "Not a Spammer", 'buddypress' ) ?></a></li>
    222222                        <?php endif; ?>
    223223
    224                         <li><a href="<?php echo wp_nonce_url( $bp->displayed_user->domain . 'admin/delete-user/', 'delete-user' ) ?>" class="confirm"><?php printf( __( "Delete %s", 'buddypress' ), attribute_escape( $bp->displayed_user->fullname ) ) ?></a></li>
     224                        <li><a href="<?php echo wp_nonce_url( $bp->displayed_user->domain . 'admin/delete-user/', 'delete-user' ) ?>" class="confirm"><?php printf( __( "Delete %s", 'buddypress' ), esc_attr( $bp->displayed_user->fullname ) ) ?></a></li>
    225225
    226226                        <?php do_action( 'xprofile_adminbar_menu_items' ) ?>
    227227                </ul>
  • Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-groups/bp-groups-classes.php

     
    11361136
    11371137                /* Construct the admin edit tab for the new group extension */
    11381138                if ( $this->enable_edit_item ) {
    1139                         add_action( 'groups_admin_tabs', create_function( '$current, $group_slug', 'if ( "' . attribute_escape( $this->slug ) . '" == $current ) $selected = " class=\"current\""; echo "<li{$selected}><a href=\"' . $bp->root_domain . '/' . $bp->groups->slug . '/{$group_slug}/admin/' . attribute_escape( $this->slug ) . '\">' . attribute_escape( $this->name ) . '</a></li>";' ), 10, 2 );
     1139                        add_action( 'groups_admin_tabs', create_function( '$current, $group_slug', 'if ( "' . esc_attr( $this->slug ) . '" == $current ) $selected = " class=\"current\""; echo "<li{$selected}><a href=\"' . $bp->root_domain . '/' . $bp->groups->slug . '/{$group_slug}/admin/' . esc_attr( $this->slug ) . '\">' . esc_attr( $this->name ) . '</a></li>";' ), 10, 2 );
    11401140
    11411141                        /* Catch the edit screen and forward it to the plugin template */
    11421142                        if ( $bp->current_component == $bp->groups->slug && 'admin' == $bp->current_action && $this->slug == $bp->action_variables[0] ) {
     
    11611161
    11621162                                /* When we are viewing the extension display page, set the title and options title */
    11631163                                if ( $bp->current_component == $bp->groups->slug && $bp->is_single_item && $bp->current_action == $this->slug ) {
    1164                                         add_action( 'bp_template_content_header', create_function( '', 'echo "' . attribute_escape( $this->name ) . '";' ) );
    1165                                         add_action( 'bp_template_title', create_function( '', 'echo "' . attribute_escape( $this->name ) . '";' ) );
     1164                                        add_action( 'bp_template_content_header', create_function( '', 'echo "' . esc_attr( $this->name ) . '";' ) );
     1165                                        add_action( 'bp_template_title', create_function( '', 'echo "' . esc_attr( $this->name ) . '";' ) );
    11661166                                }
    11671167                        }
    11681168
  • Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-groups/bp-groups-widgets.php

     
    5050                                <?php endwhile; ?>
    5151                        </ul>
    5252                        <?php wp_nonce_field( 'groups_widget_groups_list', '_wpnonce-groups' ); ?>
    53                         <input type="hidden" name="groups_widget_max" id="groups_widget_max" value="<?php echo attribute_escape( $instance['max_groups'] ); ?>" />
     53                        <input type="hidden" name="groups_widget_max" id="groups_widget_max" value="<?php echo esc_attr( $instance['max_groups'] ); ?>" />
    5454
    5555                <?php else: ?>
    5656
     
    7676                $max_groups = strip_tags( $instance['max_groups'] );
    7777                ?>
    7878
    79                 <p><label for="bp-groups-widget-groups-max"><?php _e('Max groups to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_groups' ); ?>" name="<?php echo $this->get_field_name( 'max_groups' ); ?>" type="text" value="<?php echo attribute_escape( $max_groups ); ?>" style="width: 30%" /></label></p>
     79                <p><label for="bp-groups-widget-groups-max"><?php _e('Max groups to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_groups' ); ?>" name="<?php echo $this->get_field_name( 'max_groups' ); ?>" type="text" value="<?php echo esc_attr( $max_groups ); ?>" style="width: 30%" /></label></p>
    8080        <?php
    8181        }
    8282}
     
