Ticket #6451: 6451.01.patch
File 6451.01.patch, 27.5 KB (added by , 9 years ago) |
---|
-
src/bp-groups/bp-groups-template.php
78 78 */ 79 79 function bp_get_groups_directory_permalink() { 80 80 81 $directory = trailingslashit( bp_get_root_domain() ) . bp_get_groups_root_slug(); 82 $url = trailingslashit( $directory ); 83 81 84 /** 82 85 * Filters the group directory permalink. 83 86 * … … 85 88 * 86 89 * @param string $value Permalink for the group directory. 87 90 */ 88 return apply_filters( 'bp_get_groups_directory_permalink', trailingslashit( bp_get_root_domain() . '/' . bp_get_groups_root_slug() ));91 return apply_filters( 'bp_get_groups_directory_permalink', $url ); 89 92 } 90 93 91 94 /** … … 1026 1029 * group in loop. 1027 1030 */ 1028 1031 function bp_group_permalink( $group = false ) { 1029 echo bp_get_group_permalink( $group);1032 echo esc_url( bp_get_group_permalink( $group ) ); 1030 1033 } 1031 1034 /** 1032 1035 * Return the permalink for the current group in the loop. … … 1042 1045 $group =& $groups_template->group; 1043 1046 } 1044 1047 1048 $directory = bp_get_groups_directory_permalink(); 1049 $group_url = trailingslashit( $directory . $group->slug ); 1050 1045 1051 /** 1046 1052 * Filters the permalink for the current group in the loop. 1047 1053 * … … 1049 1055 * 1050 1056 * @param string $value Permalink for the current group in the loop. 1051 1057 */ 1052 return apply_filters( 'bp_get_group_permalink', trailingslashit( bp_get_groups_directory_permalink() . $group->slug . '/' ));1058 return apply_filters( 'bp_get_group_permalink', $group_url ); 1053 1059 } 1054 1060 1055 1061 /** … … 1059 1065 * group in loop. 1060 1066 */ 1061 1067 function bp_group_admin_permalink( $group = false ) { 1062 echo bp_get_group_admin_permalink( $group);1068 echo esc_url( bp_get_group_admin_permalink( $group ) ); 1063 1069 } 1064 1070 /** 1065 1071 * Return the permalink for the admin section of the current group in the loop. … … 1071 1077 function bp_get_group_admin_permalink( $group = false ) { 1072 1078 global $groups_template; 1073 1079 1074 if ( empty( $group ) ) 1080 if ( empty( $group ) ) { 1075 1081 $group =& $groups_template->group; 1082 } 1076 1083 1084 $group_url = bp_get_group_permalink( $group ); 1085 $url = trailingslashit( $group_url . 'admin' ); 1086 1077 1087 /** 1078 1088 * Filters the permalink for the admin section of the current group in the loop. 1079 1089 * … … 1081 1091 * 1082 1092 * @param string $value Permalink for the admin section of the current group in the loop. 1083 1093 */ 1084 return apply_filters( 'bp_get_group_admin_permalink', trailingslashit( bp_get_group_permalink( $group ) . 'admin' ));1094 return apply_filters( 'bp_get_group_admin_permalink', $url ); 1085 1095 } 1086 1096 1087 1097 /** … … 1387 1397 * group in loop. 1388 1398 */ 1389 1399 function bp_group_creator_permalink( $group = false ) { 1390 echo bp_get_group_creator_permalink( $group);1400 echo esc_url( bp_get_group_creator_permalink( $group ) ); 1391 1401 } 1392 1402 /** 1393 1403 * Return the permalink of the creator of the current group in the loop. … … 1399 1409 function bp_get_group_creator_permalink( $group = false ) { 1400 1410 global $groups_template; 1401 1411 1402 if ( empty( $group ) ) 1412 if ( empty( $group ) ) { 1403 1413 $group =& $groups_template->group; 1414 } 1404 1415 1416 $url = bp_core_get_user_domain( $group->creator_id ); 1417 1405 1418 /** 1406 1419 * Filters the permalink of the creator of the current group in the loop. 1407 1420 * … … 1409 1422 * 1410 1423 * @param string $value Permalink of the group creator. 