Skip to:
Content

BuddyPress.org

Ticket #4503: 4503-2.diff

File 4503-2.diff, 3.7 KB (added by jkudish, 12 years ago)

piggy back on top of the first patch and simplify a few things and make sure they are escaped too

  • bp-core/bp-core-avatars.php

     
    220220        if ( empty( $alt ) )
    221221                $alt = __( 'Avatar Image', 'buddypress' );
    222222
     223        $html_alt = ' alt="' . esc_attr( $alt ) . '"';
     224
    223225        // Set title tag, if it's been provided
    224226        if ( !empty( $title ) )
    225227                $title = " title='" . esc_attr( apply_filters( 'bp_core_avatar_title', $title, $item_id, $object, $params ) ) . "'";
    226228
    227229        // Set CSS ID if passed
    228230        if ( !empty( $css_id ) )
    229                 $css_id = ' id="' . $css_id . '"';
     231                $css_id = ' id="' . esc_attr( $css_id ) . '"';
    230232
    231         // Set image width
    232         if ( false !== $width )
    233                 $html_width = ' width="' . $width . '"';
    234         else
    235                 $html_width = ( 'thumb' == $type ) ? ' width="' . bp_core_avatar_thumb_width() . '"' : ' width="' . bp_core_avatar_full_width() . '"';
     233        // set the image width variable
     234        if ( false !== $width ) {
     235                $width = $width;
     236        } elseif ( 'thumb' == $type ) {
     237                $width = bp_core_avatar_thumb_width();
     238        } else {
     239                $width = bp_core_avatar_full_width();
     240        }
     241
     242        // Set html width attribute
     243        $html_width = ' width="' . esc_attr( $width ) . '"';
     244
     245        // Set the image height variable
     246        if ( false !== $height ) {
     247                $height = $height;
     248        } elseif ( 'thumb' == $type ) {
     249                $height = bp_core_avatar_thumb_height();
     250        } else {
     251                $height = bp_core_avatar_full_height();
     252        }
     253
     254        $html_height = ' height="' . esc_attr( $height ) . '"';
    236255
    237         // Set image height
    238         if ( false !== $height )
    239                 $html_height = ' height="' . $height . '"';
    240         else
    241                 $html_height = ( 'thumb' == $type ) ? ' height="' . bp_core_avatar_thumb_height() . '"' : ' height="' . bp_core_avatar_full_height() . '"';
    242256
    243257        // Set img URL and DIR based on prepopulated constants
    244258        $avatar_loc        = new stdClass();
     
    250264        $avatar_folder_dir = apply_filters( 'bp_core_avatar_folder_dir', ( $avatar_loc->path . $avatar_loc->dir . $item_id ), $item_id, $object, $avatar_dir );
    251265
    252266        // Add an identifying class
    253         $class .= ' ' . $object . '-' . $item_id . '-avatar';
     267        $class .= ' ' . $object . '-' . $item_id . '-avatar ' . sanitize_html_class( "avatar-$width" ) . ' photo';
    254268
    255269        /****
    256270         * Look for uploaded avatar first. Use it if it exists.
     
    314328
    315329                        // Return it wrapped in an <img> element
    316330                        if ( true === $html ) {
    317                                 return apply_filters( 'bp_core_fetch_avatar', '<img src="' . $avatar_url . '" alt="' . esc_attr( $alt ) . '" class="' . esc_attr( $class ) . '"' . $css_id . $html_width . $html_height . $title . ' />', $params, $item_id, $avatar_dir, $css_id, $html_width, $html_height, $avatar_folder_url, $avatar_folder_dir );
     331                                return apply_filters( 'bp_core_fetch_avatar', '<img src="' . $avatar_url . '" class="' . esc_attr( $class ) . '"' . $css_id . $html_width . $html_height . $html_alt . $title . ' />', $params, $item_id, $avatar_dir, $css_id, $html_width, $html_height, $avatar_folder_url, $avatar_folder_dir );
    318332
    319333                        // ...or only the URL
    320334                        } else {
     
    376390        }
    377391
    378392        if ( true === $html )
    379                 return apply_filters( 'bp_core_fetch_avatar', '<img src="' . $gravatar . '" alt="' . esc_attr( $alt ) . '" class="' . esc_attr( $class ) . '"' . $css_id . $html_width . $html_height . $title . ' />', $params, $item_id, $avatar_dir, $css_id, $html_width, $html_height, $avatar_folder_url, $avatar_folder_dir );
     393                return apply_filters( 'bp_core_fetch_avatar', '<img src="' . $gravatar . '" class="' . esc_attr( $class ) . '"' . $css_id . $html_width . $html_height . $html_alt . $title . ' />', $params, $item_id, $avatar_dir, $css_id, $html_width, $html_height, $avatar_folder_url, $avatar_folder_dir );
    380394        else
    381395                return apply_filters( 'bp_core_fetch_avatar_url', $gravatar );
    382396}