Skip to:
Content

BuddyPress.org

Ticket #5184: 0002-Escape-the-returned-placeholder-value.patch

File 0002-Escape-the-returned-placeholder-value.patch, 1.0 KB (added by haykayltduk, 11 years ago)

escape the returned value

  • bp-xprofile/bp-xprofile-template.php

    From 8bcf6fa5468a5f06225bb20248f31f6f29c6a9ea Mon Sep 17 00:00:00 2001
    From: Anand Kumria <akumria@acm.org>
    Date: Sun, 24 Nov 2013 16:06:03 +0000
    Subject: [PATCH 2/4] Escape the returned placeholder value.
    
    We were not doing this before but this is good hygene anyway.
    ---
     bp-xprofile/bp-xprofile-template.php |    2 +-
     1 file changed, 1 insertion(+), 1 deletion(-)
    
    diff --git a/bp-xprofile/bp-xprofile-template.php b/bp-xprofile/bp-xprofile-template.php
    index 99d4a43..b16f608 100644
    a b function bp_get_placeholder_text_for_field( $field ) { 
    473473                switch ( $field->type ) {
    474474                        case 'selectbox':
    475475
    476                                 $html .= '<option value="">' . bp_get_placeholder_text_for_field($field) . '</option>';
     476                                $html .= '<option value="">' . esc_html( bp_get_placeholder_text_for_field($field) ) . '</option>';
    477477
    478478                                $original_option_values = '';
    479479                                $original_option_values = maybe_unserialize( BP_XProfile_ProfileData::get_value_byid( $field->id ) );