Changeset 12393 for trunk/src/bp-xprofile/bp-xprofile-activity.php

Timestamp:

05/03/2019 05:27:08 PM (6 years ago)

Author:

imath

Message:

More constistent escaping in Activity action strings

This commit is also fixing a regression introduced in version 4.3.0 about activity streams secondary avatars.

Fixes #8090 (trunk)

File:

• trunk/src/bp-xprofile/bp-xprofile-activity.php (modified) (2 diffs)

trunk/src/bp-xprofile/bp-xprofile-activity.php

@@ -61 +61 @@
 function bp_xprofile_format_activity_action_new_avatar( $action, $activity ) {
     $userlink = bp_core_get_userlink( $activity->user_id );
-    $action   = sprintf( __( '%s changed their profile picture', 'buddypress' ), $userlink );
+    $action   = sprintf( esc_html__( '%s changed their profile picture', 'buddypress' ), $userlink );
 
     // Legacy filter - pass $user_id instead of $activity.
@@ -95 +95 @@
     // natural translation.
     $profile_link = trailingslashit( bp_core_get_user_domain( $activity->user_id ) . bp_get_profile_slug() );
-    $action       = sprintf( __( "%s's profile was updated", 'buddypress' ), '<a href="' . $profile_link . '">' . bp_core_get_user_displayname( $activity->user_id ) . '</a>' );
+    $action       = sprintf( esc_html__( "%s's profile was updated", 'buddypress' ), '<a href="' . esc_url( $profile_link ) . '">' . bp_core_get_user_displayname( $activity->user_id ) . '</a>' );
 
     /**