Skip to:
Content

BuddyPress.org

Changeset 12392


Ignore:
Timestamp:
05/03/2019 05:24:02 PM (10 months ago)
Author:
imath
Message:

More constistent escaping in Activity action strings

This commit is also fixing a regression introduced in version 4.3.0 about activity streams secondary avatars.

See #8090 (Branch 4.0)

Location:
branches/4.0
Files:
11 edited

Legend:

Unmodified
Added
Removed
  • branches/4.0/src/bp-activity/bp-activity-filters.php

    r12379 r12392  
    1414
    1515// Apply WordPress defined filters.
    16 add_filter( 'bp_get_activity_action',                'bp_activity_filter_kses', 1 );
    1716add_filter( 'bp_get_activity_content_body',          'bp_activity_filter_kses', 1 );
    1817add_filter( 'bp_get_activity_parent_content',        'bp_activity_filter_kses', 1 );
  • branches/4.0/src/bp-activity/bp-activity-functions.php

    r12294 r12392  
    15241524 */
    15251525function bp_activity_format_activity_action_activity_update( $action, $activity ) {
    1526     $action = sprintf( __( '%s posted an update', 'buddypress' ), bp_core_get_userlink( $activity->user_id ) );
     1526    $action = sprintf( esc_html__( '%s posted an update', 'buddypress' ), bp_core_get_userlink( $activity->user_id ) );
    15271527
    15281528    /**
     
    15471547 */
    15481548function bp_activity_format_activity_action_activity_comment( $action, $activity ) {
    1549     $action = sprintf( __( '%s posted a new activity comment', 'buddypress' ), bp_core_get_userlink( $activity->user_id ) );
     1549    $action = sprintf( esc_html__( '%s posted a new activity comment', 'buddypress' ), bp_core_get_userlink( $activity->user_id ) );
    15501550
    15511551    /**
     
    15901590    }
    15911591
     1592    $post_link = '<a href="' . esc_url( $post_url ) . '">' . esc_html_x( 'item', 'Default text for the post type name', 'buddypress' ) . '</a>';
     1593
    15921594    if ( is_multisite() ) {
    1593         $blog_link = '<a href="' . esc_url( $blog_url ) . '">' . get_blog_option( $activity->item_id, 'blogname' ) . '</a>';
     1595        $blog_link = '<a href="' . esc_url( $blog_url ) . '">' . esc_html( get_blog_option( $activity->item_id, 'blogname' ) ) . '</a>';
    15941596
    15951597        if ( ! empty( $bp->activity->track[ $activity->type ]->new_post_type_action_ms ) ) {
    1596             $action = sprintf( $bp->activity->track[ $activity->type ]->new_post_type_action_ms, $user_link, $post_url, $blog_link );
     1598            $action = sprintf( $bp->activity->track[ $activity->type ]->new_post_type_action_ms, $user_link, esc_url( $post_url ), $blog_link );
    15971599        } else {
    1598             $action = sprintf( _x( '%1$s wrote a new <a href="%2$s">item</a>, on the site %3$s', 'Activity Custom Post Type post action', 'buddypress' ), $user_link, esc_url( $post_url ), $blog_link );
     1600
     1601            $action = sprintf( esc_html_x( '%1$s wrote a new %2$s, on the site %3$s', 'Activity Custom Post Type post action', 'buddypress' ), $user_link, $post_link, $blog_link );
    15991602        }
    16001603    } else {
     
    16021605            $action = sprintf( $bp->activity->track[ $activity->type ]->new_post_type_action, $user_link, $post_url );
    16031606        } else {
    1604             $action = sprintf( _x( '%1$s wrote a new <a href="%2$s">item</a>', 'Activity Custom Post Type post action', 'buddypress' ), $user_link, esc_url( $post_url ) );
     1607            $action = sprintf( esc_html_x( '%1$s wrote a new %2$s', 'Activity Custom Post Type post action', 'buddypress' ), $user_link, $post_link );
    16051608        }
    16061609    }
     
    16401643
    16411644    $user_link = bp_core_get_userlink( $activity->user_id );
     1645    $post_link = '<a href="' . esc_url( $activity->primary_link ) . '">' . esc_html_x( 'item', 'Default text for the post type name', 'buddypress' ) . '</a>';
    16421646
    16431647    if ( is_multisite() ) {
     
    16471651            $action = sprintf( $bp->activity->track[ $activity->type ]->new_post_type_comment_action_ms, $user_link, $activity->primary_link, $blog_link );
    16481652        } else {
    1649             $action = sprintf( _x( '%1$s commented on the <a href="%2$s">item</a>, on the site %3$s', 'Activity Custom Post Type comment action', 'buddypress' ), $user_link, $activity->primary_link, $blog_link );
     1653            $action = sprintf( esc_html_x( '%1$s commented on the %2$s, on the site %3$s', 'Activity Custom Post Type comment action', 'buddypress' ), $user_link, $post_link, $blog_link );
    16501654        }
    16511655    } else {
     