1411 1424 */ 1412 return apply_filters( 'bp_get_group_creator_permalink', bp_core_get_user_domain( $group->creator_id ));1425 return apply_filters( 'bp_get_group_creator_permalink', $url ); 1413 1426 } 1414 1427 1415 1428 /** … … 1687 1700 * Output the permalink of the current group's Members page. 1688 1701 */ 1689 1702 function bp_group_all_members_permalink() { 1690 echo bp_get_group_all_members_permalink();1703 echo esc_url( bp_get_group_all_members_permalink() ); 1691 1704 } 1692 1705 /** 1693 1706 * Return the permalink of the Members page of the current group in the loop. … … 1699 1712 function bp_get_group_all_members_permalink( $group = false ) { 1700 1713 global $groups_template; 1701 1714 1702 if ( empty( $group ) ) 1715 if ( empty( $group ) ) { 1703 1716 $group =& $groups_template->group; 1717 } 1704 1718 1719 $group_url = bp_get_group_permalink( $group ); 1720 $url = trailingslashit( $group_url . 'members' ); 1721 1705 1722 /** 1706 1723 * Filters the permalink of the Members page for the current group in the loop. 1707 1724 * … … 1709 1726 * 1710 1727 * @param string $value Permalink of the Members page for the current group. 1711 1728 */ 1712 return apply_filters( 'bp_get_group_all_members_permalink', bp_get_group_permalink( $group ) . 'members');1729 return apply_filters( 'bp_get_group_all_members_permalink', $url ); 1713 1730 } 1714 1731 1715 1732 /** … … 1762 1779 */ 1763 1780 function bp_group_is_activity_permalink() { 1764 1781 1765 if ( ! bp_is_single_item() || !bp_is_groups_component() || !bp_is_current_action( bp_get_activity_slug() ) )1782 if ( ! bp_is_single_item() || ! bp_is_groups_component() || ! bp_is_current_action( bp_get_activity_slug() ) ) { 1766 1783 return false; 1784 } 1767 1785 1768 1786 return true; 1769 1787 } … … 1919 1937 * Output the URL of the Forum page of the current group in the loop. 1920 1938 */ 1921 1939 function bp_group_forum_permalink() { 1922 echo bp_get_group_forum_permalink();1940 echo esc_url( bp_get_group_forum_permalink() ); 1923 1941 } 1924 1942 /** 1925 1943 * Generate the URL of the Forum page of a group. … … 1930 1948 function bp_get_group_forum_permalink( $group = false ) { 1931 1949 global $groups_template; 1932 1950 1933 if ( empty( $group ) ) 1951 if ( empty( $group ) ) { 1934 1952 $group =& $groups_template->group; 1953 } 1935 1954 1955 $group_url = bp_get_group_permalink( $group ); 1956 $url = trailingslashit( $group_url . 'forum' ); 1957 1936 1958 /** 1937 1959 * Filters the URL of the Forum page of a group. 1938 1960 * … … 1940 1962 * 1941 1963 * @param string $value URL permalink for the Forum Page. 1942 1964 */ 1943 return apply_filters( 'bp_get_group_forum_permalink', bp_get_group_permalink( $group ) . 'forum');1965 return apply_filters( 'bp_get_group_forum_permalink', $url ); 1944 1966 } 1945 1967 1946 1968 /** … … 2423 2445 * @param array $args See {@link bp_get_group_member_promote_mod_link()}. 2424 2446 */ 2425 2447 function bp_group_member_promote_mod_link( $args = '' ) { 2426 echo bp_get_group_member_promote_mod_link( $args);2448 echo esc_url( bp_get_group_member_promote_mod_link( $args ) ); 2427 2449 } 2428 2450 /** 2429 2451 * Generate a URL for promoting a user to moderator. … … 2438 2460 function bp_get_group_member_promote_mod_link( $args = '' ) { 2439 2461 global $members_template, $groups_template; 2440 2462 2441 $defaults = array( 2442 'user_id' => $members_template->member->user_id, 2463 if ( ! empty( $members_template->member->user_id ) ) { 2464 $user_id = (int) $members_template->member->user_id; 2465 } else { 2466 $user_id = 0; 2467 } 2468 2469 $r = bp_parse_args( $args, array( 2470 'user_id' => $user_id, 2443 2471 'group' => &$groups_template->group 2444 ) ;2472 ) ); 2445 2473 2446 $r = wp_parse_args( $args, $defaults ); 2447 extract( $r, EXTR_SKIP ); 2474 $group_url = bp_get_group_permalink( $r['group'] ); 2475 $url = trailingslashit( $group_url . 'admin/manage-members/promote/mod/' . $r['user_id'] ); 2476 $nonced_url = wp_nonce_url( $url, 'groups_promote_member' ); 2448 2477 2478 2449 2479 /** 2450 2480 * Filters a URL for promoting a user to moderator. 