    129129                        <?php endwhile; ?>
    130130                </ul>
    131131                <?php wp_nonce_field( 'groups_widget_groups_list', '_wpnonce-groups' ); ?>
    132                 <input type="hidden" name="groups_widget_max" id="groups_widget_max" value="<?php echo attribute_escape( $_POST['max_groups'] ); ?>" />
     132                <input type="hidden" name="groups_widget_max" id="groups_widget_max" value="<?php echo esc_attr( $_POST['max_groups'] ); ?>" />
    133133
    134134        <?php else: ?>
    135135
  • Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-groups/bp-groups-templatetags.php

     
    287287
    288288                /* Fetch the avatar from the folder, if not provide backwards compat. */
    289289                if ( !$avatar = bp_core_fetch_avatar( array( 'item_id' => $groups_template->group->id, 'object' => 'group', 'type' => $type, 'avatar_dir' => 'group-avatars', 'alt' => $alt, 'css_id' => $id, 'class' => $class, 'width' => $width, 'height' => $height ) ) )
    290                         $avatar = '<img src="' . attribute_escape( $groups_template->group->avatar_thumb ) . '" class="avatar" alt="' . attribute_escape( $groups_template->group->name ) . '" />';
     290                        $avatar = '<img src="' . esc_attr( $groups_template->group->avatar_thumb ) . '" class="avatar" alt="' . esc_attr( $groups_template->group->name ) . '" />';
    291291
    292292                return apply_filters( 'bp_get_group_avatar', $avatar );
    293293        }
     
    11321132
    11331133function bp_group_hidden_fields() {
    11341134        if ( isset( $_REQUEST['s'] ) ) {
    1135                 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['s'] ) . '" name="search_terms" />';
     1135                echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['s'] ) . '" name="search_terms" />';
    11361136        }
    11371137
    11381138        if ( isset( $_REQUEST['letter'] ) ) {
    1139                 echo '<input type="hidden" id="selected_letter" value="' . attribute_escape( $_REQUEST['letter'] ) . '" name="selected_letter" />';
     1139                echo '<input type="hidden" id="selected_letter" value="' . esc_attr( $_REQUEST['letter'] ) . '" name="selected_letter" />';
    11401140        }
    11411141
    11421142        if ( isset( $_REQUEST['groups_search'] ) ) {
    1143                 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['groups_search'] ) . '" name="search_terms" />';
     1143                echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['groups_search'] ) . '" name="search_terms" />';
    11441144        }
    11451145}
    11461146
     
    16881688                                        }
    16891689                                }
    16901690
    1691                                 $items[] = '<' . $separator . '><input' . $checked . ' type="checkbox" name="friends[]" id="f-' . $friends[$i]['id'] . '" value="' . attribute_escape( $friends[$i]['id'] ) . '" /> ' . $friends[$i]['full_name'] . '</' . $separator . '>';
     1691                                $items[] = '<' . $separator . '><input' . $checked . ' type="checkbox" name="friends[]" id="f-' . $friends[$i]['id'] . '" value="' . esc_attr( $friends[$i]['id'] ) . '" /> ' . $friends[$i]['full_name'] . '</' . $separator . '>';
    16921692                        }
    16931693                }
    16941694
     
    17041704
    17051705?>
    17061706        <form action="" method="get" id="search-groups-form">
    1707                 <label><input type="text" name="s" id="groups_search" value="<?php echo attribute_escape($search_value) ?>"  onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
     1707                <label><input type="text" name="s" id="groups_search" value="<?php echo esc_attr($search_value) ?>"  onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
    17081708                <input type="submit" id="groups_search_submit" name="groups_search_submit" value="<?php _e( 'Search', 'buddypress' ) ?>" />
    17091709        </form>
    17101710<?php
     
    17711771        global $bp;
    17721772
    17731773        if ( $bp->groups->current_group->avatar_full ) { ?>
    1774                 <img src="<?php echo attribute_escape( $bp->groups->current_group->avatar_full ) ?>" alt="<?php _e( 'Group Avatar', 'buddypress' ) ?>" class="avatar" />
     1774                <img src="<?php echo esc_attr( $bp->groups->current_group->avatar_full ) ?>" alt="<?php _e( 'Group Avatar', 'buddypress' ) ?>" class="avatar" />
    17751775        <?php } else { ?>
    17761776                <img src="<?php echo $bp->groups->image_base . '/none.gif' ?>" alt="<?php _e( 'No Group Avatar', 'buddypress' ) ?>" class="avatar" />
    17771777        <?php }