Skip to:
Content

BuddyPress.org

Ticket #2526: 2526.001.diff

File 2526.001.diff, 4.4 KB (added by cnorris23, 15 years ago)
  • bp-activity.php

     
    251251                if ( is_user_logged_in() )
    252252                        bp_core_redirect( $bp->loggedin_user->domain );
    253253                else
    254                         bp_core_redirect( site_url( 'wp-login.php?redirect_to=' . clean_url( $bp->root_domain . '/' . $bp->activity->slug . '/p/' . $bp->current_action ) ) );
     254                        bp_core_redirect( site_url( 'wp-login.php?redirect_to=' . esc_url( $bp->root_domain . '/' . $bp->activity->slug . '/p/' . $bp->current_action ) ) );
    255255        }
    256256
    257257        bp_core_load_template( apply_filters( 'bp_activity_template_profile_activity_permalink', 'members/single/activity/permalink' ) );
  • bp-core/bp-core-signup.php

     
    574574
    575575function bp_core_signup_send_validation_email( $user_id, $user_email, $key ) {
    576576        $activate_url = bp_get_activation_page() ."?key=$key";
    577         $activate_url = clean_url( $activate_url );
     577        $activate_url = esc_url( $activate_url );
    578578        $admin_email = get_site_option( "admin_email" );
    579579
    580580        if ( empty( $admin_email ) )
  • bp-core/bp-core-filters.php

     
    165165
    166166        // Send email with activation link.
    167167        $activate_url = bp_get_activation_page() ."?key=$key";
    168         $activate_url = clean_url($activate_url);
     168        $activate_url = esc_url($activate_url);
    169169
    170170        $admin_email = get_site_option( "admin_email" );
    171171
     
    174174
    175175        $from_name = ( '' == get_site_option( "site_name" ) ) ? 'WordPress' : wp_specialchars( get_site_option( "site_name" ) );
    176176        $message_headers = "MIME-Version: 1.0\n" . "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n";
    177         $message = sprintf(__("Thanks for registering! To complete the activation of your account and blog, please click the following link:\n\n%s\n\n\n\nAfter you activate, you can visit your blog here:\n\n%s", 'buddypress' ), $activate_url, clean_url("http://{$domain}{$path}" ) );
    178         $subject = '[' . $from_name . '] ' . sprintf(__('Activate %s', 'buddypress' ), clean_url('http://' . $domain . $path));
     177        $message = sprintf(__("Thanks for registering! To complete the activation of your account and blog, please click the following link:\n\n%s\n\n\n\nAfter you activate, you can visit your blog here:\n\n%s", 'buddypress' ), $activate_url, esc_url("http://{$domain}{$path}" ) );
     178        $subject = '[' . $from_name . '] ' . sprintf(__('Activate %s', 'buddypress' ), esc_url('http://' . $domain . $path));
    179179
    180180        /* Send the message */
    181181        $to = apply_filters( 'bp_core_activation_signup_blog_notification_to', $user_email );
     
    194194        global $current_site;
    195195
    196196        $activate_url = bp_get_activation_page() ."?key=$key";
    197         $activate_url = clean_url($activate_url);
     197        $activate_url = esc_url($activate_url);
    198198        $admin_email = get_site_option( "admin_email" );
    199199
    200200        if ( empty( $admin_email ) )
     
    206206
    207207        $from_name = ( '' == get_site_option( "site_name" ) ) ? 'WordPress' : wp_specialchars( get_site_option( "site_name" ) );
    208208        $message_headers = "MIME-Version: 1.0\n" . "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n";
    209         $message = sprintf( __( "Thanks for registering! To complete the activation of your account please click the following link:\n\n%s\n\n", 'buddypress' ), $activate_url . $email, clean_url("http://{$domain}{$path}" ) );
     209        $message = sprintf( __( "Thanks for registering! To complete the activation of your account please click the following link:\n\n%s\n\n", 'buddypress' ), $activate_url . $email, esc_url( "http://{$domain}{$path}" ) );
    210210        $subject = '[' . $from_name . '] ' . __( 'Activate Your Account', 'buddypress' );
    211211
    212212        /* Send the message */
  • bp-core/bp-core-catchuri.php

     
    4141        if ( strpos( $_SERVER['REQUEST_URI'], 'wp-load.php' ) )
    4242                $path = bp_core_referrer();
    4343        else
    44                 $path = clean_url( $_SERVER['REQUEST_URI'] );
     44                $path = esc_url( $_SERVER['REQUEST_URI'] );
    4545
    4646        $path = apply_filters( 'bp_uri', $path );
    4747