Ticket #2525: 2525.001.diff
File 2525.001.diff, 57.2 KB (added by , 14 years ago) |
---|
-
Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-themes/bp-default/sidebar.php
39 39 40 40 <form name="login-form" id="sidebar-login-form" class="standard-form" action="<?php echo site_url( 'wp-login.php', 'login_post' ) ?>" method="post"> 41 41 <label><?php _e( 'Username', 'buddypress' ) ?><br /> 42 <input type="text" name="log" id="sidebar-user-login" class="input" value="<?php echo attribute_escape(stripslashes($user_login)); ?>" /></label>42 <input type="text" name="log" id="sidebar-user-login" class="input" value="<?php echo esc_attr(stripslashes($user_login)); ?>" /></label> 43 43 44 44 <label><?php _e( 'Password', 'buddypress' ) ?><br /> 45 45 <input type="password" name="pwd" id="sidebar-user-pass" class="input" value="" /></label> -
Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-themes/bp-default/_inc/ajax.php
188 188 189 189 <div class="acomment-meta"> 190 190 <?php echo bp_core_get_userlink( bp_get_activity_user_id() ) ?> · <?php printf( __( '%s ago', 'buddypress' ), bp_core_time_since( gmdate( "Y-m-d H:i:s" ) ) ) ?> · 191 <a class="acomment-reply" href="#acomment-<?php bp_activity_id() ?>" id="acomment-reply-<?php echo attribute_escape( $_POST['form_id'] ) ?>"><?php _e( 'Reply', 'buddypress' ) ?></a>191 <a class="acomment-reply" href="#acomment-<?php bp_activity_id() ?>" id="acomment-reply-<?php echo esc_attr( $_POST['form_id'] ) ?>"><?php _e( 'Reply', 'buddypress' ) ?></a> 192 192 · <a href="<?php echo wp_nonce_url( $bp->root_domain . '/' . $bp->activity->slug . '/delete/' . bp_get_activity_id() . '?cid=' . $comment_id, 'bp_activity_delete_link' ) ?>" class="delete acomment-delete confirm"><?php _e( 'Delete', 'buddypress' ) ?></a> 193 193 </div> 194 194 … … 312 312 echo '<h4>' . $user->user_link . '</h4>'; 313 313 echo '<span class="activity">' . esc_attr( $user->last_active ) . '</span>'; 314 314 echo '<div class="action"> 315 <a class="remove" href="' . wp_nonce_url( $bp->loggedin_user->domain . $bp->groups->slug . '/' . $_POST['group_id'] . '/invites/remove/' . $user->id, 'groups_invite_uninvite_user' ) . '" id="uid-' . attribute_escape( $user->id ) . '">' . __( 'Remove Invite', 'buddypress' ) . '</a>315 <a class="remove" href="' . wp_nonce_url( $bp->loggedin_user->domain . $bp->groups->slug . '/' . $_POST['group_id'] . '/invites/remove/' . $user->id, 'groups_invite_uninvite_user' ) . '" id="uid-' . esc_attr( $user->id ) . '">' . __( 'Remove Invite', 'buddypress' ) . '</a> 316 316 </div>'; 317 317 echo '</li>'; 318 318 … … 404 404 if ( !groups_join_group( $group->id ) ) { 405 405 _e( 'Error joining group', 'buddypress' ); 406 406 } else { 407 echo '<a id="group-' . attribute_escape( $group->id ) . '" class="leave-group" rel="leave" title="' . __( 'Leave Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'leave-group', 'groups_leave_group' ) . '">' . __( 'Leave Group', 'buddypress' ) . '</a>';407 echo '<a id="group-' . esc_attr( $group->id ) . '" class="leave-group" rel="leave" title="' . __( 'Leave Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'leave-group', 'groups_leave_group' ) . '">' . __( 'Leave Group', 'buddypress' ) . '</a>'; 408 408 } 409 409 410 410 } else if ( 'private' == $group->status ) { … … 414 414 if ( !groups_send_membership_request( $bp->loggedin_user->id, $group->id ) ) { 415 415 _e( 'Error requesting membership', 'buddypress' ); 416 416 } else { 417 echo '<a id="group-' . attribute_escape( $group->id ) . '" class="membership-requested" rel="membership-requested" title="' . __( 'Membership Requested', 'buddypress' ) . '" href="' . bp_get_group_permalink( $group ) . '">' . __( 'Membership Requested', 'buddypress' ) . '</a>';417 echo '<a id="group-' . esc_attr( $group->id ) . '" class="membership-requested" rel="membership-requested" title="' . __( 'Membership Requested', 'buddypress' ) . '" href="' . bp_get_group_permalink( $group ) . '">' . __( 'Membership Requested', 'buddypress' ) . '</a>'; 418 418 } 419 419 } 420 420 … … 426 426 _e( 'Error leaving group', 'buddypress' ); 427 427 } else { 428 428 if ( 'public' == $group->status ) { 429 echo '<a id="group-' . attribute_escape( $group->id ) . '" class="join-group" rel="join" title="' . __( 'Join Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'join', 'groups_join_group' ) . '">' . __( 'Join Group', 'buddypress' ) . '</a>';429 echo '<a id="group-' . esc_attr( $group->id ) . '" class="join-group" rel="join" title="' . __( 'Join Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'join', 'groups_join_group' ) . '">' . __( 'Join Group', 'buddypress' ) . '</a>'; 430 430 } else if ( 'private' == $group->status ) { 431 echo '<a id="group-' . attribute_escape( $group->id ) . '" class="request-membership" rel="join" title="' . __( 'Request Membership', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'request-membership', 'groups_send_membership_request' ) . '">' . __( 'Request Membership', 'buddypress' ) . '</a>';431 echo '<a id="group-' . esc_attr( $group->id ) . '" class="request-membership" rel="join" title="' . __( 'Request Membership', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'request-membership', 'groups_send_membership_request' ) . '">' . __( 'Request Membership', 'buddypress' ) . '</a>'; 432 432 } 433 433 } 434 434 } -
Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-core/bp-core-widgets.php
