Changeset 13799 for trunk/src/bp-members/bp-members-template.php

Timestamp:

04/23/2024 09:39:11 PM (12 months ago)

Author:

imath

Message:

Members component: improve PHP code standards using WPCS

See #7228 (trunk)

File:

• trunk/src/bp-members/bp-members-template.php (modified) (68 diffs)

trunk/src/bp-members/bp-members-template.php

@@ -19 +19 @@
  */
 function bp_profile_slug() {
-    echo bp_get_profile_slug();
+    echo esc_url( bp_get_profile_slug() );
 }
     /**
@@ -46 +46 @@
  */
 function bp_members_slug() {
-    echo bp_get_members_slug();
+    echo esc_url( bp_get_members_slug() );
 }
     /**
@@ -73 +73 @@
  */
 function bp_members_root_slug() {
-    echo bp_get_members_root_slug();
+    echo esc_url( bp_get_members_root_slug() );
 }
     /**
@@ -216 +216 @@
  */
 function bp_signup_slug() {
-    echo bp_get_signup_slug();
+    echo esc_url( bp_get_signup_slug() );
 }
     /**
@@ -249 +249 @@
  */
 function bp_activate_slug() {
-    echo bp_get_activate_slug();
+    echo esc_url( bp_get_activate_slug() );
 }
     /**
@@ -282 +282 @@
  */
 function bp_members_invitations_slug() {
-    echo bp_get_members_invitations_slug();
+    echo esc_url( bp_get_members_invitations_slug() );
 }
     /**
@@ -490 +490 @@
  */
 function bp_members_pagination_count() {
-    echo bp_get_members_pagination_count();
+    echo esc_html( bp_get_members_pagination_count() );
 }
     /**
@@ -559 +559 @@
  */
 function bp_members_pagination_links() {
+    // Escaping is done in WordPress's `paginate_links()` function.
+    // phpcs:ignore WordPress.Security.EscapeOutput
     echo bp_get_members_pagination_links();
 }
@@ -589 +591 @@
  */
 function bp_member_user_id() {
-    echo bp_get_member_user_id();
+    echo intval( bp_get_member_user_id() );
 }
     /**
@@ -625 +627 @@
  */
 function bp_member_class( $classes = array() ) {
+    // phpcs:ignore WordPress.Security.EscapeOutput
     echo bp_get_member_class( $classes );
 }
@@ -673 +676 @@
         if ( $member_types = bp_get_member_type( $members_template->member->id, false ) ) {
             foreach ( $member_types as $member_type ) {
-                $classes[] = sprintf( 'member-type-%s', esc_attr( $member_type ) );
+                $classes[] = sprintf( 'member-type-%s', $member_type );
             }
         }
@@ -682 +685 @@
          * @since 1.7.0
          *
-         * @param string $classes Classes to be added to the HTML element.
-         */
-        $classes = apply_filters( 'bp_get_member_class', $classes );
+         * @param array $classes Classes to be added to the HTML element.
+         */
+        $classes = array_map( 'sanitize_html_class', apply_filters( 'bp_get_member_class', $classes ) );
         $classes = array_merge( $classes, array() );
         $retval  = 'class="' . join( ' ', $classes ) . '"';
@@ -697 +700 @@
  */
 function bp_member_user_nicename() {
-    echo bp_get_member_user_nicename();
+    echo esc_html( bp_get_member_user_nicename() );
 }
     /**
@@ -727 +730 @@
  */
 function bp_member_user_login() {
-    echo bp_get_member_user_login();
+    echo esc_html( bp_get_member_user_login() );
 }
     /**
@@ -757 +760 @@
  */
 function bp_member_user_email() {
-    echo bp_get_member_user_email();
+    echo esc_html( bp_get_member_user_email() );
 }
     /**
@@ -811 +814 @@
  */
 function bp_member_avatar( $args = '' ) {
+    // phpcs:disable WordPress.Security.EscapeOutput
 
     /**
@@ -822 +826 @@
      */
     echo apply_filters( 'bp_member_avatar', bp_get_member_avatar( $args ), $args );
+    // phpcs:enable
 }
     /**
@@ -950 +955 @@
  */
 function bp_member_name() {
+    // phpcs:disable WordPress.Security.EscapeOutput
 
