Skip to:
Content

BuddyPress.org

Ticket #7459: 7459-1.patch

File 7459-1.patch, 1.4 KB (added by DJPaul, 22 months ago)
  • src/bp-xprofile/bp-xprofile-filters.php

    diff --git a/src/bp-xprofile/bp-xprofile-filters.php b/src/bp-xprofile/bp-xprofile-filters.php
    index 08a23ad93..dd3f7c567 100644
    a b function xprofile_filter_link_profile_data( $field_value, $field_type = 'textbox 
    358358        }
    359359
    360360        if ( strpos( $field_value, ',' ) !== false ) {
     361                // Comma-separated lists.
    361362                $list_type = 'comma';
    362                 $values    = explode( ',', $field_value ); // Comma-separated lists.
     363                $values    = explode( ',', $field_value );
    363364        } else {
    364                 $list_type = 'semicolon';
    365                 $values = explode( ';', $field_value ); // Semicolon-separated lists.
     365                /*
     366                 * Semicolon-separated lists.
     367                 *
     368                 * bp_xprofile_escape_field_data() runs before this function, which often runs esc_html().
     369                 * In turn, that encodes HTML entities in the string (";" becomes "'").
     370                 *
     371                 * Before splitting on the ";" character, decode the HTML entities, and re-encode after.
     372                 * This prevents input like "O'Hara" rendering as "O' Hara" (with each of those parts
     373                 * having a seperate HTML link).
     374                 */
     375                $list_type   = 'semicolon';
     376                $field_value = wp_specialchars_decode( $field_value, ENT_QUOTES );
     377                $values      = explode( ';', $field_value );
     378
     379                array_walk( $values, function( &$value, $key ) use ( $field_type, $field ) {
     380                        $value = bp_xprofile_escape_field_data( $value, $field_type, $field->id );
     381                } );
    366382        }
    367383
    368384        if ( ! empty( $values ) ) {