52 52 <?php endwhile; ?> 53 53 </ul> 54 54 <?php wp_nonce_field( 'bp_core_widget_members', '_wpnonce-members' ); ?> 55 <input type="hidden" name="members_widget_max" id="members_widget_max" value="<?php echo attribute_escape( $instance['max_members'] ); ?>" />55 <input type="hidden" name="members_widget_max" id="members_widget_max" value="<?php echo esc_attr( $instance['max_members'] ); ?>" /> 56 56 57 57 <?php else: ?> 58 58 … … 78 78 $max_members = strip_tags( $instance['max_members'] ); 79 79 ?> 80 80 81 <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo attribute_escape( $max_members ); ?>" style="width: 30%" /></label></p>81 <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" /></label></p> 82 82 <?php 83 83 } 84 84 } … … 132 132 $max_members = strip_tags( $instance['max_members'] ); 133 133 ?> 134 134 135 <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo attribute_escape( $max_members ); ?>" style="width: 30%" /></label></p>135 <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" /></label></p> 136 136 <?php 137 137 } 138 138 } … … 186 186 $max_members = strip_tags( $instance['max_members'] ); 187 187 ?> 188 188 189 <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo attribute_escape( $max_members ); ?>" style="width: 30%" /></label></p>189 <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" /></label></p> 190 190 <?php 191 191 } 192 192 } -
Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-core/bp-core-templatetags.php
412 412 function bp_get_member_registered() { 413 413 global $members_template; 414 414 415 $registered = attribute_escape( bp_core_get_last_activity( $members_template->member->user_registered, __( 'registered %s ago', 'buddypress' ) ) );415 $registered = esc_attr( bp_core_get_last_activity( $members_template->member->user_registered, __( 'registered %s ago', 'buddypress' ) ) ); 416 416 417 417 return apply_filters( 'bp_member_last_active', $registered ); 418 418 } … … 456 456 457 457 function bp_member_hidden_fields() { 458 458 if ( isset( $_REQUEST['s'] ) ) { 459 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['s'] ) . '" name="search_terms" />';459 echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['s'] ) . '" name="search_terms" />'; 460 460 } 461 461 462 462 if ( isset( $_REQUEST['letter'] ) ) { 463 echo '<input type="hidden" id="selected_letter" value="' . attribute_escape( $_REQUEST['letter'] ) . '" name="selected_letter" />';463 echo '<input type="hidden" id="selected_letter" value="' . esc_attr( $_REQUEST['letter'] ) . '" name="selected_letter" />'; 464 464 } 465 465 466 466 if ( isset( $_REQUEST['members_search'] ) ) { 467 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['members_search'] ) . '" name="search_terms" />';467 echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['members_search'] ) . '" name="search_terms" />'; 468 468 } 469 469 } 470 470 … … 477 477 478 478 ?> 479 479 <form action="" method="get" id="search-members-form"> 480 <label><input type="text" name="s" id="members_search" value="<?php echo attribute_escape( $search_value ) ?>" onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>480 <label><input type="text" name="s" id="members_search" value="<?php echo esc_attr( $search_value ) ?>" onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label> 481 481 <input type="submit" id="members_search_submit" name="members_search_submit" value="<?php _e( 'Search', 'buddypress' ) ?>" /> 482 482 </form> 483 483 <?php … … 625 625 if ( empty( $bp->bp_options_title ) ) 626 626 $bp->bp_options_title = __( 'Options', 'buddypress' ); 627 627 628 echo apply_filters( 'bp_get_options_title', attribute_escape( $bp->bp_options_title ) );628 echo apply_filters( 'bp_get_options_title', esc_attr( $bp->bp_options_title ) ); 629 629 } 630 630 631 631 -
Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-core/bp-core-classes.php
60 60 61 61 if ( $this->profile_data ) { 62 62 $this->user_url = bp_core_get_user_domain( $this->id, $this->profile_data['user_nicename'], $this->profile_data['user_login'] ); 63 $this->fullname = attribute_escape( $this->profile_data[BP_XPROFILE_FULLNAME_FIELD_NAME]['field_data'] );63 $this->fullname = esc_attr( $this->profile_data[BP_XPROFILE_FULLNAME_FIELD_NAME]['field_data'] ); 64 64 $this->user_link = "<a href='{$this->user_url}' title='{$this->fullname}'>{$this->fullname}</a>"; 65 $this->email = attribute_escape( $this->profile_data['user_email'] );65 $this->email = esc_attr( $this->profile_data['user_email'] ); 66 66 } else { 67 67 $this->user_url = bp_core_get_user_domain( $this->id ); 68 68 $this->user_link = bp_core_get_userlink( $this->id ); 69 $this->fullname = attribute_escape( bp_core_get_user_displayname( $this->id ) );70 $this->email = attribute_escape( bp_core_get_user_email( $this->id ) );69 $this->fullname = esc_attr( bp_core_get_user_displayname( $this->id ) ); 70 $this->email = esc_attr( bp_core_get_user_email( $this->id ) ); 71 71 } 72 72 73 73 /* Cache a few things that are fetched often */ -
Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-core/bp-core-settings.php
87 87 88 88 <form action="<?php echo $bp->loggedin_user->domain . BP_SETTINGS_SLUG . '/general' ?>" method="post" class="standard-form" id="settings-form"> 89 89 <label for="email"><?php _e( 'Account Email', 'buddypress' ) ?></label> 90 <input type="text" name="email" id="email" value="<?php echo attribute_escape( $current_user->user_email ); ?>" class="settings-input" />90 <input type="text" name="email" id="email" value="<?php echo esc_attr( $current_user->user_email ); ?>" class="settings-input" /> 91 91 92 92 <label for="pass1"><?php _e( 'Change Password <span>(leave blank for no change)</span>', 'buddypress' ) ?></label> 93 93 <input type="password" name="pass1" id="pass1" size="16" value="" class="settings-input small" /> <?php _e( 'New Password', 'buddypress' ) ?><br /> -
Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-xprofile/bp-xprofile-admin.php
