Ticket #2776: 2776-xprofile-2.patch
File 2776-xprofile-2.patch, 13.1 KB (added by , 14 years ago) |
---|
-
bp-xprofile/bp-xprofile-filters.php
1 1 <?php 2 // Apply WordPress defined filters 3 add_filter( 'bp_get_the_profile_field_value', 'wp_filter_kses', 1 ); 4 add_filter( 'bp_get_the_profile_field_name', 'wp_filter_kses', 1 ); 5 add_filter( 'bp_get_the_profile_field_edit_value', 'wp_filter_kses', 1 ); 6 add_filter( 'bp_get_the_profile_field_description', 'wp_filter_kses', 1 ); 2 7 3 /* Apply WordPress defined filters */ 8 add_filter( 'bp_get_the_profile_field_value', 'wptexturize' ); 9 add_filter( 'bp_get_the_profile_field_value', 'convert_smilies', 2 ); 10 add_filter( 'bp_get_the_profile_field_value', 'convert_chars' ); 11 add_filter( 'bp_get_the_profile_field_value', 'wpautop' ); 12 add_filter( 'bp_get_the_profile_field_value', 'make_clickable' ); 13 add_filter( 'bp_get_the_profile_field_value', 'force_balance_tags' ); 4 14 5 add_filter( 'bp_get_the_profile_field_value', 'wp_filter_kses', 1 ); 6 add_filter( 'bp_get_the_profile_field_name', 'wp_filter_kses', 1 ); 7 add_filter( 'bp_get_the_profile_field_edit_value', 'wp_filter_kses', 1 ); 8 add_filter( 'bp_get_the_profile_field_description', 'wp_filter_kses', 1 ); 15 add_filter( 'bp_get_the_profile_field_name', 'stripslashes' ); 16 add_filter( 'bp_get_the_profile_field_edit_value', 'stripslashes' ); 17 add_filter( 'bp_get_the_profile_field_description', 'stripslashes' ); 9 18 10 add_filter( 'bp_get_the_profile_field_value', 'wptexturize' );11 add_filter( 'bp_get_the_profile_field_value', 'convert_smilies', 2 );12 add_filter( 'bp_get_the_profile_field_value', 'convert_chars' );13 add_filter( 'bp_get_the_profile_field_value', 'wpautop' );14 add_filter( 'bp_get_the_profile_field_value', 'make_clickable' );15 add_filter( 'bp_get_the_profile_field_value', 'force_balance_tags' );16 19 17 add_filter( ' bp_get_the_profile_field_value', 'stripslashes');18 add_filter( ' bp_get_the_profile_field_edit_value', 'stripslashes');19 add_filter( ' bp_get_the_profile_field_name', 'stripslashes');20 add_filter( ' bp_get_the_profile_field_description', 'stripslashes');20 add_filter( 'xprofile_get_field_data', 'wp_filter_kses', 1 ); 21 add_filter( 'xprofile_field_name_before_save', 'wp_filter_kses', 1 ); 22 add_filter( 'xprofile_field_description_before_save', 'wp_filter_kses', 1 ); 23 add_filter( 'xprofile_field_option_value_before_save', 'wp_filter_kses', 1 ); 21 24 22 add_filter( 'xprofile_get_field_data', 'wp_filter_kses', 1 ); 23 add_filter( 'xprofile_field_name_before_save', 'wp_filter_kses', 1 ); 24 add_filter( 'xprofile_field_description_before_save', 'wp_filter_kses', 1 ); 25 add_filter( 'xprofile_get_field_data', 'force_balance_tags' ); 26 add_filter( 'xprofile_field_name_before_save', 'force_balance_tags' ); 27 add_filter( 'xprofile_field_description_before_save', 'force_balance_tags' ); 28 add_filter( 'xprofile_field_option_value_before_save', 'force_balance_tags' ); 25 29 26 add_filter( 'xprofile_get_field_data', 'force_balance_tags' ); 27 add_filter( 'xprofile_field_name_before_save', 'force_balance_tags' ); 28 add_filter( 'xprofile_field_description_before_save', 'force_balance_tags' ); 30 add_filter( 'xprofile_get_field_data', 'stripslashes' ); 31 add_filter( 'xprofile_field_name_before_save', 'stripslashes' ); 32 add_filter( 'xprofile_field_description_before_save', 'stripslashes' ); 33 add_filter( 'xprofile_field_type_before_save', 'stripslashes' ); 34 add_filter( 'xprofile_field_option_value_before_save', 'stripslashes' ); 29 35 30 add_filter( 'xprofile_get_field_data', 'stripslashes' ); 36 add_filter( 'xprofile_group_name_before_save', 'stripslashes' ); 37 add_filter( 'xprofile_group_description_before_save', 'stripslashes' ); 31 38 32 /* Custom BuddyPress filters */33 39 40 // Custom BuddyPress filters 34 41 add_filter( 'bp_get_the_profile_field_value', 'xprofile_filter_format_field_value', 1, 2 ); 35 42 add_filter( 'bp_get_the_site_member_profile_data', 'xprofile_filter_format_field_value', 1, 2 ); 36 43 add_filter( 'bp_get_the_profile_field_value', 'xprofile_filter_link_profile_data', 