    16531657            $action = sprintf( $bp->activity->track[ $activity->type ]->new_post_type_comment_action, $user_link, $activity->primary_link );
    16541658        } else {
    1655             $action = sprintf( _x( '%1$s commented on the <a href="%2$s">item</a>', 'Activity Custom Post Type post comment action', 'buddypress' ), $user_link, $activity->primary_link );
     1659            $action = sprintf( esc_html_x( '%1$s commented on the %2$s', 'Activity Custom Post Type post comment action', 'buddypress' ), $user_link, $post_link );
    16561660        }
    16571661    }
  • branches/4.0/src/bp-blogs/bp-blogs-activity.php

    r12281 r12392  
    128128    $blog_name = bp_blogs_get_blogmeta( $activity->item_id, 'name' );
    129129
    130     $action = sprintf( __( '%s created the site %s', 'buddypress' ), bp_core_get_userlink( $activity->user_id ), '<a href="' . esc_url( $blog_url ) . '">' . esc_html( $blog_name ) . '</a>' );
     130    $action = sprintf( esc_html__( '%s created the site %s', 'buddypress' ), bp_core_get_userlink( $activity->user_id ), '<a href="' . esc_url( $blog_url ) . '">' . esc_html( $blog_name ) . '</a>' );
    131131
    132132    // Legacy filter - requires the BP_Blogs_Blog object.
     
    210210    if ( empty( $post_title ) ) {
    211211        // Defaults to no title.
    212         $post_title = esc_html__( '(no title)', 'buddypress' );
     212        $post_title = __( '(no title)', 'buddypress' );
    213213
    214214        switch_to_blog( $activity->item_id );
     
    231231
    232232    // Build the 'post link' part of the activity action string.
    233     $post_link  = '<a href="' . esc_url( $post_url ) . '">' . $post_title . '</a>';
     233    $post_link  = '<a href="' . esc_url( $post_url ) . '">' . esc_html( $post_title ) . '</a>';
    234234
    235235    $user_link = bp_core_get_userlink( $activity->user_id );
     
    237237    // Build the complete activity action string.
    238238    if ( is_multisite() ) {
    239         $action  = sprintf( __( '%1$s wrote a new post, %2$s, on the site %3$s', 'buddypress' ), $user_link, $post_link, '<a href="' . esc_url( $blog_url ) . '">' . esc_html( $blog_name ) . '</a>' );
     239        $action  = sprintf( esc_html__( '%1$s wrote a new post, %2$s, on the site %3$s', 'buddypress' ), $user_link, $post_link, '<a href="' . esc_url( $blog_url ) . '">' . esc_html( $blog_name ) . '</a>' );
    240240    } else {
    241         $action  = sprintf( __( '%1$s wrote a new post, %2$s', 'buddypress' ), $user_link, $post_link );
     241        $action  = sprintf( esc_html__( '%1$s wrote a new post, %2$s', 'buddypress' ), $user_link, $post_link );
    242242    }
    243243
     
    359359    }
    360360
    361     $post_link = '<a href="' . esc_url( $post_url ) . '">' . $post_title . '</a>';
     361    $post_link = '<a href="' . esc_url( $post_url ) . '">' . esc_html( $post_title ) . '</a>';
    362362    $user_link = bp_core_get_userlink( $activity->user_id );
    363363
    364364    if ( is_multisite() ) {
    365         $action  = sprintf( __( '%1$s commented on the post, %2$s, on the site %3$s', 'buddypress' ), $user_link, $post_link, '<a href="' . esc_url( $blog_url ) . '">' . esc_html( $blog_name ) . '</a>' );
     365        $action  = sprintf( esc_html__( '%1$s commented on the post, %2$s, on the site %3$s', 'buddypress' ), $user_link, $post_link, '<a href="' . esc_url( $blog_url ) . '">' . esc_html( $blog_name ) . '</a>' );
    366366    } else {
    367         $action  = sprintf( __( '%1$s commented on the post, %2$s', 'buddypress' ), $user_link, $post_link );
     367        $action  = sprintf( esc_html__( '%1$s commented on the post, %2$s', 'buddypress' ), $user_link, $post_link );
    368368    }
    369369
  • branches/4.0/src/bp-friends/bp-friends-activity.php

    r12186 r12392  
    142142    $friend_link    = bp_core_get_userlink( $activity->secondary_item_id );
    143143
    144     $action = sprintf( __( '%1$s and %2$s are now friends', 'buddypress' ), $initiator_link, $friend_link );
     144    $action = sprintf( esc_html__( '%1$s and %2$s are now friends', 'buddypress' ), $initiator_link, $friend_link );
    145145
    146146    // Backward compatibility for legacy filter
     