49 49 $type = ( $type == 'error' ) ? 'error' : 'updated'; 50 50 ?> 51 51 <div id="message" class="<?php echo $type; ?> fade"> 52 <p><?php echo wp_specialchars( attribute_escape( $message ) ); ?></p>52 <p><?php echo wp_specialchars( esc_attr( $message ) ); ?></p> 53 53 </div> 54 54 <?php } 55 55 … … 62 62 <thead> 63 63 <tr> 64 64 <th scope="col" width="10"> </th> 65 <th scope="col" colspan="<?php if ( $groups[$i]->can_delete ) { ?>3<?php } else { ?>5<?php } ?>"><?php echo attribute_escape( $groups[$i]->name ); ?></th>65 <th scope="col" colspan="<?php if ( $groups[$i]->can_delete ) { ?>3<?php } else { ?>5<?php } ?>"><?php echo esc_attr( $groups[$i]->name ); ?></th> 66 66 <?php if ( $groups[$i]->can_delete ) { ?> 67 <th scope="col"><a class="edit" href="admin.php?page=bp-profile-setup&mode=edit_group&group_id=<?php echo attribute_escape( $groups[$i]->id ); ?>"><?php _e( 'Edit', 'buddypress' ) ?></a></th>68 <th scope="col"><a class="delete" href="admin.php?page=bp-profile-setup&mode=delete_group&group_id=<?php echo attribute_escape( $groups[$i]->id ); ?>"><?php _e( 'Delete', 'buddypress' ) ?></a></th>67 <th scope="col"><a class="edit" href="admin.php?page=bp-profile-setup&mode=edit_group&group_id=<?php echo esc_attr( $groups[$i]->id ); ?>"><?php _e( 'Edit', 'buddypress' ) ?></a></th> 68 <th scope="col"><a class="delete" href="admin.php?page=bp-profile-setup&mode=delete_group&group_id=<?php echo esc_attr( $groups[$i]->id ); ?>"><?php _e( 'Delete', 'buddypress' ) ?></a></th> 69 69 <?php } ?> 70 70 </tr> 71 71 <tr class="header"> … … 86 86 <?php $field = new BP_XProfile_Field($groups[$i]->fields[$j]->id); ?> 87 87 <?php if ( !$field->can_delete ) { $class .= ' core'; } ?> 88 88 89 <tr id="field_<?php echo attribute_escape( $field->id ); ?>" class="sortable<?php if ( $class ) { echo ' ' . $class; } ?>">89 <tr id="field_<?php echo esc_attr( $field->id ); ?>" class="sortable<?php if ( $class ) { echo ' ' . $class; } ?>"> 90 90 <td width="10"><img src="<?php echo BP_PLUGIN_URL ?>/bp-xprofile/admin/images/move.gif" alt="<?php _e( 'Drag', 'buddypress' ) ?>" /></td> 91 <td><span title="<?php echo $field->description; ?>"><?php echo attribute_escape( $field->name ); ?> <?php if(!$field->can_delete) { ?> <?php _e( '(Core Field)', 'buddypress' ) ?><?php } ?></span></td>92 <td><?php echo attribute_escape( $field->type ); ?></td>91 <td><span title="<?php echo $field->description; ?>"><?php echo esc_attr( $field->name ); ?> <?php if(!$field->can_delete) { ?> <?php _e( '(Core Field)', 'buddypress' ) ?><?php } ?></span></td> 92 <td><?php echo esc_attr( $field->type ); ?></td> 93 93 <td style="text-align:center;"><?php if ( $field->is_required ) { echo '<img src="' . BP_PLUGIN_URL . '/bp-xprofile/admin/images/tick.gif" alt="' . __( 'Yes', 'buddypress' ) . '" />'; } else { ?>--<?php } ?></td> 94 <td style="text-align:center;"><?php if ( !$field->can_delete ) { ?><strike><?php _e( 'Edit', 'buddypress' ) ?></strike><?php } else { ?><a class="edit" href="admin.php?page=bp-profile-setup&group_id=<?php echo attribute_escape( $groups[$i]->id ); ?>&field_id=<?php echo attribute_escape( $field->id ); ?>&mode=edit_field"><?php _e( 'Edit', 'buddypress' ) ?></a><?php } ?></td>95 <td style="text-align:center;"><?php if ( !$field->can_delete ) { ?><strike><?php _e( 'Delete', 'buddypress' ) ?></strike><?php } else { ?><a class="delete" href="admin.php?page=bp-profile-setup&field_id=<?php echo attribute_escape( $field->id ); ?>&mode=delete_field"><?php _e( 'Delete', 'buddypress' ) ?></a><?php } ?></td>94 <td style="text-align:center;"><?php if ( !$field->can_delete ) { ?><strike><?php _e( 'Edit', 'buddypress' ) ?></strike><?php } else { ?><a class="edit" href="admin.php?page=bp-profile-setup&group_id=<?php echo esc_attr( $groups[$i]->id ); ?>&field_id=<?php echo esc_attr( $field->id ); ?>&mode=edit_field"><?php _e( 'Edit', 'buddypress' ) ?></a><?php } ?></td> 95 <td style="text-align:center;"><?php if ( !$field->can_delete ) { ?><strike><?php _e( 'Delete', 'buddypress' ) ?></strike><?php } else { ?><a class="delete" href="admin.php?page=bp-profile-setup&field_id=<?php echo esc_attr( $field->id ); ?>&mode=delete_field"><?php _e( 'Delete', 'buddypress' ) ?></a><?php } ?></td> 96 96 </tr> 97 97 98 98 <?php } ?> … … 110 110 <tfoot> 111 111 112 112 <tr class="nodrag"> 113 <td colspan="6"><a href="admin.php?page=bp-profile-setup&group_id=<?php echo attribute_escape( $groups[$i]->id ); ?>&mode=add_field"><?php _e( 'Add New Field', 'buddypress' ) ?></a></td>113 <td colspan="6"><a href="admin.php?page=bp-profile-setup&group_id=<?php echo esc_attr( $groups[$i]->id ); ?>&mode=add_field"><?php _e( 'Add New Field', 'buddypress' ) ?></a></td> 114 114 </tr> 115 115 116 116 </tfoot> -
Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-xprofile/bp-xprofile-templatetags.php
179 179 $css_classes = array(); 180 180 181 181 if ( $class ) 182 $css_classes[] = sanitize_title( attribute_escape( $class ) );182 $css_classes[] = sanitize_title( esc_attr( $class ) ); 183 183 184 184 /* Set a class with the field ID */ 185 185 $css_classes[] = 'field_' . $profile_template->field->id; … … 393 393 $selected = ''; 394 394 } 395 395 396 $html .= apply_filters( 'bp_get_the_profile_field_options_select', '<option' . $selected . ' value="' . attribute_escape( $options[$k]->name ) . '">' . attribute_escape( $options[$k]->name ) . '</option>', $options[$k] );396 $html .= apply_filters( 'bp_get_the_profile_field_options_select', '<option' . $selected . ' value="' . esc_attr( $options[$k]->name ) . '">' . esc_attr( $options[$k]->name ) . '</option>', $options[$k] ); 397 397 } 398 398 break; 399 399 … … 415 415 $selected = ''; 416 416 } 417 417 418 $html .= apply_filters( 'bp_get_the_profile_field_options_radio', '<label><input' . $selected . ' type="radio" name="field_' . $field->id . '" id="option_' . $options[$k]->id . '" value="' . attribute_escape( $options[$k]->name ) . '"> ' . attribute_escape( $options[$k]->name ) . '</label>', $options[$k] );418 $html .