2451 2481 * … … 2453 2483 * 2454 2484 * @param string $value URL to use for promoting a user to moderator. 2455 2485 */ 2456 return apply_filters( 'bp_get_group_member_promote_mod_link', wp_nonce_url( bp_get_group_permalink( $group ) . 'admin/manage-members/promote/mod/' . $user_id, 'groups_promote_member' ));2486 return apply_filters( 'bp_get_group_member_promote_mod_link', $nonced_url, $r, $args ); 2457 2487 } 2458 2488 2459 2489 /** … … 2462 2492 * @param array $args See {@link bp_get_group_member_promote_admin_link()}. 2463 2493 */ 2464 2494 function bp_group_member_promote_admin_link( $args = '' ) { 2465 echo bp_get_group_member_promote_admin_link( $args);2495 echo esc_url( bp_get_group_member_promote_admin_link( $args ) ); 2466 2496 } 2467 2497 /** 2468 2498 * Generate a URL for promoting a user to admin. … … 2477 2507 function bp_get_group_member_promote_admin_link( $args = '' ) { 2478 2508 global $members_template, $groups_template; 2479 2509 2480 $defaults = array( 2481 'user_id' => !empty( $members_template->member->user_id ) ? $members_template->member->user_id : false, 2510 if ( ! empty( $members_template->member->user_id ) ) { 2511 $user_id = (int) $members_template->member->user_id; 2512 } else { 2513 $user_id = 0; 2514 } 2515 2516 $r = bp_parse_args( $args, array( 2517 'user_id' => $user_id, 2482 2518 'group' => &$groups_template->group 2483 ) ;2519 ) ); 2484 2520 2485 $r = wp_parse_args( $args, $defaults ); 2486 extract( $r, EXTR_SKIP ); 2521 $group_url = bp_get_group_permalink( $r['group'] ); 2522 $url = trailingslashit( $group_url . 'admin/manage-members/promote/admin/' . $r['user_id'] ); 2523 $nonced_url = wp_nonce_url( $url, 'groups_promote_member' ); 2487 2524 2488 2525 /** 2489 2526 * Filters a URL for promoting a user to admin. … … 2492 2529 * 2493 2530 * @param string $value URL to use for promoting a user to admin. 2494 2531 */ 2495 return apply_filters( 'bp_get_group_member_promote_admin_link', wp_nonce_url( bp_get_group_permalink( $group ) . 'admin/manage-members/promote/admin/' . $user_id, 'groups_promote_member' ));2532 return apply_filters( 'bp_get_group_member_promote_admin_link', $nonced_url, $r, $args ); 2496 2533 } 2497 2534 2498 2535 /** … … 2502 2539 * a member loop. 2503 2540 */ 2504 2541 function bp_group_member_demote_link( $user_id = 0 ) { 2505 global $members_template; 2506 2507 if ( !$user_id ) 2508 $user_id = $members_template->member->user_id; 2509 2510 echo bp_get_group_member_demote_link( $user_id ); 2542 echo esc_url( bp_get_group_member_demote_link( $user_id ) ); 2511 2543 } 2512 2544 /** 2513 2545 * Generate a URL for demoting a user to member. … … 2520 2552 function bp_get_group_member_demote_link( $user_id = 0, $group = false ) { 2521 2553 global $members_template, $groups_template; 2522 2554 2523 if ( empty( $group ) ) 2555 if ( empty( $group ) ) { 2524 2556 $group =& $groups_template->group; 2557 } 2525 2558 2526 if ( !$user_id )2559 if ( empty( $user_id ) ) { 2527 2560 $user_id = $members_template->member->user_id; 2561 } 2528 2562 2563 $group_url = bp_get_group_permalink( $group ); 2564 $url = trailingslashit( $group_url . 'admin/manage-members/demote/' . $user_id ); 2565 $nonced_url = wp_nonce_url( $url , 'groups_demote_member' ); 2566 2529 2567 /** 2530 2568 * Filters a URL for demoting a user to member. 2531 2569 * … … 2533 2571 * 2534 2572 * @param string $value URL to use for demoting a user to member. 2535 2573 */ 2536 return apply_filters( 'bp_get_group_member_demote_link', wp_nonce_url( bp_get_group_permalink( $group ) . 'admin/manage-members/demote/' . $user_id, 'groups_demote_member' ));2574 return apply_filters( 'bp_get_group_member_demote_link', $nonced_url ); 2537 2575 } 2538 2576 2539 2577 /** … … 2543 2581 * a member loop. 2544 2582 */ 2545 2583 function bp_group_member_ban_link( $user_id = 0 ) { 2546 global $members_template; 2547 2548 if ( !