Changeset 10239

Timestamp:

10/10/2015 07:39:37 PM (10 years ago)

Author:

djpaul

Message:

xprofile admin: fix handling of slashes in xprofile group name/desc

Add filters to parts of the xprofile wp-admin templates so we're
running group description and name through the same output filters that
are used in the front-end template parts (for stripslashes).

Also adds a stripslashes to profile group name and description
before_save filters to fix the root issue. By keeping the existing
on-display stripslashes, we maintain backwards compatibility.

Fixes #6081

Props mahype, djpaul

Location:

trunk/src/bp-xprofile

Files:

• bp-xprofile-admin.php (modified) (3 diffs)
• bp-xprofile-filters.php (modified) (2 diffs)

trunk/src/bp-xprofile/bp-xprofile-admin.php

@@ -115 +115 @@
                         <li id="group_<?php echo esc_attr( $group->id ); ?>">
                             <a href="#tabs-<?php echo esc_attr( $group->id ); ?>" class="ui-tab">
-                                <?php echo esc_attr( $group->name ); ?>
+                                <?php
+                                /** This filter is documented in bp-xprofile/bp-xprofile-template.php */
+                                echo esc_html( apply_filters( 'bp_get_the_profile_group_name', $group->name ) );
+                                ?>
 
                                 <?php if ( !$group->can_delete ) : ?>
@@ -131 +134 @@
 
                     <noscript>
-                        <h3><?php echo esc_attr( $group->name ); ?></h3>
+                        <h3><?php
+                        /** This filter is documented in bp-xprofile/bp-xprofile-template.php */
+                        echo esc_html( apply_filters( 'bp_get_the_profile_group_name', $group->name ) );
+                        ?></h3>
                     </noscript>
 
@@ -165 +171 @@
                         <?php if ( ! empty( $group->description ) ) : ?>
 
-                            <p><?php echo esc_html( $group->description ); ?></p>
+                            <p><?php
+                            /** This filter is documented in bp-xprofile/bp-xprofile-template.php */
+                            echo esc_html( apply_filters( 'bp_get_the_profile_group_description', $group->description ) );
+                            ?></p>
 
                         <?php endif; ?>
 
                         <fieldset id="<?php echo esc_attr( $group->id ); ?>" class="connectedSortable field-group">
-                            <legend class="screen-reader-text"><?php printf( esc_html__( 'Fields for "%s" Group', 'buddypress' ), $group->name ); ?></legend>
+                            <legend class="screen-reader-text"><?php
+                            /** This filter is documented in bp-xprofile/bp-xprofile-template.php */
+                            printf( esc_html__( 'Fields for "%s" Group', 'buddypress' ), apply_filters( 'bp_get_the_profile_group_name', $group->name ) );
+                            ?></legend>
 
                             <?php

trunk/src/bp-xprofile/bp-xprofile-filters.php

@@ -59 +59 @@
 add_filter( 'xprofile_group_description_before_save', 'wp_filter_kses' );
 
+add_filter( 'xprofile_group_name_before_save',         'stripslashes' );
+add_filter( 'xprofile_group_description_before_save',  'stripslashes' );
+
 // Save fields.
 add_filter( 'xprofile_field_name_before_save',         'wp_filter_kses' );
@@ -64 +67 @@
 add_filter( 'xprofile_field_description_before_save',  'wp_filter_kses' );
 add_filter( 'xprofile_field_order_by_before_save',     'wp_filter_kses' );
+
 add_filter( 'xprofile_field_is_required_before_save',  'absint' );
 add_filter( 'xprofile_field_field_order_before_save',  'absint' );