     /**
@@ -959 +965 @@
      */
     echo apply_filters( 'bp_member_name', bp_get_member_name() );
+    // phpcs:enable
 }
     /**
@@ -1017 +1024 @@
  */
 function bp_member_last_active( $args = array() ) {
-    echo bp_get_member_last_active( $args );
+    echo esc_html( bp_get_member_last_active( $args ) );
 }
     /**
@@ -1091 +1098 @@
  */
 function bp_member_latest_update( $args = '' ) {
+    // phpcs:ignore WordPress.Security.EscapeOutput
     echo bp_get_member_latest_update( $args );
 }
@@ -1207 +1215 @@
  */
 function bp_member_profile_data( $args = '' ) {
+    // phpcs:ignore WordPress.Security.EscapeOutput
     echo bp_get_member_profile_data( $args );
 }
@@ -1315 +1324 @@
  */
 function bp_member_registered( $args = array() ) {
-    echo bp_get_member_registered( $args );
+    echo esc_html( bp_get_member_registered( $args ) );
 }
     /**
@@ -1369 +1378 @@
  */
 function bp_member_random_profile_data() {
-    if ( bp_is_active( 'xprofile' ) ) { ?>
-        <?php $random_data = xprofile_get_random_profile_data( bp_get_member_user_id(), true ); ?>
+    if ( bp_is_active( 'xprofile' ) ) {
+        $random_data = xprofile_get_random_profile_data( bp_get_member_user_id(), true );
+        // phpcs:disable WordPress.Security.EscapeOutput
+        ?>
             <strong><?php echo wp_filter_kses( $random_data[0]->name ) ?></strong>
             <?php echo wp_filter_kses( $random_data[0]->value ) ?>
-    <?php }
+        <?php
+        // phpcs:enable
+    }
 }
 
@@ -1414 +1427 @@
     $search_form_html = '<form action="" method="get" id="search-members-form">
         <label for="members_search"><input type="text" name="' . esc_attr( $query_arg ) . '" id="members_search" placeholder="'. esc_attr( $search_value ) .'" /></label>
-        <input type="submit" id="members_search_submit" name="members_search_submit" value="' . __( 'Search', 'buddypress' ) . '" />
+        <input type="submit" id="members_search_submit" name="members_search_submit" value="' . esc_html__( 'Search', 'buddypress' ) . '" />
     </form>';
 
-    /**
-     * Filters the Members component search form.
-     *
-     * @since 1.9.0
-     *
-     * @param string $search_form_html HTML markup for the member search form.
-     */
-    echo apply_filters( 'bp_directory_members_search_form', $search_form_html );
+    // phpcs:ignore WordPress.Security.EscapeOutput
+    echo apply_filters(
+        /**
+         * Filters the Members component search form.
+         *
+         * @since 1.9.0
+         *
+         * @param string $search_form_html HTML markup for the member search form.
+         */
+        'bp_directory_members_search_form',
+        $search_form_html
+    );
 }
 
@@ -1433 +1450 @@
  */
 function bp_total_site_member_count() {
-    echo bp_get_total_site_member_count();
+    echo esc_html( bp_get_total_site_member_count() );
 }
     /**
@@ -1502 +1519 @@
         }
 
-        // Echo out the final list item.
-        echo apply_filters_ref_array( 'bp_get_loggedin_user_nav_' . $nav_item->css_id, array( '<li id="li-nav-' . $nav_item->css_id . '" ' . $selected . '><a id="my-' . $nav_item->css_id . '" href="' . $nav_item->link . '">' . $nav_item->name . '</a></li>', &$nav_item ) );
+        // phpcs:ignore WordPress.Security.EscapeOutput
+        echo apply_filters_ref_array( 'bp_get_loggedin_user_nav_' . $nav_item->css_id, array( '<li id="li-nav-' . esc_attr( $nav_item->css_id ) . '" ' . $selected . '><a id="my-' . esc_attr( $nav_item->css_id ) . '" href="' . esc_url( $nav_item->link ) . '">' . esc_html( $nav_item->name ) . '</a></li>', &$nav_item ) );
     }
 
     // Always add a log out list item to the end of the navigation.
-    $logout_link = '<li><a id="wp-logout" href="' .  wp_logout_url( bp_get_root_url() ) . '">' . __( 'Log Out', 'buddypress' ) . '</a></li>';
-
+    $logout_link = '<li><a id="wp-logout" href="' .  esc_url( wp_logout_url( bp_get_root_url() ) ) . '">' . esc_html__( 'Log Out', 'buddypress' ) . '</a></li>';
+
+    // phpcs:ignore WordPress.Security.EscapeOutput
     echo apply_filters( 'bp_logout_nav_link', $logout_link );
 }
@@ -1630 +1648 @@
         }
 