$user_id ) 2549 $user_id = $members_template->member->user_id; 2550 2551 echo bp_get_group_member_ban_link( $user_id ); 2584 echo esc_url( bp_get_group_member_ban_link( $user_id ) ); 2552 2585 } 2553 2586 /** 2554 2587 * Generate a URL for banning a member from a group. … … 2559 2592 * @return string 2560 2593 */ 2561 2594 function bp_get_group_member_ban_link( $user_id = 0, $group = false ) { 2562 global $ groups_template;2595 global $members_template, $groups_template; 2563 2596 2564 if ( empty( $group ) ) 2597 if ( empty( $group ) ) { 2565 2598 $group =& $groups_template->group; 2599 } 2566 2600 2601 if ( empty( $user_id ) ) { 2602 $user_id = $members_template->member->user_id; 2603 } 2604 2605 $group_url = bp_get_group_permalink( $group ); 2606 $url = trailingslashit( $group_url . 'admin/manage-members/ban/' . $user_id ); 2607 $nonced_url = wp_nonce_url( $url , 'groups_ban_member' ); 2608 2567 2609 /** 2568 2610 * Filters a URL for banning a member from a group. 2569 2611 * … … 2571 2613 * 2572 2614 * @param string $value URL to use for banning a member. 2573 2615 */ 2574 return apply_filters( 'bp_get_group_member_ban_link', wp_nonce_url( bp_get_group_permalink( $group ) . 'admin/manage-members/ban/' . $user_id, 'groups_ban_member' ));2616 return apply_filters( 'bp_get_group_member_ban_link', $nonced_url ); 2575 2617 } 2576 2618 2577 2619 /** … … 2581 2623 * a member loop. 2582 2624 */ 2583 2625 function bp_group_member_unban_link( $user_id = 0 ) { 2584 global $members_template;2585 2586 if ( !$user_id )2587 $user_id = $members_template->member->user_id;2588 2589 2626 echo bp_get_group_member_unban_link( $user_id ); 2590 2627 } 2591 2628 /** … … 2599 2636 function bp_get_group_member_unban_link( $user_id = 0, $group = false ) { 2600 2637 global $members_template, $groups_template; 2601 2638 2602 if ( !$user_id ) 2639 if ( empty( $group ) ) { 2640 $group =& $groups_template->group; 2641 } 2642 2643 if ( empty( $user_id ) ) { 2603 2644 $user_id = $members_template->member->user_id; 2645 } 2604 2646 2605 if ( empty( $group ) ) 2606 $group =& $groups_template->group; 2647 $group_url = bp_get_group_permalink( $group ); 2648 $url = trailingslashit( $group_url . 'admin/manage-members/unban/' . $user_id ); 2649 $nonced_url = wp_nonce_url( $url , 'groups_unban_member' ); 2607 2650 2608 2651 /** 2609 2652 * Filters a URL for unbanning a member from a group. … … 2612 2655 * 2613 2656 * @param string $value URL to use for unbanning a member. 2614 2657 */ 2615 return apply_filters( 'bp_get_group_member_unban_link', wp_nonce_url( bp_get_group_permalink( $group ) . 'admin/manage-members/unban/' . $user_id, 'groups_unban_member' ));2658 return apply_filters( 'bp_get_group_member_unban_link', $nonced_url ); 2616 2659 } 2617 2660 2618 2661 /** … … 2622 2665 * a member loop. 2623 2666 */ 2624 2667 function bp_group_member_remove_link( $user_id = 0 ) { 2625 global $members_template;2626 2627 if ( !$user_id )2628 $user_id = $members_template->member->user_id;2629 2630 2668 echo bp_get_group_member_remove_link( $user_id ); 2631 2669 } 2632 2670 /** … … 2638 2676 * @return string 2639 2677 */ 2640 2678 function bp_get_group_member_remove_link( $user_id = 0, $group = false ) { 2641 global $ groups_template;2679 global $members_template, $groups_template; 2642 2680 2643 if ( empty( $group ) ) 2681 if ( empty( $group ) ) { 2644 2682 $group =& $groups_template->group; 2683 } 2645 2684 2685 if ( empty( $user_id ) ) { 2686 $user_id = $members_template->member->user_id; 2687 } 2688 2689 $group_url = bp_get_group_permalink( $group ); 2690 $url = trailingslashit( $group_url . 'admin/manage-members/remove/' . $user_id ); 2691 $nonced_url = wp_nonce_url( $url , 'groups_remove_member' ); 2692 2646 2693 /** 2647 2694 * Filters a URL for removing a member from a group. 