= apply_filters( 'bp_get_the_profile_field_options_radio', '<label><input' . $selected . ' type="radio" name="field_' . $field->id . '" id="option_' . $options[$k]->id . '" value="' . esc_attr( $options[$k]->name ) . '"> ' . esc_attr( $options[$k]->name ) . '</label>', $options[$k] ); 419 419 } 420 420 421 421 $html .= '</div>'; … … 440 440 } 441 441 } 442 442 443 $html .= apply_filters( 'bp_get_the_profile_field_options_checkbox', '<label><input' . $selected . ' type="checkbox" name="field_' . $field->id . '[]" id="field_' . $options[$k]->id . '_' . $k . '" value="' . attribute_escape( $options[$k]->name ) . '"> ' . attribute_escape( $options[$k]->name ) . '</label>', $options[$k] );443 $html .= apply_filters( 'bp_get_the_profile_field_options_checkbox', '<label><input' . $selected . ' type="checkbox" name="field_' . $field->id . '[]" id="field_' . $options[$k]->id . '_' . $k . '" value="' . esc_attr( $options[$k]->name ) . '"> ' . esc_attr( $options[$k]->name ) . '</label>', $options[$k] ); 444 444 $selected = ''; 445 445 } 446 446 break; … … 472 472 473 473 switch ( $type ) { 474 474 case 'day': 475 $html .= '<option value=""' . attribute_escape( $default_select ) . '>--</option>';475 $html .= '<option value=""' . esc_attr( $default_select ) . '>--</option>'; 476 476 477 477 for ( $i = 1; $i < 32; $i++ ) { 478 478 if ( $day == $i ) { … … 493 493 __( 'October', 'buddypress' ), __( 'November', 'buddypress' ), __( 'December', 'buddypress' ) 494 494 ); 495 495 496 $html .= '<option value=""' . attribute_escape( $default_select ) . '>------</option>';496 $html .= '<option value=""' . esc_attr( $default_select ) . '>------</option>'; 497 497 498 498 for ( $i = 0; $i < 12; $i++ ) { 499 499 if ( $month == $eng_months[$i] ) { … … 507 507 break; 508 508 509 509 case 'year': 510 $html .= '<option value=""' . attribute_escape( $default_select ) . '>----</option>';510 $html .= '<option value=""' . esc_attr( $default_select ) . '>----</option>'; 511 511 512 512 for ( $i = date( 'Y', time() ); $i > 1899; $i-- ) { 513 513 if ( $year == $i ) { … … 582 582 } 583 583 584 584 if ( $groups[$i]->fields ) 585 echo '<li' . $selected . '><a href="' . $bp->displayed_user->domain . $bp->profile->slug . '/edit/group/' . $groups[$i]->id . '">' . attribute_escape( $groups[$i]->name ) . '</a></li>';585 echo '<li' . $selected . '><a href="' . $bp->displayed_user->domain . $bp->profile->slug . '/edit/group/' . $groups[$i]->id . '">' . esc_attr( $groups[$i]->name ) . '</a></li>'; 586 586 } 587 587 588 588 do_action( 'xprofile_profile_group_tabs' ); -
Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-xprofile/bp-xprofile-classes.php
189 189 </div> 190 190 <?php } ?> 191 191 192 <form action="<?php echo attribute_escape( $action ); ?>" method="post">192 <form action="<?php echo esc_attr( $action ); ?>" method="post"> 193 193 194 194 <div id="titlediv"> 195 195 <label for="group_name"><?php _e( "Field Group Name", 'buddypress') ?></label> 196 196 <div> 197 <input type="text" name="group_name" id="group_name" value="<?php echo attribute_escape( $this->name ) ?>" style="width:50%" />197 <input type="text" name="group_name" id="group_name" value="<?php echo esc_attr( $this->name ) ?>" style="width:50%" /> 198 198 </div> 199 199 </div> 200 200 201 201 <p class="submit" style="text-align: left"> 202 <input type="submit" name="saveGroup" value="<?php echo attribute_escape( $title ); ?> →" />202 <input type="submit" name="saveGroup" value="<?php echo esc_attr( $title ); ?> →" /> 203 203 </p> 204 204 205 205 </form> … … 527 527 $default_name = '[' . $j . ']'; 528 528 ?> 529 529 <p><?php _e('Option', 'buddypress') ?> <?php echo $j ?>: 530 <input type="text" name="<?php echo $type ?>_option[<?php echo $j ?>]" id="<?php echo $type ?>_option<?php echo $j ?>" value="<?php echo attribute_escape( $options[$i]->name ) ?>" />530 <input type="text" name="<?php echo $type ?>_option[<?php echo $j ?>]" id="<?php echo $type ?>_option<?php echo $j ?>" value="<?php echo esc_attr( $options[$i]->name ) ?>" /> 531 531 <input type="<?php echo $default_input ?>" name="isDefault_<?php echo $type ?>_option<?php echo $default_name ?>" <?php if ( (int) $options[$i]->is_default_option ) {?> checked="checked"<?php } ?> " value="<?php echo $j ?>" /> <?php _e( 'Default Value', 'buddypress' ) ?> 532 532 <?php if ( $j != 1 && 533 533 $options[$i]->id != -1 ) : ?><a href="admin.php?page=bp-profile-setup&mode=delete_option&option_id=<?php echo $options[$i]->id ?>" class="ajax-option-delete" id="delete-<?php echo $options[$i]->id ?>">[x]</a><?php endif ?></p> … … 587 587 <div id="titlediv"> 588 588 <h3><label for="title"><?php _e("Field Title", 'buddypress') ?> *</label></h3> 589 589 <div id="titlewrap"> 590 <input type="text" name="title" id="title" value="<?php echo attribute_escape( $this->name ) ?>" style="width:50%" />590 <input type="text" name="title" id="title" value="<?php echo esc_attr( $this->name ) ?>" style="width:50%" /> 591 591 </div> 592 592 </div> 593 593 -
Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-friends/bp-friends-templatetags.php
108 108 <input type="search" name="friend-search-box" id="friend-search-box" value="<?php echo $value ?>"<?php echo $disabled ?> /> 109 109 110 110 <?php wp_nonce_field( 'friends_search', '_wpnonce_friend_search' ) ?> 111 <input type="hidden" name="initiator" id="initiator" value="<?php echo attribute_escape( $bp->displayed_user->id ) ?>" />111 <input type="hidden" name="initiator" id="initiator" value="<?php echo esc_attr( $bp->displayed_user->id ) ?>" /> 112 112 113 113 </form> 114 114 <?php -
Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-activity/bp-activity-templatetags.php