50, 2 ); … … 47 54 * @return string 48 55 */ 49 56 function xprofile_sanitize_data_value_before_save ( $field_value, $field_id ) { 50 51 57 // Return if empty 52 58 if ( empty( $field_value ) ) 53 59 return; … … 57 63 58 64 // Filter single value 59 65 if ( !is_array( $field_value ) ) { 60 $kses_field_value = wp_filter_kses( $field_value);66 $kses_field_value = stripslashes( wp_filter_kses( $field_value ) ); 61 67 $filtered_field_value = force_balance_tags( $kses_field_value ); 62 68 63 69 // Filter each array item independently 64 70 } else { 65 71 foreach ( (array)$field_value as $value ) { 66 $kses_field_value = wp_filter_kses( $value);67 $filtered_values[] = force_balance_tags( $kses_field_value );72 $kses_field_value = stripslashes( wp_filter_kses( $value ) ); 73 $filtered_values[] = force_balance_tags( $kses_field_value ); 68 74 } 69 75 70 76 $filtered_field_value = serialize( $filtered_values ); … … 143 149 return $comments; 144 150 } 145 151 add_filter( 'comments_array', 'xprofile_filter_comments', 10, 2 ); 146 147 ?> 152 ?> 153 No newline at end of file -
bp-xprofile/bp-xprofile-templatetags.php
387 387 $option_values = maybe_unserialize( BP_XProfile_ProfileData::get_value_byid( $options[$k]->parent_id ) ); 388 388 $option_values = (array)$option_values; 389 389 390 / * Check for updated posted values, but errors preventing them from being saved first time */390 // Check for updated posted values, but errors preventing them from being saved first time 391 391 foreach( (array)$option_values as $i => $option_value ) { 392 392 if ( isset( $_POST['field_' . $field->id] ) && $_POST['field_' . $field->id] != $option_value ) { 393 393 if ( !empty( $_POST['field_' . $field->id] ) ) … … 395 395 } 396 396 } 397 397 398 if ( in_array( $options[$k]->name, (array)$option_values ) || $options[$k]->is_default_option ) {398 if ( in_array( $options[$k]->name, (array)$option_values ) || empty( $option_value ) && $options[$k]->is_default_option ) 399 399 $selected = ' selected="selected"'; 400 } else {400 else 401 401 $selected = ''; 402 }403 402 404 $html .= apply_filters( 'bp_get_the_profile_field_options_select', '<option' . $selected . ' value="' . stripslashes( esc_attr( $options[$k]->name ) ) . '">' . stripslashes( esc_attr( $options[$k]->name )) . '</option>', $options[$k] );403 $html .= apply_filters( 'bp_get_the_profile_field_options_select', '<option' . $selected . ' value="' . esc_attr( $options[$k]->name ) . '">' . esc_attr( $options[$k]->name ) . '</option>', $options[$k] ); 405 404 } 406 405 break; 407 406 … … 411 410 for ( $k = 0; $k < count($options); $k++ ) { 412 411 $option_value = BP_XProfile_ProfileData::get_value_byid($options[$k]->parent_id); 413 412 414 / * Check for updated posted values, but errors preventing them from being saved first time */413 // Check for updated posted values, but errors preventing them from being saved first time 415 414 if ( isset( $_POST['field_' . $field->id] ) && $option_value != $_POST['field_' . $field->id] ) { 416 415 if ( !empty( $_POST['field_' . $field->id] ) ) 417 416 $option_value = $_POST['field_' . $field->id]; 418 417 } 419 418 420 if ( $option_value == $options[$k]->name || $value == $options[$k]->name || ( empty( $option_value ) && $options[$k]->is_default_option ) ) {419 if ( $option_value == $options[$k]->name || $value == $options[$k]->name || empty( $option_value ) && $options[$k]->is_default_option ) 421 420 $selected = ' checked="checked"'; 422 } else {421 else 423 422 $selected = ''; 424 }425 423 426 $html .= apply_filters( 'bp_get_the_profile_field_options_radio', '<label><input' . $selected . ' type="radio" name="field_' . $field->id . '" id="option_' . $options[$k]->id . '" value="' . stripslashes( esc_attr( $options[$k]->name ) ) . '"> ' . stripslashes( esc_attr( $options[$k]->name )) . '</label>', $options[$k] );424 $html .= apply_filters( 'bp_get_the_profile_field_options_radio', '<label><input' . $selected . ' type="radio" name="field_' . $field->id . '" id="option_' . $options[$k]->id . '" value="' . esc_attr( $options[$k]->name ) . '"> ' . esc_attr( $options[$k]->name ) . '</label>', $options[$k] ); 427 425 } 428 426 429 427 $html .