diff --git a/src/bp-xprofile/bp-xprofile-filters.php b/src/bp-xprofile/bp-xprofile-filters.php
index 08a23ad93..dd3f7c567 100644
|
a
|
b
|
function xprofile_filter_link_profile_data( $field_value, $field_type = 'textbox |
| 358 | 358 | } |
| 359 | 359 | |
| 360 | 360 | if ( strpos( $field_value, ',' ) !== false ) { |
| | 361 | // Comma-separated lists. |
| 361 | 362 | $list_type = 'comma'; |
| 362 | | $values = explode( ',', $field_value ); // Comma-separated lists. |
| | 363 | $values = explode( ',', $field_value ); |
| 363 | 364 | } else { |
| 364 | | $list_type = 'semicolon'; |
| 365 | | $values = explode( ';', $field_value ); // Semicolon-separated lists. |
| | 365 | /* |
| | 366 | * Semicolon-separated lists. |
| | 367 | * |
| | 368 | * bp_xprofile_escape_field_data() runs before this function, which often runs esc_html(). |
| | 369 | * In turn, that encodes HTML entities in the string (";" becomes "'"). |
| | 370 | * |
| | 371 | * Before splitting on the ";" character, decode the HTML entities, and re-encode after. |
| | 372 | * This prevents input like "O'Hara" rendering as "O' Hara" (with each of those parts |
| | 373 | * having a seperate HTML link). |
| | 374 | */ |
| | 375 | $list_type = 'semicolon'; |
| | 376 | $field_value = wp_specialchars_decode( $field_value, ENT_QUOTES ); |
| | 377 | $values = explode( ';', $field_value ); |
| | 378 | |
| | 379 | array_walk( $values, function( &$value, $key ) use ( $field_type, $field ) { |
| | 380 | $value = bp_xprofile_escape_field_data( $value, $field_type, $field->id ); |
| | 381 | } ); |
| 366 | 382 | } |
| 367 | 383 | |
| 368 | 384 | if ( ! empty( $values ) ) { |