    176176    $friend_link    = bp_core_get_userlink( $activity->secondary_item_id );
    177177
    178     $action = sprintf( __( '%1$s and %2$s are now friends', 'buddypress' ), $initiator_link, $friend_link );
     178    $action = sprintf( esc_html__( '%1$s and %2$s are now friends', 'buddypress' ), $initiator_link, $friend_link );
    179179
    180180    // Backward compatibility for legacy filter
  • branches/4.0/src/bp-groups/bp-groups-activity.php

    r12368 r12392  
    7979    $group_link = '<a href="' . esc_url( bp_get_group_permalink( $group ) ) . '">' . esc_html( $group->name ) . '</a>';
    8080
    81     $action = sprintf( __( '%1$s created the group %2$s', 'buddypress'), $user_link, $group_link );
     81    $action = sprintf( esc_html__( '%1$s created the group %2$s', 'buddypress'), $user_link, $group_link );
    8282
    8383    /**
     
    107107    $group_link = '<a href="' . esc_url( bp_get_group_permalink( $group ) ) . '">' . esc_html( $group->name ) . '</a>';
    108108
    109     $action = sprintf( __( '%1$s joined the group %2$s', 'buddypress' ), $user_link, $group_link );
     109    $action = sprintf( esc_html__( '%1$s joined the group %2$s', 'buddypress' ), $user_link, $group_link );
    110110
    111111    // Legacy filters (do not follow parameter patterns of other activity
     
    154154    // No changed details were found, so use a generic message.
    155155    if ( empty( $changed ) ) {
    156         $action = sprintf( __( '%1$s updated details for the group %2$s', 'buddypress' ), $user_link, $group_link );
     156        $action = sprintf( esc_html__( '%1$s updated details for the group %2$s', 'buddypress' ), $user_link, $group_link );
    157157
    158158    // Name and description changed - to keep things short, don't describe changes in detail.
    159159    } elseif ( isset( $changed['name'] ) && isset( $changed['description'] ) ) {
    160         $action = sprintf( __( '%1$s changed the name and description of the group %2$s', 'buddypress' ), $user_link, $group_link );
     160        $action = sprintf( esc_html__( '%1$s changed the name and description of the group %2$s', 'buddypress' ), $user_link, $group_link );
    161161
    162162    // Name only.
    163163    } elseif ( ! empty( $changed['name']['old'] ) && ! empty( $changed['name']['new'] ) ) {
    164         $action = sprintf( __( '%1$s changed the name of the group %2$s from "%3$s" to "%4$s"', 'buddypress' ), $user_link, $group_link, esc_html( $changed['name']['old'] ), esc_html( $changed['name']['new'] ) );
     164        $action = sprintf( esc_html__( '%1$s changed the name of the group %2$s from "%3$s" to "%4$s"', 'buddypress' ), $user_link, $group_link, esc_html( $changed['name']['old'] ), esc_html( $changed['name']['new'] ) );
    165165
    166166    // Description only.
    167167    } elseif ( ! empty( $changed['description']['old'] ) && ! empty( $changed['description']['new'] ) ) {
    168         $action = sprintf( __( '%1$s changed the description of the group %2$s from "%3$s" to "%4$s"', 'buddypress' ), $user_link, $group_link, esc_html( $changed['description']['old'] ), esc_html( $changed['description']['new'] ) );
     168        $action = sprintf( esc_html__( '%1$s changed the description of the group %2$s from "%3$s" to "%4$s"', 'buddypress' ), $user_link, $group_link, esc_html( $changed['description']['old'] ), esc_html( $changed['description']['new'] ) );
    169169
    170170    } elseif ( ! empty( $changed['slug']['old'] ) && ! empty( $changed['slug']['new'] ) ) {
    171         $action = sprintf( __( '%1$s changed the permalink of the group %2$s.', 'buddypress' ), $user_link, $group_link );
     171        $action = sprintf( esc_html__( '%1$s changed the permalink of the group %2$s.', 'buddypress' ), $user_link, $group_link );
    172172
    173173    }
  • branches/4.0/src/bp-groups/bp-groups-functions.php