= '</div>'; … … 432 430 case 'checkbox': 433 431 $option_values = BP_XProfile_ProfileData::get_value_byid($options[0]->parent_id); 434 432 435 / * Check for updated posted values, but errors preventing them from being saved first time */433 // Check for updated posted values, but errors preventing them from being saved first time 436 434 if ( isset( $_POST['field_' . $field->id] ) && $option_values != maybe_serialize( $_POST['field_' . $field->id] ) ) { 437 435 if ( !empty( $_POST['field_' . $field->id] ) ) 438 436 $option_values = $_POST['field_' . $field->id]; … … 442 440 443 441 for ( $k = 0; $k < count($options); $k++ ) { 444 442 for ( $j = 0; $j < count($option_values); $j++ ) { 445 if ( $option_values[$j] == $options[$k]->name || @in_array( $options[$k]->name, $value ) || $options[$k]->is_default_option ) {443 if ( $option_values[$j] == $options[$k]->name || @in_array( $options[$k]->name, $value ) || empty( $option_value ) && $options[$k]->is_default_option ) { 446 444 $selected = ' checked="checked"'; 447 445 break; 448 446 } 449 447 } 450 448 451 $html .= apply_filters( 'bp_get_the_profile_field_options_checkbox', '<label><input' . $selected . ' type="checkbox" name="field_' . $field->id . '[]" id="field_' . $options[$k]->id . '_' . $k . '" value="' . stripslashes( esc_attr( $options[$k]->name ) ) . '"> ' . stripslashes( esc_attr( $options[$k]->name )) . '</label>', $options[$k] );449 $html .= apply_filters( 'bp_get_the_profile_field_options_checkbox', '<label><input' . $selected . ' type="checkbox" name="field_' . $field->id . '[]" id="field_' . $options[$k]->id . '_' . $k . '" value="' . esc_attr( $options[$k]->name ) . '"> ' . esc_attr( $options[$k]->name ) . '</label>', $options[$k] ); 452 450 $selected = ''; 453 451 } 454 452 break; -
bp-xprofile/bp-xprofile-classes.php
34 34 function save() { 35 35 global $wpdb, $bp; 36 36 37 $this->name 38 $this->description 37 $this->name = apply_filters( 'xprofile_group_name_before_save', $this->name, $this->id ); 38 $this->description = apply_filters( 'xprofile_group_description_before_save', $this->description, $this->id ); 39 39 40 40 do_action( 'xprofile_group_before_save', $this ); 41 41 … … 297 297 $this->group_id = $field->group_id; 298 298 $this->parent_id = $field->parent_id; 299 299 $this->type = $field->type; 300 $this->name = stripslashes( $field->name );301 $this->description = stripslashes( $field->description );300 $this->name = $field->name; 301 $this->description = $field->description; 302 302 $this->is_required = $field->is_required; 303 303 $this->can_delete = $field->can_delete; 304 304 $this->field_order = $field->field_order; … … 412 412 $is_default = 1; 413 413 } 414 414 415 if ( '' != $option_value ) { 415 if ( !empty( $option_value ) ) { 416 $option_value = apply_filters( 'xprofile_field_option_value_before_save', $option_value, $this->group_id ); 417 416 418 if ( !$wpdb->query( $wpdb->prepare( "INSERT INTO {$bp->profile->table_name_fields} (group_id, parent_id, type, name, description, is_required, option_order, is_default_option) VALUES (%d, %d, 'option', %s, '', 0, %d, %d)", $this->group_id, $parent_id, $option_value, $counter, $is_default ) ) ) 417 419 return false; 418 420 } … … 740 742 $this->id = $profiledata->id; 741 743 $this->user_id = $profiledata->user_id; 742 744 $this->field_id = $profiledata->field_id; 743 $this->value = stripslashes( $profiledata->value );745 $this->value = $profiledata->value; 744 746 $this->last_updated = $profiledata->last_updated; 745 747 } 746 748 } … … 964 966 return $data[BP_XPROFILE_FULLNAME_FIELD_NAME]; 965 967 } 966 968 } 967 968 969 ?> 969 No newline at end of file -
bp-xprofile.php
663 663 664 664 /* Check the value is an acceptable value */ 665 665 if ( 'checkbox' == $field->type || 'radio' == $field->type || 'selectbox' == $field->type || 'multiselectbox' == $field->type ) { 666 $value = stripslashes_deep( $value ); 666 667 $options = $field->get_children(); 667 668 668 669 foreach( $options as $option )