Changeset 11803 for trunk/src/bp-xprofile/bp-xprofile-filters.php
- Timestamp:
- 01/10/2018 12:42:10 PM (7 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/bp-xprofile/bp-xprofile-filters.php
r11699 r11803 359 359 360 360 if ( strpos( $field_value, ',' ) !== false ) { 361 // Comma-separated lists. 361 362 $list_type = 'comma'; 362 $values = explode( ',', $field_value ); // Comma-separated lists.363 $values = explode( ',', $field_value ); 363 364 } else { 364 $list_type = 'semicolon'; 365 $values = explode( ';', $field_value ); // Semicolon-separated lists. 365 /* 366 * Semicolon-separated lists. 367 * 368 * bp_xprofile_escape_field_data() runs before this function, which often runs esc_html(). 369 * In turn, that encodes HTML entities in the string (";" becomes "'"). 370 * 371 * Before splitting on the ";" character, decode the HTML entities, and re-encode after. 372 * This prevents input like "O'Hara" rendering as "O' Hara" (with each of those parts 373 * having a seperate HTML link). 374 */ 375 $list_type = 'semicolon'; 376 $field_value = wp_specialchars_decode( $field_value, ENT_QUOTES ); 377 $values = explode( ';', $field_value ); 378 379 array_walk( $values, function( &$value, $key ) use ( $field_type, $field ) { 380 $value = bp_xprofile_escape_field_data( $value, $field_type, $field->id ); 381 } ); 366 382 } 367 383
Note: See TracChangeset
for help on using the changeset viewer.