Changeset 12338 for trunk/src/bp-core/bp-core-avatars.php

Timestamp:

02/20/2019 03:06:18 PM (7 years ago)

Author:

boonebgorges

Message:

Improve character escaping in Messages AJAX.

File:

• trunk/src/bp-core/bp-core-avatars.php (modified) (3 diffs)

trunk/src/bp-core/bp-core-avatars.php

@@ -836 +836 @@
     if ( bp_core_delete_existing_avatar( array( 'item_id' => $avatar_data['item_id'], 'object' => $avatar_data['object'] ) ) ) {
         $return = array(
-            'avatar' => html_entity_decode( bp_core_fetch_avatar( array(
+            'avatar' => esc_url( bp_core_fetch_avatar( array(
                 'object'  => $avatar_data['object'],
                 'item_id' => $avatar_data['item_id'],
@@ -1274 +1274 @@
         } else {
             $return = array(
-                'avatar' => html_entity_decode( bp_core_fetch_avatar( array(
+                'avatar' => esc_url( bp_core_fetch_avatar( array(
                     'object'  => $avatar_data['object'],
                     'item_id' => $avatar_data['item_id'],
@@ -1331 +1331 @@
     if ( bp_core_avatar_handle_crop( $r ) ) {
         $return = array(
-            'avatar' => html_entity_decode( bp_core_fetch_avatar( array(
+            'avatar' => esc_url( bp_core_fetch_avatar( array(
                 'object'  => $avatar_data['object'],
                 'item_id' => $avatar_data['item_id'],