2648 2695 * … … 2650 2697 * 2651 2698 * @param string $value URL to use for removing a member. 2652 2699 */ 2653 return apply_filters( 'bp_get_group_member_remove_link', wp_nonce_url( bp_get_group_permalink( $group ) . 'admin/manage-members/remove/' . $user_id, 'groups_remove_member' ));2700 return apply_filters( 'bp_get_group_member_remove_link', $nonced_url ); 2654 2701 } 2655 2702 2656 2703 /** … … 2738 2785 * 2739 2786 * @param string $page Page slug. 2740 2787 */ 2741 function bp_group_form_action( $page ) {2742 echo bp_get_group_form_action( $page);2788 function bp_group_form_action( $page = '' ) { 2789 echo esc_url( bp_get_group_form_action( $page ) ); 2743 2790 } 2744 2791 /** 2745 2792 * Generate the 'action' attribute for a group form. … … 2749 2796 * in the loop. 2750 2797 * @return string 2751 2798 */ 2752 function bp_get_group_form_action( $page , $group = false ) {2799 function bp_get_group_form_action( $page = '', $group = false ) { 2753 2800 global $groups_template; 2754 2801 2755 if ( empty( $group ) ) 2802 if ( empty( $group ) ) { 2756 2803 $group =& $groups_template->group; 2804 } 2757 2805 2806 $url = trailingslashit( bp_get_group_permalink( $group ) . $page ); 2807 2758 2808 /** 2759 2809 * Filters the 'action' attribute for a group form. 2760 2810 * … … 2762 2812 * 2763 2813 * @param string $value Action attribute for a group form. 2764 2814 */ 2765 return apply_filters( 'bp_group_form_action', bp_get_group_permalink( $group ) . $page);2815 return apply_filters( 'bp_group_form_action', $url ); 2766 2816 } 2767 2817 2768 2818 /** … … 2770 2820 * 2771 2821 * @param string $page Optional. Page slug. 2772 2822 */ 2773 function bp_group_admin_form_action( $page = false) {2823 function bp_group_admin_form_action( $page = '' ) { 2774 2824 echo bp_get_group_admin_form_action( $page ); 2775 2825 } 2776 2826 /** … … 2781 2831 * in the loop. 2782 2832 * @return string 2783 2833 */ 2784 function bp_get_group_admin_form_action( $page = false, $group = false ) {2834 function bp_get_group_admin_form_action( $page = '', $group = false ) { 2785 2835 global $groups_template; 2786 2836 2787 if ( empty( $group ) ) 2837 if ( empty( $group ) ) { 2788 2838 $group =& $groups_template->group; 2839 } 2789 2840 2790 if ( empty( $page ) ) 2841 if ( empty( $page ) ) { 2791 2842 $page = bp_action_variable( 0 ); 2843 } 2792 2844 2845 $url = trailingslashit( bp_get_group_permalink( $group ) . 'admin/' . $page ); 2846 2793 2847 /** 2794 2848 * Filters the 'action' attribute for a group admin form. 2795 2849 * … … 2797 2851 * 2798 2852 * @param string $value Action attribute for a group admin form. 2799 2853 */ 2800 return apply_filters( 'bp_group_admin_form_action', bp_get_group_permalink( $group ) . 'admin/' . $page);2854 return apply_filters( 'bp_group_admin_form_action', $url ); 2801 2855 } 2802 2856 2803 2857 /** … … 2937 2991 * Output the URL for accepting an invitation to the current group in the loop. 2938 2992 */ 2939 2993 function bp_group_accept_invite_link() { 2940 echo bp_get_group_accept_invite_link();2994 echo usc_url( bp_get_group_accept_invite_link() ); 2941 2995 } 2942 2996 /** 2943 2997 * Generate the URL for accepting an invitation to a group. … … 2949 3003 function bp_get_group_accept_invite_link( $group = false ) { 2950 3004 global $groups_template; 2951 3005 2952 if ( empty( $group ) ) 3006 if ( empty( $group ) ) { 2953 3007 $group =& $groups_template->group; 3008 } 2954 3009 2955 $bp = buddypress(); 3010 $group_url = trailingslashit( bp_loggedin_user_domain() . bp_get_groups_slug() ); 3011 $url = trailingslashit( $group_url . 'invites/accept/' . $group->id ); 3012 $nonced_url = wp_nonce_url( $url , 'groups_accept_invite' ); 2956 3013 2957 3014 /** 2958 3015 * Filters the URL for accepting an invitation to a group. … … 2961 3018 * 2962 3019 * @param string $value URL for accepting an invitation to a group. 