Changeset 13799 for trunk/src/bp-members/classes/class-bp-members-list-table.php

Timestamp:

04/23/2024 09:39:11 PM (2 years ago)

Author:

imath

Message:

Members component: improve PHP code standards using WPCS

See #7228 (trunk)

File:

• trunk/src/bp-members/classes/class-bp-members-list-table.php (modified) (8 diffs)

trunk/src/bp-members/classes/class-bp-members-list-table.php

@@ -216 +216 @@
             }
 
-            /* translators: %s: url to site settings */
-            printf( __( 'Registration is disabled. %s', 'buddypress' ), $link );
+            printf(
+                /* translators: %s: url to site settings */
+                esc_html__( 'Registration is disabled. %s', 'buddypress' ),
+                // The link has been escaped at line 213 & 215.
+                // phpcs:ignore WordPress.Security.EscapeOutput
+                $link
+            );
         }
 
@@ -249 +254 @@
             }
 
-            $style = ( ' class="alternate"' == $style ) ? '' : ' class="alternate"';
+            $style = 'alt' === $style ? '' : 'alt';
+
+            // Escapes are made into `self::single_row()`.
+            // phpcs:ignore WordPress.Security.EscapeOutput
             echo "\n\t" . $this->single_row( $signup_object, $style );
         }
@@ -268 +276 @@
      */
     public function single_row( $signup_object = null, $style = '', $role = '', $numposts = 0 ) {
-        echo '<tr' . $style . ' id="signup-' . esc_attr( $signup_object->id ) . '">';
+        if ( '' === $style ) {
+            echo '<tr id="signup-' . esc_attr( $signup_object->id ) . '">';
+        } else {
+            echo '<tr class="alternate" id="signup-' . esc_attr( $signup_object->id ) . '">';
+        }
+
+        // BuddyPress relies on WordPress's `WP_Users_List_Table::single_row_columns()`.
+        // phpcs:ignore WordPress.Security.EscapeOutput
         echo $this->single_row_columns( $signup_object );
         echo '</tr>';
@@ -282 +297 @@
     public function column_cb( $signup_object = null ) {
     ?>
-        <label class="screen-reader-text" for="signup_<?php echo intval( $signup_object->id ); ?>"><?php
-            /* translators: accessibility text */
-            printf( esc_html__( 'Select user: %s', 'buddypress' ), $signup_object->user_login );
-        ?></label>
+        <label class="screen-reader-text" for="signup_<?php echo intval( $signup_object->id ); ?>">
+            <?php
+            printf(
+                /* translators: accessibility text */
+                esc_html__( 'Select user: %s', 'buddypress' ),
+                esc_html( $signup_object->user_login )
+            );
+            ?>
+        </label>
         <input type="checkbox" id="signup_<?php echo intval( $signup_object->id ) ?>" name="allsignups[]" value="<?php echo esc_attr( $signup_object->id ) ?>" />
         <?php
@@ -330 +350 @@
         );
 
-        echo $avatar . sprintf( '<strong><a href="%1$s" class="edit">%2$s</a></strong><br/>', esc_url( $activate_link ), $signup_object->user_login );
+        echo wp_kses(
+            $avatar,
+            array(
+                'img' => array(
+                    'alt'    => true,
+                    'src'    => true,
+                    'srcset' => true,
+                    'class'  => true,
+                    'height' => true,
+                    'width'  => true,
+                )
+            )
+        );
+        printf( '<strong><a href="%1$s" class="edit">%2$s</a></strong><br/>', esc_url( $activate_link ), esc_html( $signup_object->user_login ) );
 
         $actions = array();
 
-        $actions['activate'] = sprintf( '<a href="%1$s">%2$s</a>', esc_url( $activate_link ), __( 'Activate', 'buddypress' ) );
-        $actions['resend']   = sprintf( '<a href="%1$s">%2$s</a>', esc_url( $email_link ), __( 'Email', 'buddypress' ) );
+        $actions['activate'] = sprintf( '<a href="%1$s">%2$s</a>', esc_url( $activate_link ), esc_html__( 'Activate', 'buddypress' ) );
+        $actions['resend']   = sprintf( '<a href="%1$s">%2$s</a>', esc_url( $email_link ), esc_html__( 'Email', 'buddypress' ) );
 
         if ( current_user_can( 'delete_users' ) ) {
-            $actions['delete'] = sprintf( '<a href="%1$s" class="delete">%2$s</a>', esc_url( $delete_link ), __( 'Delete', 'buddypress' ) );
+            $actions['delete'] = sprintf( '<a href="%1$s" class="delete">%2$s</a>', esc_url( $delete_link ), esc_html__( 'Delete', 'buddypress' ) );
         }
 
@@ -351 +384 @@
         $actions = apply_filters( 'bp_members_ms_signup_row_actions', $actions, $signup_object );
 
+        // BuddyPress relies on WordPress's `WP_Users_List_Table::row_actions()`.
+        // phpcs:ignore WordPress.Security.EscapeOutput
         echo $this->row_actions( $actions );
     }
@@ -407 +442 @@
      */
     public function column_registered( $signup_object = null ) {
-        echo mysql2date( 'Y/m/d g:i:s a', $signup_object->registered );
+        echo esc_html( mysql2date( 'Y/m/d g:i:s a', $signup_object->registered ) );
     }
 
@@ -419 +454 @@
     public function column_date_sent( $signup_object = null ) {
         if ( $signup_object->count_sent > 0 ) {
-            echo mysql2date( 'Y/m/d g:i:s a', $signup_object->date_sent );
+            echo esc_html( mysql2date( 'Y/m/d g:i:s a', $signup_object->date_sent ) );
         } else {
-            $message = __( 'Not yet notified', 'buddypress' );
+            $message = esc_html__( 'Not yet notified', 'buddypress' );
 
             /**