-        /**
-         * Filters the navigation markup for the displayed user.
-         *
-         * This is a dynamic filter that is dependent on the navigation tab component being rendered.
-         *
-         * @since 1.1.0
-         *
-         * @param string $value         Markup for the tab list item including link.
-         * @param array  $user_nav_item Array holding parts used to construct tab list item.
-         *                              Passed by reference.
-         */
-        echo apply_filters_ref_array( 'bp_get_displayed_user_nav_' . $user_nav_item->css_id, array( '<li id="' . $user_nav_item->css_id . '-personal-li" ' . $selected . '><a id="user-' . $user_nav_item->css_id . '" href="' . $link . '">' . $user_nav_item->name . '</a></li>', &$user_nav_item ) );
+        // phpcs:ignore WordPress.Security.EscapeOutput
+        echo apply_filters_ref_array(
+            /**
+             * Filters the navigation markup for the displayed user.
+             *
+             * This is a dynamic filter that is dependent on the navigation tab component being rendered.
+             *
+             * @since 1.1.0
+             *
+             * @param string $value         Markup for the tab list item including link.
+             * @param array  $user_nav_item Array holding parts used to construct tab list item.
+             *                              Passed by reference.
+             */
+            'bp_get_displayed_user_nav_' . $user_nav_item->css_id,
+            array(
+                '<li id="' . esc_attr( $user_nav_item->css_id ) . '-personal-li" ' . $selected . '><a id="user-' . esc_attr( $user_nav_item->css_id ) . '" href="' . esc_url( $link ) . '">' . wp_kses( $user_nav_item->name, array( 'span' => array( 'class' => true ) ) ) . '</a></li>',
+                &$user_nav_item
+            )
+        );
     }
 }
@@ -1671 +1696 @@
  */
 function bp_loggedin_user_avatar( $args = '' ) {
+    // phpcs:ignore WordPress.Security.EscapeOutput
     echo bp_get_loggedin_user_avatar( $args );
 }
@@ -1730 +1756 @@
  */
 function bp_displayed_user_avatar( $args = '' ) {
+    // phpcs:ignore WordPress.Security.EscapeOutput
     echo bp_get_displayed_user_avatar( $args );
 }
@@ -1785 +1812 @@
  */
 function bp_displayed_user_email() {
-    echo bp_get_displayed_user_email();
+    echo esc_html( bp_get_displayed_user_email() );
 }
     /**
@@ -1824 +1851 @@
  */
 function bp_last_activity( $user_id = 0 ) {
-    echo bp_get_last_activity( $user_id );
+    echo esc_html( bp_get_last_activity( $user_id ) );
 }
     /**
@@ -1861 +1888 @@
  */
 function bp_user_firstname() {
-    echo bp_get_user_firstname();
+    echo esc_html( bp_get_user_firstname() );
 }
     /**
@@ -1993 +2020 @@
      * @param string $url Generated link for the displayed user's profile.
      */
-    return apply_filters( 'bp_displayed_user_domain',$url );
+    return apply_filters( 'bp_displayed_user_domain', $url );
 }
 
@@ -2089 +2116 @@
  */
 function bp_displayed_user_fullname() {
-    echo bp_get_displayed_user_fullname();
+    echo esc_html( bp_get_displayed_user_fullname() );
 }
     /**
@@ -2116 +2143 @@
      * @since 1.0.0
      */
-    function bp_user_fullname() { echo bp_get_displayed_user_fullname(); }
+    function bp_user_fullname() { echo esc_html( bp_get_displayed_user_fullname() ); }
 