2963 3020 */ 2964 return apply_filters( 'bp_get_group_accept_invite_link', wp_nonce_url( trailingslashit( bp_loggedin_user_domain() . bp_get_groups_slug() . '/invites/accept/' . $group->id ), 'groups_accept_invite' ));3021 return apply_filters( 'bp_get_group_accept_invite_link', $nonced_url ); 2965 3022 } 2966 3023 2967 3024 /** 2968 3025 * Output the URL for accepting an invitation to the current group in the loop. 2969 3026 */ 2970 3027 function bp_group_reject_invite_link() { 2971 echo bp_get_group_reject_invite_link();3028 echo esc_url( bp_get_group_reject_invite_link() ); 2972 3029 } 2973 3030 /** 2974 3031 * Generate the URL for rejecting an invitation to a group. … … 2980 3037 function bp_get_group_reject_invite_link( $group = false ) { 2981 3038 global $groups_template; 2982 3039 2983 if ( empty( $group ) ) 3040 if ( empty( $group ) ) { 2984 3041 $group =& $groups_template->group; 3042 } 2985 3043 2986 $bp = buddypress(); 3044 $group_url = trailingslashit( bp_loggedin_user_domain() . bp_get_groups_slug() ); 3045 $url = trailingslashit( $group_url . 'invites/reject/' . $group->id ); 3046 $nonced_url = wp_nonce_url( $url , 'groups_reject_invite' ); 2987 3047 2988 3048 /** 2989 3049 * Filters the URL for rejecting an invitation to a group. … … 2992 3052 * 2993 3053 * @param string $value URL for rejecting an invitation to a group. 2994 3054 */ 2995 return apply_filters( 'bp_get_group_reject_invite_link', wp_nonce_url( trailingslashit( bp_loggedin_user_domain() . bp_get_groups_slug() . '/invites/reject/' . $group->id ), 'groups_reject_invite' ));3055 return apply_filters( 'bp_get_group_reject_invite_link', $nonced_url ); 2996 3056 } 2997 3057 2998 3058 /** 2999 3059 * Output the URL for confirming a request to leave a group. 3000 3060 */ 3001 3061 function bp_group_leave_confirm_link() { 3002 echo bp_get_group_leave_confirm_link();3062 echo esc_url( bp_get_group_leave_confirm_link() ); 3003 3063 } 3004 3064 /** 3005 3065 * Generate the URL for confirming a request to leave a group. … … 3011 3071 function bp_get_group_leave_confirm_link( $group = false ) { 3012 3072 global $groups_template; 3013 3073 3014 if ( empty( $group ) ) 3074 if ( empty( $group ) ) { 3015 3075 $group =& $groups_template->group; 3076 } 3016 3077 3078 $group_url = bp_get_group_permalink( $group ); 3079 $url = trailingslashit( $group_url . 'leave-group/yes' ); 3080 $nonced_url = wp_nonce_url( $url , 'groups_leave_group' ); 3081 3017 3082 /** 3018 3083 * Filters the URL for confirming a request to leave a group. 3019 3084 * … … 3021 3086 * 3022 3087 * @param string $value URL for confirming a request to leave a group. 3023 3088 */ 3024 return apply_filters( 'bp_group_leave_confirm_link', wp_nonce_url( bp_get_group_permalink( $group ) . 'leave-group/yes', 'groups_leave_group' ));3089 return apply_filters( 'bp_group_leave_confirm_link', $nonced_url ); 3025 3090 } 3026 3091 3027 3092 /** 3028 3093 * Output the URL for rejecting a request to leave a group. 3029 3094 */ 3030 3095 function bp_group_leave_reject_link() { 3031 echo bp_get_group_leave_reject_link();3096 echo esc_url( bp_get_group_leave_reject_link() ); 3032 3097 } 3033 3098 /** 3034 3099 * Generate the URL for rejecting a request to leave a group. … … 3040 3105 function bp_get_group_leave_reject_link( $group = false ) { 3041 3106 global $groups_template; 3042 3107 3043 if ( empty( $group ) ) 3108 if ( empty( $group ) ) { 3044 3109 $group =& $groups_template->group; 3110 } 3045 3111 3112 $group_url = bp_get_group_permalink( $group ); 3113 $url = trailingslashit( $group_url ); 3114 $nonced_url = wp_nonce_url( $url, 'groups_leave_group' ); 3115 3046 3116 /** 3047 3117 * Filters the URL for rejecting a request to leave a group. 3048 3118 * … … 3050 3120 * 3051 3121 * @param string $value URL for rejecting a request to leave a group. 