Ticket #2526: 2526.001.diff
File 2526.001.diff, 4.4 KB (added by , 15 years ago) |
---|
-
bp-activity.php
251 251 if ( is_user_logged_in() ) 252 252 bp_core_redirect( $bp->loggedin_user->domain ); 253 253 else 254 bp_core_redirect( site_url( 'wp-login.php?redirect_to=' . clean_url( $bp->root_domain . '/' . $bp->activity->slug . '/p/' . $bp->current_action ) ) );254 bp_core_redirect( site_url( 'wp-login.php?redirect_to=' . esc_url( $bp->root_domain . '/' . $bp->activity->slug . '/p/' . $bp->current_action ) ) ); 255 255 } 256 256 257 257 bp_core_load_template( apply_filters( 'bp_activity_template_profile_activity_permalink', 'members/single/activity/permalink' ) ); -
bp-core/bp-core-signup.php
574 574 575 575 function bp_core_signup_send_validation_email( $user_id, $user_email, $key ) { 576 576 $activate_url = bp_get_activation_page() ."?key=$key"; 577 $activate_url = clean_url( $activate_url );577 $activate_url = esc_url( $activate_url ); 578 578 $admin_email = get_site_option( "admin_email" ); 579 579 580 580 if ( empty( $admin_email ) ) -
bp-core/bp-core-filters.php
165 165 166 166 // Send email with activation link. 167 167 $activate_url = bp_get_activation_page() ."?key=$key"; 168 $activate_url = clean_url($activate_url);168 $activate_url = esc_url($activate_url); 169 169 170 170 $admin_email = get_site_option( "admin_email" ); 171 171 … … 174 174 175 175 $from_name = ( '' == get_site_option( "site_name" ) ) ? 'WordPress' : wp_specialchars( get_site_option( "site_name" ) ); 176 176 $message_headers = "MIME-Version: 1.0\n" . "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n"; 177 $message = sprintf(__("Thanks for registering! To complete the activation of your account and blog, please click the following link:\n\n%s\n\n\n\nAfter you activate, you can visit your blog here:\n\n%s", 'buddypress' ), $activate_url, clean_url("http://{$domain}{$path}" ) );178 $subject = '[' . $from_name . '] ' . sprintf(__('Activate %s', 'buddypress' ), clean_url('http://' . $domain . $path));177 $message = sprintf(__("Thanks for registering! To complete the activation of your account and blog, please click the following link:\n\n%s\n\n\n\nAfter you activate, you can visit your blog here:\n\n%s", 'buddypress' ), $activate_url, esc_url("http://{$domain}{$path}" ) ); 178 $subject = '[' . $from_name . '] ' . sprintf(__('Activate %s', 'buddypress' ), esc_url('http://' . $domain . $path)); 179 179 180 180 /* Send the message */ 181 181 $to = apply_filters( 'bp_core_activation_signup_blog_notification_to', $user_email ); … … 194 194 global $current_site; 195 195 196 196 $activate_url = bp_get_activation_page() ."?key=$key"; 197 $activate_url = clean_url($activate_url);197 $activate_url = esc_url($activate_url); 198 198 $admin_email = get_site_option( "admin_email" ); 199 199 200 200 if ( empty( $admin_email ) ) … … 206 206 207 207 $from_name = ( '' == get_site_option( "site_name" ) ) ? 'WordPress' : wp_specialchars( get_site_option( "site_name" ) ); 208 208 $message_headers = "MIME-Version: 1.0\n" . "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n"; 209 $message = sprintf( __( "Thanks for registering! To complete the activation of your account please click the following link:\n\n%s\n\n", 'buddypress' ), $activate_url . $email, clean_url("http://{$domain}{$path}" ) );209 $message = sprintf( __( "Thanks for registering! To complete the activation of your account please click the following link:\n\n%s\n\n", 'buddypress' ), $activate_url . $email, esc_url( "http://{$domain}{$path}" ) ); 210 210 $subject = '[' . $from_name . '] ' . __( 'Activate Your Account', 'buddypress' ); 211 211 212 212 /* Send the message */ -
bp-core/bp-core-catchuri.php
41 41 if ( strpos( $_SERVER['REQUEST_URI'], 'wp-load.php' ) ) 42 42 $path = bp_core_referrer(); 43 43 else 44 $path = clean_url( $_SERVER['REQUEST_URI'] );44 $path = esc_url( $_SERVER['REQUEST_URI'] ); 45 45 46 46 $path = apply_filters( 'bp_uri', $path ); 47 47