    r12180 r12392  
    13131313
    13141314    // Record this in activity streams.
    1315     $activity_action  = sprintf( __( '%1$s posted an update in the group %2$s', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' );
     1315    $activity_action  = sprintf( esc_html__( '%1$s posted an update in the group %2$s', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . esc_url( bp_get_group_permalink( $bp->groups->current_group ) ) . '">' . esc_html( $bp->groups->current_group->name ) . '</a>' );
    13161316    $activity_content = $content;
    13171317
  • branches/4.0/src/bp-members/bp-members-activity.php

    r10825 r12392  
    4848function bp_members_format_activity_action_new_member( $action, $activity ) {
    4949    $userlink = bp_core_get_userlink( $activity->user_id );
    50     $action   = sprintf( __( '%s became a registered member', 'buddypress' ), $userlink );
     50    $action   = sprintf( esc_html__( '%s became a registered member', 'buddypress' ), $userlink );
    5151
    5252    // Legacy filter - pass $user_id instead of $activity.
  • branches/4.0/src/bp-members/bp-members-functions.php

    r11829 r12392  
    416416     * @param int    $user_id ID of the user to check.
    417417     */
    418     return apply_filters( 'bp_core_get_userlink', '<a href="' . $url . '">' . $display_name . '</a>', $user_id );
     418    return apply_filters( 'bp_core_get_userlink', '<a href="' . esc_url( $url ) . '">' . $display_name . '</a>', $user_id );
    419419}
    420420
  • branches/4.0/src/bp-xprofile/bp-xprofile-activity.php

    r11447 r12392  
    6161function bp_xprofile_format_activity_action_new_avatar( $action, $activity ) {
    6262    $userlink = bp_core_get_userlink( $activity->user_id );
    63     $action   = sprintf( __( '%s changed their profile picture', 'buddypress' ), $userlink );
     63    $action   = sprintf( esc_html__( '%s changed their profile picture', 'buddypress' ), $userlink );
    6464
    6565    // Legacy filter - pass $user_id instead of $activity.
     
    9595    // natural translation.
    9696    $profile_link = trailingslashit( bp_core_get_user_domain( $activity->user_id ) . bp_get_profile_slug() );
    97     $action       = sprintf( __( "%s's profile was updated", 'buddypress' ), '<a href="' . $profile_link . '">' . bp_core_get_user_displayname( $activity->user_id ) . '</a>' );
     97    $action       = sprintf( esc_html__( "%s's profile was updated", 'buddypress' ), '<a href="' . esc_url( $profile_link ) . '">' . bp_core_get_user_displayname( $activity->user_id ) . '</a>' );
    9898
    9999    /**
  • branches/4.0/tests/phpunit/testcases/groups/activity.php

    r12132 r12392  
    122122        $this->assertNotEmpty( $a['activities'] );
    123123
    124         $expected = sprintf( __( '%s changed the name of the group %s from "%s" to "%s"', 'buddypress' ), bp_core_get_userlink( $u ),  '<a href="' . bp_get_group_permalink( $group ) . '">Foo</a>', $group->name, 'Foo' );
     124        $expected = sprintf( esc_html__( '%s changed the name of the group %s from "%s" to "%s"', 'buddypress' ), bp_core_get_userlink( $u ),  '<a href="' . bp_get_group_permalink( $group ) . '">Foo</a>', $group->name, 'Foo' );
    125125        $this->assertSame( $expected, $a['activities'][0]->action );
    126126
     
    154154        $this->assertNotEmpty( $a['activities'] );
    155155
    156         $expected = sprintf( __( '%s changed the description of the group %s from "%s" to "%s"', 'buddypress' ), bp_core_get_userlink( $u ),  '<a href="' . bp_get_group_permalink( $group ) . '">' . $group->name . '</a>', $group->description, 'Bar' );
     156        $expected = sprintf( esc_html__( '%s changed the description of the group %s from "%s" to "%s"', 'buddypress' ), bp_core_get_userlink( $u ),  '<a href="' . bp_get_group_permalink( $group ) . '">' . $group->name . '</a>', $group->description, 'Bar' );
    157157        $this->assertSame( $expected, $a['activities'][0]->action );
    158158
  • branches/4.0/tests/phpunit/testcases/xprofile/activity.php

    r11737 r12392  
    304304        ) );
    305305
    306         $expected = sprintf( __( "%s's profile was updated", 'buddypress' ), '<a href="' . bp_core_get_user_domain( $u ) . bp_get_profile_slug() . '/">' . bp_core_get_user_displayname( $u ) . '</a>' );
     306        $expected = sprintf( esc_html__( "%s's profile was updated", 'buddypress' ), '<a href="' . bp_core_get_user_domain( $u ) . bp_get_profile_slug() . '/">' . bp_core_get_user_displayname( $u ) . '</a>' );
    307307
    308308        $a_obj = new BP_Activity_Activity( $a );
Note: See TracChangeset for help on using the changeset viewer.