Changeset 12361
- Timestamp:
- 03/21/2019 03:06:44 PM (6 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/bp-xprofile/bp-xprofile-filters.php
r12271 r12361 13 13 defined( 'ABSPATH' ) || exit; 14 14 15 add_filter( 'bp_get_the_profile_group_name', 'wp_filter_kses',1 );16 add_filter( 'bp_get_the_profile_group_description', 'wp_filter_kses',1 );17 add_filter( 'bp_get_the_profile_field_ value', 'xprofile_filter_kses', 1 );18 add_filter( 'bp_get_the_profile_field_ name', 'wp_filter_kses',1 );19 add_filter( 'bp_get_the_profile_field_ edit_value', 'wp_filter_kses',1 );20 add_filter( 'bp_get_the_profile_field_ description', 'wp_filter_kses', 1);15 add_filter( 'bp_get_the_profile_group_name', 'wp_filter_kses', 1 ); 16 add_filter( 'bp_get_the_profile_group_description', 'wp_filter_kses', 1 ); 17 add_filter( 'bp_get_the_profile_field_name', 'wp_filter_kses', 1 ); 18 add_filter( 'bp_get_the_profile_field_edit_value', 'wp_filter_kses', 1 ); 19 add_filter( 'bp_get_the_profile_field_description', 'wp_filter_kses', 1 ); 20 add_filter( 'bp_get_the_profile_field_value', 'xprofile_sanitize_data_value_before_display', 1, 3 ); 21 21 22 22 add_filter( 'bp_get_the_profile_field_value', 'wptexturize' ); … … 41 41 add_filter( 'bp_get_the_profile_field_description', 'stripslashes' ); 42 42 43 add_filter( 'xprofile_get_field_data', 'xprofile_ filter_kses', 1);43 add_filter( 'xprofile_get_field_data', 'xprofile_sanitize_data_value_before_display_from_get_field_data', 1, 2 ); 44 44 add_filter( 'xprofile_field_name_before_save', 'wp_filter_kses', 1 ); 45 45 add_filter( 'xprofile_field_description_before_save', 'wp_filter_kses', 1 ); … … 117 117 * 118 118 * @since 1.5.0 119 * 120 * @param string $content Content to filter. 121 * @param object|null $data_obj The BP_XProfile_ProfileData object. 119 * @since 2.1.0 Added `$data_obj` parameter. 120 * @since 5.0.0 Added `$field_id` parameter. 121 * 122 * @param string $content Content to filter. 123 * @param BP_XProfile_ProfileData|null $data_obj Optional. The BP_XProfile_ProfileData object. 124 * @param int|null $field_id Optional. The ID of the profile field. 122 125 * @return string $content 123 126 */ 124 function xprofile_filter_kses( $content, $data_obj = null ) {127 function xprofile_filter_kses( $content, $data_obj = null, $field_id = null ) { 125 128 global $allowedtags; 126 129 … … 128 131 $xprofile_allowedtags['a']['rel'] = array(); 129 132 133 if ( null === $field_id && $data_obj instanceof BP_XProfile_ProfileData ) { 134 $field_id = $data_obj->field_id; 135 } 136 130 137 // If the field supports rich text, we must allow tags that appear in wp_editor(). 131 if ( $ data_obj instanceof BP_XProfile_ProfileData && bp_xprofile_is_richtext_enabled_for_field( $data_obj->field_id ) ) {138 if ( $field_id && bp_xprofile_is_richtext_enabled_for_field( $field_id ) ) { 132 139 $richtext_tags = array( 133 'img' => array( ' id' => 1, 'class' => 1, 'src' => 1, 'alt' => 1, 'width' => 1, 'height' => 1 ),134 'ul' => array( 'id' => 1, 'class' => 1),135 'ol' => array( 'id' => 1, 'class' => 1),136 'li' => array( 'id' => 1, 'class' => 1),140 'img' => array( 'src' => 1, 'alt' => 1, 'width' => 1, 'height' => 1 ), 141 'ul' => array(), 142 'ol' => array(), 143 'li' => array(), 137 144 'span' => array( 'style' => 1 ), 138 145 'p' => array( 'style' => 1 ), … … 146 153 * 147 154 * @since 1.5.0 155 * @since 2.1.0 Added `$data_obj` parameter. 156 * @since 5.0.0 Added `$field_id` parameter. 148 157 * 149 * @param array $xprofile_allowedtags Array of allowed tags for profile field values. 150 * @param BP_XProfile_ProfileData $data_obj The BP_XProfile_ProfileData object. 158 * @param array $xprofile_allowedtags Array of allowed tags for profile field values. 159 * @param BP_XProfile_ProfileData|null $data_obj The BP_XProfile_ProfileData object. 160 * @param int|null $field_id The ID of the profile field. 151 161 */ 152 $xprofile_allowedtags = apply_filters( 'xprofile_allowed_tags', $xprofile_allowedtags, $data_obj );162 $xprofile_allowedtags = apply_filters( 'xprofile_allowed_tags', $xprofile_allowedtags, $data_obj, $field_id ); 153 163 return wp_kses( $content, $xprofile_allowedtags ); 164 } 165 166 /** 167 * Filters profile field values for whitelisted HTML. 168 * 169 * @since 5.0.0 170 * 171 * @param string $value Field value. 172 * @param string $type Field type. 173 * @param int $field_id Field ID. 174 */ 175 function xprofile_sanitize_data_value_before_display( $value, $type, $field_id ) { 176 return xprofile_filter_kses( $value, null, $field_id ); 177 } 178 179 /** 180 * Filters profile field values for whitelisted HTML, when coming from xprofile_get_field_data(). 181 * 182 * @since 5.0.0 183 * 184 * @param string $value Field value. 185 * @param int $field_id Field ID. 186 */ 187 function xprofile_sanitize_data_value_before_display_from_get_field_data( $value, $field_id ) { 188 return xprofile_filter_kses( $value, $field_id ); 154 189 } 155 190
Note: See TracChangeset
for help on using the changeset viewer.