 
@@ -2125 +2152 @@
  */
 function bp_loggedin_user_fullname() {
-    echo bp_get_loggedin_user_fullname();
+    echo esc_html( bp_get_loggedin_user_fullname() );
 }
     /**
@@ -2153 +2180 @@
  */
 function bp_displayed_user_username() {
-    echo bp_get_displayed_user_username();
+    echo esc_html( bp_get_displayed_user_username() );
 }
     /**
@@ -2187 +2214 @@
  */
 function bp_loggedin_user_username() {
-    echo bp_get_loggedin_user_username();
+    echo esc_html( bp_get_loggedin_user_username() );
 }
     /**
@@ -2221 +2248 @@
  */
 function bp_current_member_type_message() {
-    echo bp_get_current_member_type_message();
+    echo wp_kses( bp_get_current_member_type_message(), array( 'strong' => true ) );
 }
     /**
@@ -2254 +2281 @@
  */
 function bp_member_type_directory_link( $member_type = '' ) {
+    // phpcs:ignore WordPress.Security.EscapeOutput
     echo bp_get_member_type_directory_link( $member_type );
 }
@@ -2302 +2330 @@
  */
 function bp_member_type_list( $user_id = 0, $r = array() ) {
+    // phpcs:ignore WordPress.Security.EscapeOutput
     echo bp_get_member_type_list( $user_id, $r );
 }
@@ -2577 +2606 @@
  */
 function bp_signup_username_value() {
-    echo bp_get_signup_username_value();
+    echo esc_html( bp_get_signup_username_value() );
 }
     /**
@@ -2609 +2638 @@
  */
 function bp_signup_email_value() {
-    echo bp_get_signup_email_value();
+    echo esc_html( bp_get_signup_email_value() );
 }
     /**
@@ -2647 +2676 @@
  */
 function bp_signup_with_blog_value() {
-    echo bp_get_signup_with_blog_value();
+    echo intval( bp_get_signup_with_blog_value() );
 }
     /**
@@ -2677 +2706 @@
  */
 function bp_signup_blog_url_value() {
-    echo bp_get_signup_blog_url_value();
+    echo esc_url( bp_get_signup_blog_url_value() );
 }
     /**
@@ -2709 +2738 @@
  */
 function bp_signup_subdomain_base() {
-    echo bp_signup_get_subdomain_base();
+    echo esc_url( bp_signup_get_subdomain_base() );
 }
     /**
@@ -2745 +2774 @@
  */
 function bp_signup_blog_title_value() {
-    echo bp_get_signup_blog_title_value();
+    echo esc_html( bp_get_signup_blog_title_value() );
 }
     /**
@@ -2777 +2806 @@
  */
 function bp_signup_blog_privacy_value() {
-    echo bp_get_signup_blog_privacy_value();
+    echo esc_html( bp_get_signup_blog_privacy_value() );
 }
     /**
@@ -2809 +2838 @@
  */
 function bp_signup_avatar_dir_value() {
-    echo bp_get_signup_avatar_dir_value();
+    echo esc_html( bp_get_signup_avatar_dir_value() );
 }
     /**
@@ -2822 +2851 @@
 
         // Check if signup_avatar_dir is passed.
-        if ( !empty( $_POST['signup_avatar_dir'] ) )
+        if ( ! empty( $_POST['signup_avatar_dir'] ) ) {
             $signup_avatar_dir = $_POST['signup_avatar_dir'];
 
-        // If not, check if global is set.
-        elseif ( !empty( $bp->signup->avatar_dir ) )
+            // If not, check if global is set.
+        } elseif ( ! empty( $bp->signup->avatar_dir ) ) {
             $signup_avatar_dir = $bp->signup->avatar_dir;
 
-        // If not, set false.
-        else
+            // If not, set false.
+        } else {
             $signup_avatar_dir = false;
+        }
 
         /**
@@ -2872 +2902 @@
  */
 function bp_current_signup_step() {
-    echo bp_get_current_signup_step();
+    echo esc_html( bp_get_current_signup_step() );
 }
     /**
@@ -2895 +2925 @@
  */
 function bp_signup_avatar( $args = '' ) {
+    // phpcs:ignore WordPress.Security.EscapeOutput
     echo bp_get_signup_avatar( $args );
 }
@@ -2924 +2955 @@
         );
 
-        extract( $r, EXTR_SKIP );
-
         $signup_avatar_dir = bp_get_signup_avatar_dir_value();
 
@@ -2935 +2964 @@
                 'avatar_dir' => 'avatars/signups',
                 'type'       => 'full',
-                'width'      => $size,
-                'height'     => $size,
-                'alt'        => $alt,
-                'class'      => $class,
+                'width'      => $r['size'],
+                'height'     => $r['size'],
+                'alt'        => $r['alt'],
+                'class'      => $r['class'],
             ) );
 
@@ -2962 +2991 @@
             $gravatar_url    = apply_filters( 'bp_gravatar_url', '//www.gravatar.com/avatar/' );
             $md5_lcase_email = md5( strtolower( bp_get_signup_email_value() ) );
-            $gravatar_img    = '<img src="' . $gravatar_url . $md5_lcase_email . '?d=' . $default_grav . '&amp;s=' . $size . '" width="' . $size . '" height="' . $size . '" alt="' . $alt . '" class="' . $class . '" />';
+            $gravatar_img    = '<img src="' . $gravatar_url . $md5_lcase_email . '?d=' . $default_grav . '&amp;s=' . $r['size'] . '" width="' . esc_attr( $r['size'] ) . '" height="' . esc_attr( $r['size'] ) . '" alt="' . esc_attr( $r['alt'] ) . '" class="' . esc_attr( $r['class'] ) . '" />';
         }
 