3052 3122 */ 3053 return apply_filters( 'bp_get_group_leave_reject_link', bp_get_group_permalink( $group ));3123 return apply_filters( 'bp_get_group_leave_reject_link', $nonced_url ); 3054 3124 } 3055 3125 3056 3126 /** … … 3062 3132 /** 3063 3133 * Output the 'action' attribute for a group send invite form. 3064 3134 * 3065 * @param object $ pageOptional. Group object. Default: current group3135 * @param object $group Optional. Group object. Default: current group 3066 3136 * in the loop. 3067 3137 * @return string 3068 3138 */ 3069 3139 function bp_get_group_send_invite_form_action( $group = false ) { 3070 3140 global $groups_template; 3071 3141 3072 if ( empty( $group ) ) 3142 if ( empty( $group ) ) { 3073 3143 $group =& $groups_template->group; 3144 } 3074 3145 3146 $group_url = bp_get_group_permalink( $group ); 3147 $action_url = trailingslashit( $group_url . 'send-invites/send' ); 3148 3075 3149 /** 3076 3150 * Filters the 'action' attribute for a group send invite form. 3077 3151 * … … 3079 3153 * 3080 3154 * @param string $value Action attribute for a group send invite form. 3081 3155 */ 3082 return apply_filters( 'bp_group_send_invite_form_action', bp_get_group_permalink( $group ) . 'send-invites/send');3156 return apply_filters( 'bp_group_send_invite_form_action', $action_url ); 3083 3157 } 3084 3158 3085 3159 /** … … 4564 4638 } 4565 4639 4566 4640 function bp_group_creation_previous_link() { 4567 echo bp_get_group_creation_previous_link();4641 echo esc_url( bp_get_group_creation_previous_link() ); 4568 4642 } 4569 4643 function bp_get_group_creation_previous_link() { 4570 4644 $bp = buddypress(); … … 4577 4651 $previous_steps[] = $slug; 4578 4652 } 4579 4653 4654 $previous_step = array_pop( $previous_steps ); 4655 $groups_url = bp_get_groups_directory_permalink(); 4656 $previous_url = trailingslashit( $groups_url . 'create/step/' . $previous_step ); 4657 4580 4658 /** 4581 4659 * Filters the permalink for the previous step with the group creation process. 4582 4660 * … … 4584 4662 * 4585 4663 * @param string $value Permalink for the previous step. 4586 4664 */ 4587 return apply_filters( 'bp_get_group_creation_previous_link', trailingslashit( bp_get_groups_directory_permalink() . 'create/step/' . array_pop( $previous_steps ) ));4665 return apply_filters( 'bp_get_group_creation_previous_link', $previous_url ); 4588 4666 } 4589 4667 4590 4668 /** … … 4884 4962 echo bp_get_group_avatar_delete_link(); 4885 4963 } 4886 4964 function bp_get_group_avatar_delete_link() { 4887 $bp = buddypress(); 4965 $group = groups_get_current_group(); 4966 $group_url = bp_get_group_permalink( $group ); 4967 $url = trailingslashit( $group_url . 'admin/group-avatar/delete' ); 4968 $nonced_url = wp_nonce_url( $url, 'bp_group_avatar_delete' ); 4888 4969 4889 4970 /** 4890 4971 * Filters the URL to delete the group avatar. … … 4893 4974 * 4894 4975 * @param string $value URL to delete the group avatar. 4895 4976 */ 4896 return apply_filters( 'bp_get_group_avatar_delete_link', wp_nonce_url( bp_get_group_permalink( $bp->groups->current_group ) . 'admin/group-avatar/delete', 'bp_group_avatar_delete' ));4977 return apply_filters( 'bp_get_group_avatar_delete_link', $nonced_url ); 4897 4978 } 4898 4979 4899 4980 function bp_group_avatar_edit_form() { … … 5144 5225 } 5145 5226 5146 5227 function bp_group_request_reject_link() { 5147 echo bp_get_group_request_reject_link();5228 echo esc_url( bp_get_group_request_reject_link() ); 5148 5229 } 5149 5230 function bp_get_group_request_reject_link() { 5150 5231 global $requests_template; 5151 5232 5233 $group = groups_get_current_group(); 5234 $groups_url = bp_get_group_permalink( $group ); 5235 $url = trailingslashit( $groups_url . 