767 767 else 768 768 unset($selected); 769 769 770 $component = attribute_escape( $component );770 $component = esc_attr( $component ); 771 771 772 772 switch ( $style ) { 773 773 case 'list': … … 795 795 /* Make sure all core internal component names are translatable */ 796 796 $translatable_components = array( __( 'profile', 'buddypress'), __( 'friends', 'buddypress' ), __( 'groups', 'buddypress' ), __( 'status', 'buddypress' ), __( 'blogs', 'buddypress' ) ); 797 797 798 $component_links[] = $before . '<a href="' . attribute_escape( $link ) . '">' . ucwords( __( $component, 'buddypress' ) ) . '</a>' . $after;798 $component_links[] = $before . '<a href="' . esc_attr( $link ) . '">' . ucwords( __( $component, 'buddypress' ) ) . '</a>' . $after; 799 799 } 800 800 801 801 $link = remove_query_arg( 'afilter' , $link ); 802 802 803 803 if ( isset( $_GET['afilter'] ) ) 804 $component_links[] = '<' . $tag . ' id="afilter-clear"><a href="' . attribute_escape( $link ) . '"">' . __( 'Clear Filter', 'buddypress' ) . '</a></' . $tag . '>';804 $component_links[] = '<' . $tag . ' id="afilter-clear"><a href="' . esc_attr( $link ) . '"">' . __( 'Clear Filter', 'buddypress' ) . '</a></' . $tag . '>'; 805 805 806 806 return apply_filters( 'bp_get_activity_filter_links', implode( "\n", $component_links ) ); 807 807 } -
Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-blogs.php
345 345 /* Record this in activity streams */ 346 346 bp_blogs_record_activity( array( 347 347 'user_id' => $recorded_blog->user_id, 348 'action' => apply_filters( 'bp_blogs_activity_created_blog_action', sprintf( __( '%s created the blog %s', 'buddypress'), bp_core_get_userlink( $recorded_blog->user_id ), '<a href="' . get_blog_option( $recorded_blog->blog_id, 'siteurl' ) . '">' . attribute_escape( $name ) . '</a>' ), &$recorded_blog, $name, $description ),348 'action' => apply_filters( 'bp_blogs_activity_created_blog_action', sprintf( __( '%s created the blog %s', 'buddypress'), bp_core_get_userlink( $recorded_blog->user_id ), '<a href="' . get_blog_option( $recorded_blog->blog_id, 'siteurl' ) . '">' . esc_attr( $name ) . '</a>' ), &$recorded_blog, $name, $description ), 349 349 'primary_link' => apply_filters( 'bp_blogs_activity_created_blog_primary_link', get_blog_option( $recorded_blog->blog_id, 'siteurl' ), $recorded_blog->blog_id ), 350 350 'type' => 'new_blog', 351 351 'item_id' => $recorded_blog->blog_id -
Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-groups.php
172 172 $bp->bp_options_title = $bp->groups->current_group->name; 173 173 174 174 if ( !$bp->bp_options_avatar = bp_core_fetch_avatar( array( 'item_id' => $bp->groups->current_group->id, 'object' => 'group', 'type' => 'thumb', 'avatar_dir' => 'group-avatars', 'alt' => __( 'Group Avatar', 'buddypress' ) ) ) ) 175 $bp->bp_options_avatar = '<img src="' . attribute_escape( $group->avatar_full ) . '" class="avatar" alt="' . attribute_escape( $group->name ) . '" />';175 $bp->bp_options_avatar = '<img src="' . esc_attr( $group->avatar_full ) . '" class="avatar" alt="' . esc_attr( $group->name ) . '" />'; 176 176 177 177 $group_link = $bp->root_domain . '/' . $bp->groups->slug . '/' . $bp->groups->current_group->slug . '/'; 178 178 … … 298 298 $group = new BP_Groups_Group( $group_id ); 299 299 300 300 groups_record_activity( array( 301 'action' => apply_filters( 'groups_activity_accepted_invite_action', sprintf( __( '%s joined the group %s', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $group ) . '">' . attribute_escape( $group->name ) . '</a>' ), $bp->loggedin_user->id, &$group ),301 'action' => apply_filters( 'groups_activity_accepted_invite_action', sprintf( __( '%s joined the group %s', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $group ) . '">' . esc_attr( $group->name ) . '</a>' ), $bp->loggedin_user->id, &$group ), 302 302 'type' => 'joined_group', 303 303 'item_id' => $group->id 304 304 ) ); … … 1125 1125 1126 1126 /* Once we compelete all steps, record the group creation in the activity stream. */ 1127 1127 groups_record_activity( array( 1128 'action' => apply_filters( 'groups_activity_created_group_action', sprintf( __( '%s created the group %s', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' ) ),1128 'action' => apply_filters( 'groups_activity_created_group_action', sprintf( __( '%s created the group %s', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ) ), 1129 1129 'type' => 'created_group', 1130 1130 'item_id' => $bp->groups->new_group_id 1131 1131 ) ); … … 1737 1737 1738 1738 /* Record this in activity streams */ 1739 1739 groups_record_activity( array( 1740 'action' => apply_filters( 'groups_activity_joined_group', sprintf( __( '%s joined the group %s', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' ) ),1740 'action' => apply_filters( 'groups_activity_joined_group', sprintf( __( '%s joined the group %s', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ) ), 1741 1741 'type' => 'joined_group', 1742 1742 'item_id' => $group_id 1743 1743 ) ); … … 1913 1913 return false; 1914 1914 1915 1915 /* Record this in activity streams */ 1916 $activity_action = sprintf( __( '%s posted an update in the group %s:', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );1916 $activity_action = sprintf( __( '%s posted an update in the group %s:', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ); 1917 1917 $activity_content = $content; 1918 1918 1919 1919 $activity_id = groups_record_activity( array( … … 1984 1984 if ( $post_id = bp_forums_insert_post( array( 'post_text' => $post_text, 'topic_id' => $topic_id ) ) ) { 1985 1985 $topic = bp_forums_get_topic_details( $topic_id ); 1986 1986 1987 $activity_action = sprintf( __( '%s posted on the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );1987 $activity_action = sprintf( __( '%s posted on the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . esc_attr( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ); 1988 1988 $activity_content = bp_create_excerpt( $post_text ); 1989 1989 $primary_link = bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug . '/'; 1990 1990 … … 2023 2023 if ( $topic_id = bp_forums_new_topic( array( 'topic_title' => $topic_title, 'topic_text' => $topic_text, 'topic_tags' => $topic_tags, 'forum_id' => $forum_id ) ) ) { 2024 2024 $topic = bp_forums_get_topic_details( $topic_id ); 2025 2025 2026 $activity_action = sprintf( __( '%s started the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );2026 $activity_action = sprintf( __( '%s started the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . esc_attr( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ); 2027 2027 $activity_content = bp_create_excerpt( $topic_text ); 2028 2028 2029 2029 /* Record this in activity streams */ … … 2055 2055 if ( function_exists( 'bp_activity_delete_by_item_id' ) ) 2056 2056 bp_activity_delete_by_item_id( array( 'item_id' => $bp->groups->current_group->id, 'secondary_item_id' => $topic_id, 'component' => $bp->groups->id, 'type' => 'new_forum_topic' ) ); 2057 2057 2058 $activity_action = sprintf( __( '%s started the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $topic->topic_poster ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );2058 $activity_action = sprintf( __( '%s started the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $topic->topic_poster ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . esc_attr( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ); 2059 2059 $activity_content = bp_create_excerpt( $topic_text ); 2060 2060 2061 2061 /* Record this in activity streams */ … … 2089 2089 if ( $post_id = bp_forums_insert_post( array( 'post_id' => $post_id, 'post_text' => $post_text, 'post_time' => $post->post_time, 'topic_id' => $topic_id, 'poster_id' => $post->poster_id ) ) ) { 2090 2090 $topic = bp_forums_get_topic_details( $topic_id ); 2091 2091 2092 $activity_action = sprintf( __( '%s posted on the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $post->poster_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );2092 $activity_action = sprintf( __( '%s posted on the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $post->poster_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'">' . esc_attr( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ); 2093 2093 $activity_content = bp_create_excerpt( $post_text ); 2094 2094 $primary_link = bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug . '/'; 2095 2095 … … 2418 2418 $group = new BP_Groups_Group( $membership->group_id ); 2419 2419 2420 2420 groups_record_activity( array( 2421 'action' => apply_filters( 'groups_activity_membership_accepted_action', sprintf( __( '%s joined the group %s', 'buddypress'), bp_core_get_userlink( $membership->user_id ), '<a href="' . bp_get_group_permalink( $group ) . '">' . attribute_escape( $group->name ) . '</a>' ), $membership->user_id, &$group ),2421 'action' => apply_filters( 'groups_activity_membership_accepted_action', sprintf( __( '%s joined the group %s', 'buddypress'), bp_core_get_userlink( $membership->user_id ), '<a href="' . bp_get_group_permalink( $group ) . '">' . esc_attr( $group->name ) . '</a>' ), $membership->user_id, &$group ), 2422 2422 'type' => 'joined_group', 2423 2423 'item_id' => $membership->group_id, 2424 2424 'user_id' => $membership->user_id -
Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-blogs/bp-blogs-widgets.php
77 77 $max_posts = strip_tags( $instance['max_posts'] ); 78 78 ?> 79 79 80 <p><label for="bp-blogs-widget-posts-max"><?php _e('Max posts to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_posts' ); ?>" name="<?php echo $this->get_field_name( 'max_posts' ); ?>" type="text" value="<?php echo attribute_escape( $max_posts ); ?>" style="width: 30%" /></label></p>80 <p><label for="bp-blogs-widget-posts-max"><?php _e('Max posts to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_posts' ); ?>" name="<?php echo $this->get_field_name( 'max_posts' ); ?>" type="text" value="<?php echo esc_attr( $max_posts ); ?>" style="width: 30%" /></label></p> 81 81 <?php 82 82 } 83 83 } -
Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-blogs/bp-blogs-templatetags.php
267 267 268 268 function bp_blog_hidden_fields() { 269 269 if ( isset( $_REQUEST['s'] ) ) { 270 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['s'] ). '" name="search_terms" />';270 echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['s'] ). '" name="search_terms" />'; 271 271 } 272 272 273 273 if ( isset( $_REQUEST['letter'] ) ) { 274 echo '<input type="hidden" id="selected_letter" value="' . attribute_escape( $_REQUEST['letter'] ) . '" name="selected_letter" />';274 echo '<input type="hidden" id="selected_letter" value="' . esc_attr( $_REQUEST['letter'] ) . '" name="selected_letter" />'; 275 275 } 276 276 277 277 if ( isset( $_REQUEST['blogs_search'] ) ) { 278 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['blogs_search'] ) . '" name="search_terms" />';278 echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['blogs_search'] ) . '" name="search_terms" />'; 279 279 } 280 280 } 281 281 -
Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-forums/bp-forums-filters.php
2 2 3 3 /* Apply WordPress defined filters */ 4 4 add_filter( 'bp_forums_bbconfig_location', 'wp_filter_kses', 1 ); 5 add_filter( 'bp_forums_bbconfig_location', ' attribute_escape', 1 );5 add_filter( 'bp_forums_bbconfig_location', 'esc_attr', 1 ); 6 6 7 7 add_filter( 'bp_get_the_topic_title', 'wp_filter_kses', 1 ); 8 8 add_filter( 'bp_get_the_topic_latest_post_excerpt', 'bp_forums_filter_kses', 1 ); -
Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-forums/bp-forums-templatetags.php