@@ -2984 +3013 @@
  */
 function bp_signup_allowed() {
+    // phpcs:ignore WordPress.Security.EscapeOutput
     echo bp_get_signup_allowed();
 }
@@ -3081 +3111 @@
  */
 function bp_members_activity_feed() {
-    if ( !bp_is_active( 'activity' ) || !bp_is_user() )
-        return; ?>
-
-    <link rel="alternate" type="application/rss+xml" title="<?php bloginfo( 'name' ) ?> | <?php bp_displayed_user_fullname() ?> | <?php _e( 'Activity RSS Feed', 'buddypress' ) ?>" href="<?php bp_member_activity_feed_link() ?>" />
-
-<?php
+    if ( ! bp_is_active( 'activity' ) || ! bp_is_user() ) {
+        return;
+    }
+    // phpcs:disable WordPress.Security.EscapeOutput
+    ?>
+    <link rel="alternate" type="application/rss+xml" title="<?php bloginfo( 'name' ) ?> | <?php bp_displayed_user_fullname() ?> | <?php esc_attr_e( 'Activity RSS Feed', 'buddypress' ) ?>" href="<?php bp_member_activity_feed_link() ?>" />
+    <?php
+    // phpcs:enable
 }
 add_action( 'bp_head', 'bp_members_activity_feed' );
@@ -3170 +3202 @@
  */
 function bp_avatar_delete_link() {
-    echo bp_get_avatar_delete_link();
+    echo esc_url( bp_get_avatar_delete_link() );
 }
     /**
@@ -3312 +3344 @@
  */
 function bp_members_invitations_pagination_count() {
-    echo bp_get_members_invitations_pagination_count();
+    echo esc_html( bp_get_members_invitations_pagination_count() );
 }
     /**
@@ -3352 +3384 @@
  */
 function bp_members_invitations_pagination_links() {
+    // phpcs:ignore WordPress.Security.EscapeOutput
     echo bp_get_members_invitations_pagination_links();
 }
@@ -3388 +3421 @@
     }
 
-    /**
-     * Use this filter to sanitize the output.
-     *
-     * @since 8.0.0
-     *
-     * @param int|string $value    The value for the requested property.
-     * @param string     $property The name of the requested property.
-     * @param string     $context  The context of display.
-     */
-    echo apply_filters( 'bp_the_members_invitation_property', bp_get_the_members_invitation_property( $property ), $property, $context );
+    // phpcs:ignore WordPress.Security.EscapeOutput
+    echo apply_filters(
+        /**
+         * Use this filter to sanitize the output.
+         *
+         * @since 8.0.0
+         *
+         * @param int|string $value    The value for the requested property.
+         * @param string     $property The name of the requested property.
+         * @param string     $context  The context of display.
+         */
+        'bp_the_members_invitation_property',
+        bp_get_the_members_invitation_property( $property ),
+        $property,
+        $context
+    );
 }
     /**
@@ -3452 +3491 @@
  */
 function bp_the_members_invitation_action_links( $args = '' ) {
+    // phpcs:ignore WordPress.Security.EscapeOutput
     echo bp_get_the_members_invitation_action_links( $args );
 }
@@ -3508 +3548 @@
  */
 function bp_the_members_invitations_resend_link( $user_id = 0 ) {
+    // phpcs:ignore WordPress.Security.EscapeOutput
     echo bp_get_the_members_invitation_delete_link( $user_id );
 }
@@ -3527 +3568 @@
         }
 
-        $retval = sprintf( '<a href="%1$s" class="resend secondary confirm bp-tooltip">%2$s</a>', esc_url( bp_get_the_members_invitations_resend_url( $user_id ) ), __( 'Resend', 'buddypress' ) );
+        $retval = sprintf( '<a href="%1$s" class="resend secondary confirm bp-tooltip">%2$s</a>', esc_url( bp_get_the_members_invitations_resend_url( $user_id ) ), esc_html__( 'Resend', 'buddypress' ) );
 
         /**
@@ -3599 +3640 @@
  */
 function bp_the_members_invitations_delete_link( $user_id = 0 ) {
+    // phpcs:ignore WordPress.Security.EscapeOutput
     echo bp_get_the_members_invitation_delete_link( $user_id );
 }
@@ -3696 +3738 @@
  */
 function bp_members_invitations_list_invites_permalink( $user_id = 0 ) {
-    echo bp_get_members_invitations_list_invites_permalink( $user_id );
+    echo esc_url( bp_get_members_invitations_list_invites_permalink( $user_id ) );
 }
     /**
@@ -3734 +3776 @@
  */
 function bp_members_invitations_send_invites_permalink( $user_id = 0 ) {
-    echo bp_get_members_invitations_send_invites_permalink( $user_id );
+    echo esc_url( bp_get_members_invitations_send_invites_permalink( $user_id ) );
 }
     /**