From 8bcf6fa5468a5f06225bb20248f31f6f29c6a9ea Mon Sep 17 00:00:00 2001
From: Anand Kumria <akumria@acm.org>
Date: Sun, 24 Nov 2013 16:06:03 +0000
Subject: [PATCH 2/4] Escape the returned placeholder value.
We were not doing this before but this is good hygene anyway.
---
bp-xprofile/bp-xprofile-template.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bp-xprofile/bp-xprofile-template.php b/bp-xprofile/bp-xprofile-template.php
index 99d4a43..b16f608 100644
a
|
b
|
function bp_get_placeholder_text_for_field( $field ) { |
473 | 473 | switch ( $field->type ) { |
474 | 474 | case 'selectbox': |
475 | 475 | |
476 | | $html .= '<option value="">' . bp_get_placeholder_text_for_field($field) . '</option>'; |
| 476 | $html .= '<option value="">' . esc_html( bp_get_placeholder_text_for_field($field) ) . '</option>'; |
477 | 477 | |
478 | 478 | $original_option_values = ''; |
479 | 479 | $original_option_values = maybe_unserialize( BP_XProfile_ProfileData::get_value_byid( $field->id ) ); |