256 256 global $forum_template; 257 257 258 258 $post = bb_get_first_post( (int)$forum_template->topic->topic_id, false ); 259 return apply_filters( 'bp_get_the_topic_text', attribute_escape( $post->post_text ) );259 return apply_filters( 'bp_get_the_topic_text', esc_attr( $post->post_text ) ); 260 260 } 261 261 262 262 function bp_the_topic_poster_id() { … … 970 970 global $bp; 971 971 972 972 $post = bp_forums_get_post( $bp->action_variables[4] ); 973 return apply_filters( 'bp_get_the_topic_post_edit_text', attribute_escape( $post->post_text ) );973 return apply_filters( 'bp_get_the_topic_post_edit_text', esc_attr( $post->post_text ) ); 974 974 } 975 975 976 976 function bp_the_topic_pagination() { … … 1014 1014 1015 1015 ?> 1016 1016 <form action="" method="get" id="search-forums-form"> 1017 <label><input type="text" name="s" id="forums_search" value="<?php echo attribute_escape($search_value) ?>" onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>1017 <label><input type="text" name="s" id="forums_search" value="<?php echo esc_attr($search_value) ?>" onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label> 1018 1018 <input type="submit" id="forums_search_submit" name="forums_search_submit" value="<?php _e( 'Search', 'buddypress' ) ?>" /> 1019 1019 </form> 1020 1020 <?php … … 1062 1062 function bp_get_forum_action() { 1063 1063 global $topic_template; 1064 1064 1065 return apply_filters( 'bp_get_forum_action', $bp->root_domain . attribute_escape( $_SERVER['REQUEST_URI'] ) );1065 return apply_filters( 'bp_get_forum_action', $bp->root_domain . esc_attr( $_SERVER['REQUEST_URI'] ) ); 1066 1066 } 1067 1067 1068 1068 function bp_forum_topic_action() { … … 1071 1071 function bp_get_forum_topic_action() { 1072 1072 global $bp; 1073 1073 1074 return apply_filters( 'bp_get_forum_topic_action', $bp->root_domain . attribute_escape( $_SERVER['REQUEST_URI'] ) );1074 return apply_filters( 'bp_get_forum_topic_action', $bp->root_domain . esc_attr( $_SERVER['REQUEST_URI'] ) ); 1075 1075 } 1076 1076 1077 1077 function bp_forum_topic_count_for_user( $user_id = false ) { -
Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-core.php
1375 1375 $type = ( 'success' == $bp->template_message_type ) ? 'updated' : 'error'; 1376 1376 ?> 1377 1377 <div id="message" class="<?php echo $type; ?>"> 1378 <p><?php echo stripslashes( attribute_escape( $bp->template_message ) ); ?></p>1378 <p><?php echo stripslashes( esc_attr( $bp->template_message ) ); ?></p> 1379 1379 </div> 1380 1380 <?php 1381 1381 do_action( 'bp_core_render_message' ); -
Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-xprofile.php
212 212 <a href=""><?php _e( 'Admin Options', 'buddypress' ) ?></a> 213 213 214 214 <ul> 215 <li><a href="<?php echo $bp->displayed_user->domain . $bp->profile->slug ?>/edit/"><?php printf( __( "Edit %s's Profile", 'buddypress' ), attribute_escape( $bp->displayed_user->fullname ) ) ?></a></li>216 <li><a href="<?php echo $bp->displayed_user->domain . $bp->profile->slug ?>/change-avatar/"><?php printf( __( "Edit %s's Avatar", 'buddypress' ), attribute_escape( $bp->displayed_user->fullname ) ) ?></a></li>215 <li><a href="<?php echo $bp->displayed_user->domain . $bp->profile->slug ?>/edit/"><?php printf( __( "Edit %s's Profile", 'buddypress' ), esc_attr( $bp->displayed_user->fullname ) ) ?></a></li> 216 <li><a href="<?php echo $bp->displayed_user->domain . $bp->profile->slug ?>/change-avatar/"><?php printf( __( "Edit %s's Avatar", 'buddypress' ), esc_attr( $bp->displayed_user->fullname ) ) ?></a></li> 217 217 218 218 <?php if ( !bp_core_is_user_spammer( $bp->displayed_user->id ) ) : ?> 219 219 <li><a href="<?php echo wp_nonce_url( $bp->displayed_user->domain . 'admin/mark-spammer/', 'mark-unmark-spammer' ) ?>" class="confirm"><?php _e( "Mark as Spammer", 'buddypress' ) ?></a></li> … … 221 221 <li><a href="<?php echo wp_nonce_url( $bp->displayed_user->domain . 'admin/unmark-spammer/', 'mark-unmark-spammer' ) ?>" class="confirm"><?php _e( "Not a Spammer", 'buddypress' ) ?></a></li> 222 222 <?php endif; ?> 223 223 224 <li><a href="<?php echo wp_nonce_url( $bp->displayed_user->domain . 'admin/delete-user/', 'delete-user' ) ?>" class="confirm"><?php printf( __( "Delete %s", 'buddypress' ), attribute_escape( $bp->displayed_user->fullname ) ) ?></a></li>224 <li><a href="<?php echo wp_nonce_url( $bp->displayed_user->domain . 'admin/delete-user/', 'delete-user' ) ?>" class="confirm"><?php printf( __( "Delete %s", 'buddypress' ), esc_attr( $bp->displayed_user->fullname ) ) ?></a></li> 225 225 226 226 <?php do_action( 'xprofile_adminbar_menu_items' ) ?> 227 227 </ul> -
Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-groups/bp-groups-classes.php
1136 1136 1137 1137 /* Construct the admin edit tab for the new group extension */ 1138 1138 if ( $this->enable_edit_item ) { 1139 add_action( 'groups_admin_tabs', create_function( '$current, $group_slug', 'if ( "' . attribute_escape( $this->slug ) . '" == $current ) $selected = " class=\"current\""; echo "<li{$selected}><a href=\"' . $bp->root_domain . '/' . $bp->groups->slug . '/{$group_slug}/admin/' . attribute_escape( $this->slug ) . '\">' . attribute_escape( $this->name ) . '</a></li>";' ), 10, 2 );1139 add_action( 'groups_admin_tabs', create_function( '$current, $group_slug', 'if ( "' . esc_attr( $this->slug ) . '" == $current ) $selected = " class=\"current\""; echo "<li{$selected}><a href=\"' . $bp->root_domain . '/' . $bp->groups->slug . '/{$group_slug}/admin/' . esc_attr( $this->slug ) . '\">' . esc_attr( $this->name ) . '</a></li>";' ), 10, 2 ); 1140 1140 1141 1141 /* Catch the edit screen and forward it to the plugin template */ 1142 1142 if ( $bp->current_component == $bp->groups->slug && 'admin' == $bp->current_action && $this->slug == $bp->action_variables[0] ) { … … 1161 1161 1162 1162 /* When we are viewing the extension display page, set the title and options title */ 1163 1163 if ( $bp->current_component == $bp->groups->slug && $bp->is_single_item && $bp->current_action == $this->slug ) { 1164 add_action( 'bp_template_content_header', create_function( '', 'echo "' . attribute_escape( $this->name ) . '";' ) );1165 add_action( 'bp_template_title', create_function( '', 'echo "' . attribute_escape( $this->name ) . '";' ) );1164 add_action( 'bp_template_content_header', create_function( '', 'echo "' . esc_attr( $this->name ) . '";' ) ); 1165 add_action( 'bp_template_title', create_function( '', 'echo "' . esc_attr( $this->name ) . '";' ) ); 1166 1166 } 1167 1167 } 1168 1168 -
Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-groups/bp-groups-widgets.php
50 50 <?php endwhile; ?> 51 51 </ul> 52 52 <?php wp_nonce_field( 'groups_widget_groups_list', '_wpnonce-groups' ); ?> 53 <input type="hidden" name="groups_widget_max" id="groups_widget_max" value="<?php echo attribute_escape( $instance['max_groups'] ); ?>" />53 <input type="hidden" name="groups_widget_max" id="groups_widget_max" value="<?php echo esc_attr( $instance['max_groups'] ); ?>" /> 54 54 55 55 <?php else: ?> 56 56 … … 76 76 $max_groups = strip_tags( $instance['max_groups'] ); 77 77 ?> 78 78 79 <p><label for="bp-groups-widget-groups-max"><?php _e('Max groups to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_groups' ); ?>" name="<?php echo $this->get_field_name( 'max_groups' ); ?>" type="text" value="<?php echo attribute_escape( $max_groups ); ?>" style="width: 30%" /></label></p>79 <p><label for="bp-groups-widget-groups-max"><?php _e('Max groups to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_groups' ); ?>" name="<?php echo $this->get_field_name( 'max_groups' ); ?>" type="text" value="<?php echo esc_attr( $max_groups ); ?>" style="width: 30%" /></label></p> 80 80 <?php 81 81 } 82 82 } … … 129 129 <?php endwhile; ?> 130 130 </ul> 131 131 <?php wp_nonce_field( 'groups_widget_groups_list', '_wpnonce-groups' ); ?> 132 <input type="hidden" name="groups_widget_max" id="groups_widget_max" value="<?php echo attribute_escape( $_POST['max_groups'] ); ?>" />132 <input type="hidden" name="groups_widget_max" id="groups_widget_max" value="<?php echo esc_attr( $_POST['max_groups'] ); ?>" /> 133 133 134 134 <?php else: ?> 135 135 -
Users/Genesis/Sites/wp-3.0-bp/wp-content/plugins/buddypress/bp-groups/bp-groups-templatetags.php
287 287 288 288 /* Fetch the avatar from the folder, if not provide backwards compat. */ 289 289 if ( !$avatar = bp_core_fetch_avatar( array( 'item_id' => $groups_template->group->id, 'object' => 'group', 'type' => $type, 'avatar_dir' => 'group-avatars', 'alt' => $alt, 'css_id' => $id, 'class' => $class, 'width' => $width, 'height' => $height ) ) ) 290 $avatar = '<img src="' . attribute_escape( $groups_template->group->avatar_thumb ) . '" class="avatar" alt="' . attribute_escape( $groups_template->group->name ) . '" />';290 $avatar = '<img src="' . esc_attr( $groups_template->group->avatar_thumb ) . '" class="avatar" alt="' . esc_attr( $groups_template->group->name ) . '" />'; 291 291 292 292 return apply_filters( 'bp_get_group_avatar', $avatar ); 293 293 } … … 1132 1132 1133 1133 function bp_group_hidden_fields() { 1134 1134 if ( isset( $_REQUEST['s'] ) ) { 1135 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['s'] ) . '" name="search_terms" />';1135 echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['s'] ) . '" name="search_terms" />'; 1136 1136 } 1137 1137 1138 1138 if ( isset( $_REQUEST['letter'] ) ) { 1139 echo '<input type="hidden" id="selected_letter" value="' . attribute_escape( $_REQUEST['letter'] ) . '" name="selected_letter" />';1139 echo '<input type="hidden" id="selected_letter" value="' . esc_attr( $_REQUEST['letter'] ) . '" name="selected_letter" />'; 1140 1140 } 1141 1141 1142 1142 if ( isset( $_REQUEST['groups_search'] ) ) { 1143 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['groups_search'] ) . '" name="search_terms" />';1143 echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['groups_search'] ) . '" name="search_terms" />'; 1144 1144 } 1145 1145 } 1146 1146 … … 1688 1688 } 1689 1689 } 1690 1690 1691 $items[] = '<' . $separator . '><input' . $checked . ' type="checkbox" name="friends[]" id="f-' . $friends[$i]['id'] . '" value="' . attribute_escape( $friends[$i]['id'] ) . '" /> ' . $friends[$i]['full_name'] . '</' . $separator . '>';1691 $items[] = '<' . $separator . '><input' . $checked . ' type="checkbox" name="friends[]" id="f-' . $friends[$i]['id'] . '" value="' . esc_attr( $friends[$i]['id'] ) . '" /> ' . $friends[$i]['full_name'] . '</' . $separator . '>'; 1692 1692 } 1693 1693 } 1694 1694 … … 1704 1704 1705 1705 ?> 1706 1706 <form action="" method="get" id="search-groups-form"> 1707 <label><input type="text" name="s" id="groups_search" value="<?php echo attribute_escape($search_value) ?>" onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>1707 <label><input type="text" name="s" id="groups_search" value="<?php echo esc_attr($search_value) ?>" onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label> 1708 1708 <input type="submit" id="groups_search_submit" name="groups_search_submit" value="<?php _e( 'Search', 'buddypress' ) ?>" /> 1709 1709 </form> 1710 1710 <?php … … 1771 1771 global $bp; 1772 1772 1773 1773 if ( $bp->groups->current_group->avatar_full ) { ?> 1774 <img src="<?php echo attribute_escape( $bp->groups->current_group->avatar_full ) ?>" alt="<?php _e( 'Group Avatar', 'buddypress' ) ?>" class="avatar" />1774 <img src="<?php echo esc_attr( $bp->groups->current_group->avatar_full ) ?>" alt="<?php _e( 'Group Avatar', 'buddypress' ) ?>" class="avatar" /> 1775 1775 <?php } else { ?> 1776 1776 <img src="<?php echo $bp->groups->image_base . '/none.gif' ?>" alt="<?php _e( 'No Group Avatar', 'buddypress' ) ?>" class="avatar" /> 1777 1777 <?php }