'admin/membership-requests/reject/' . $requests_template->request->membership_id ); 5236 $nonced_url = wp_nonce_url( $url, 'groups_reject_membership_request' ); 5237 5152 5238 /** 5153 5239 * Filters the URL to use to reject a membership request. 5154 5240 * … … 5156 5242 * 5157 5243 * @param string $value URL to use to reject a membership request. 5158 5244 */ 5159 return apply_filters( 'bp_get_group_request_reject_link', wp_nonce_url( bp_get_group_permalink( groups_get_current_group() ) . 'admin/membership-requests/reject/' . $requests_template->request->membership_id, 'groups_reject_membership_request' ));5245 return apply_filters( 'bp_get_group_request_reject_link', $nonced_url ); 5160 5246 } 5161 5247 5162 5248 function bp_group_request_accept_link() { 5163 echo bp_get_group_request_accept_link();5249 echo esc_url( bp_get_group_request_accept_link() ); 5164 5250 } 5165 5251 function bp_get_group_request_accept_link() { 5166 5252 global $requests_template; 5167 5253 5254 $group = groups_get_current_group(); 5255 $groups_url = bp_get_group_permalink( $group ); 5256 $url = trailingslashit( $groups_url . 'admin/membership-requests/accept/' . $requests_template->request->membership_id ); 5257 $nonced_url = wp_nonce_url( $url, 'groups_accept_membership_request' ); 5258 5168 5259 /** 5169 5260 * Filters the URL to use to accept a membership request. 5170 5261 * … … 5172 5263 * 5173 5264 * @param string $value URL to use to accept a membership request. 5174 5265 */ 5175 return apply_filters( 'bp_get_group_request_accept_link', wp_nonce_url( bp_get_group_permalink( groups_get_current_group() ) . 'admin/membership-requests/accept/' . $requests_template->request->membership_id, 'groups_accept_membership_request' ));5266 return apply_filters( 'bp_get_group_request_accept_link', $nonced_url ); 5176 5267 } 5177 5268 5178 5269 function bp_group_request_user_link() { … … 5548 5639 } 5549 5640 5550 5641 function bp_group_invite_user_link() { 5551 echo bp_get_group_invite_user_link();5642 echo esc_url( bp_get_group_invite_user_link() ); 5552 5643 } 5553 5644 function bp_get_group_invite_user_link() { 5554 5645 global $invites_template; … … 5580 5671 } 5581 5672 5582 5673 function bp_group_invite_user_remove_invite_url() { 5583 echo bp_get_group_invite_user_remove_invite_url();5674 echo esc_url( bp_get_group_invite_user_remove_invite_url() ); 5584 5675 } 5585 5676 function bp_get_group_invite_user_remove_invite_url() { 5586 5677 global $invites_template; … … 5588 5679 $user_id = intval( $invites_template->invite->user->id ); 5589 5680 5590 5681 if ( bp_is_current_action( 'create' ) ) { 5591 $uninvite_url = bp_get_groups_directory_permalink() . 'create/step/group-invites/?user_id=' . $user_id; 5682 $groups_url = bp_get_groups_directory_permalink(); 5683 $url = trailingslashit( $groups_url . 'create/step/group-invites' ); 5684 $uninvite_url = add_query_arg( array( 5685 'user_id' => $user_id 5686 ), $url ); 5592 5687 } else { 5593 $uninvite_url = bp_get_group_permalink( groups_get_current_group() ) . 'send-invites/remove/' . $user_id; 5688 $group = groups_get_current_group(); 5689 $groups_url = bp_get_group_permalink( $group ); 5690 $uninvite_url = trailingslashit( $groups_url . 'send-invites/remove/' . $user_id ); 5594 5691 } 5595 5692 5596 return wp_nonce_url( $uninvite_url, 'groups_invite_uninvite_user' ); 5693 $nonced_url = wp_nonce_url( $uninvite_url, 'groups_invite_uninvite_user' ); 5694 5695 return apply_filters( 'bp_get_group_invite_user_remove_invite_url', $nonced_url ); 5597 5696 } 5598 5697 5599 5698 /** … … 5857 5956 * @return string 5858 5957 */ 5859 5958 function bp_groups_action_link( $action = '', $query_args = '', $nonce = false ) { 5860 echo bp_get_groups_action_link( $action, $query_args, $nonce);5959 echo esc_url( bp_get_groups_action_link( $action, $query_args, $nonce ) ); 5861 5960 } 5862 5961 /** 5863 5962 * Get a URL for a group component action