Skip to:
Content

BuddyPress.org

Changeset 13802


Ignore:
Timestamp:
04/24/2024 08:33:36 PM (15 months ago)
Author:
imath
Message:

Blogs component: improve PHP code standards using WPCS

See #7228 (trunk)

Location:
trunk/src/bp-blogs
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/bp-blogs/bp-blogs-template.php

    r13580 r13802  
    1818 */
    1919function bp_blogs_slug() {
    20     echo bp_get_blogs_slug();
     20    echo esc_url( bp_get_blogs_slug() );
    2121}
    2222    /**
     
    4646 */
    4747function bp_blogs_root_slug() {
    48     echo bp_get_blogs_root_slug();
     48    echo esc_url( bp_get_blogs_root_slug() );
    4949}
    5050    /**
     
    251251 */
    252252function bp_blogs_pagination_count() {
    253     echo bp_get_blogs_pagination_count();
     253    echo esc_html( bp_get_blogs_pagination_count() );
    254254}
    255255
     
    295295 */
    296296function bp_blogs_pagination_links() {
     297    // Escaping is done in WordPress's `paginate_links()` function.
     298    // phpcs:ignore WordPress.Security.EscapeOutput
    297299    echo bp_get_blogs_pagination_links();
    298300}
     
    325327 */
    326328function bp_blog_avatar( $args = '' ) {
     329    // phpcs:ignore WordPress.Security.EscapeOutput
    327330    echo bp_get_blog_avatar( $args );
    328331}
     
    488491
    489492function bp_blog_permalink() {
    490     echo bp_get_blog_permalink();
     493    echo esc_url( bp_get_blog_permalink() );
    491494}
    492495    function bp_get_blog_permalink() {
     
    519522 */
    520523function bp_blog_name() {
    521     echo bp_get_blog_name();
     524    echo esc_html( bp_get_blog_name() );
    522525}
    523526    /**
     
    545548 */
    546549function bp_blog_id() {
    547     echo bp_get_blog_id();
     550    echo intval( bp_get_blog_id() );
    548551}
    549552    /**
     
    579582     * @param string $value Description of the current blog in the loop.
    580583     */
    581     echo apply_filters( 'bp_blog_description', bp_get_blog_description() );
     584    echo esc_html( apply_filters( 'bp_blog_description', bp_get_blog_description() ) );
    582585}
    583586    /**
     
    607610 */
    608611function bp_blog_class( $classes = array() ) {
     612    // phpcs:ignore WordPress.Security.EscapeOutput
    609613    echo bp_get_blog_class( $classes );
    610614}
     
    639643         * @param array $classes Array of classes to be applied to row.
    640644         */
    641         $classes = apply_filters( 'bp_get_blog_class', $classes );
     645        $classes = array_map( 'sanitize_html_class', apply_filters( 'bp_get_blog_class', $classes ) );
    642646        $classes = array_merge( $classes, array() );
    643647        $retval  = 'class="' . join( ' ', $classes ) . '"';
     
    652656 */
    653657function bp_blog_last_active( $args = array() ) {
    654     echo bp_get_blog_last_active( $args );
     658    echo esc_html( bp_get_blog_last_active( $args ) );
    655659}
    656660    /**
     
    712716 */
    713717function bp_blog_latest_post( $args = array() ) {
    714     echo bp_get_blog_latest_post( $args );
     718    echo wp_kses(
     719        bp_get_blog_latest_post( $args ),
     720        array(
     721            'a' => array(
     722                'href' => true,
     723            ),
     724        )
     725    );
    715726}
    716727    /**
     
    779790 */
    780791function bp_blog_latest_post_title() {
    781     echo bp_get_blog_latest_post_title();
     792    echo esc_html( bp_get_blog_latest_post_title() );
    782793}
    783794    /**
     
    852863 */
    853864function bp_blog_latest_post_content() {
    854     echo bp_get_blog_latest_post_content();
     865    echo wp_kses_post( bp_get_blog_latest_post_content() );
    855866}
    856867    /**
     
    868879        $retval = '';
    869880
    870         if ( ! empty( $blogs_template->blog->latest_post ) && ! empty( $blogs_template->blog->latest_post->post_content ) )
     881        if ( ! empty( $blogs_template->blog->latest_post ) && ! empty( $blogs_template->blog->latest_post->post_content ) ) {
    871882            $retval = $blogs_template->blog->latest_post->post_content;
     883        }
    872884
    873885        /**
     
    891903 */
    892904function bp_blog_latest_post_featured_image( $size = 'thumbnail' ) {
    893     echo bp_get_blog_latest_post_featured_image( $size );
     905    echo esc_url( bp_get_blog_latest_post_featured_image( $size ) );
    894906}
    895907    /**
     
    909921        $retval = '';
    910922
    911         if ( ! empty( $blogs_template->blog->latest_post ) && ! empty( $blogs_template->blog->latest_post->images[$size] ) )
     923        if ( ! empty( $blogs_template->blog->latest_post ) && ! empty( $blogs_template->blog->latest_post->images[$size] ) ) {
    912924            $retval = $blogs_template->blog->latest_post->images[$size];
     925        }
    913926
    914927        /**
     
    955968 */
    956969function bp_blog_hidden_fields() {
    957     if ( isset( $_REQUEST['s'] ) )
     970    if ( isset( $_REQUEST['s'] ) ) {
    958971        echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['s'] ). '" name="search_terms" />';
    959 
    960     if ( isset( $_REQUEST['letter'] ) )
     972    }
     973
     974    if ( isset( $_REQUEST['letter'] ) ) {
    961975        echo '<input type="hidden" id="selected_letter" value="' . esc_attr( $_REQUEST['letter'] ) . '" name="selected_letter" />';
    962 
    963     if ( isset( $_REQUEST['blogs_search'] ) )
     976    }
     977
     978    if ( isset( $_REQUEST['blogs_search'] ) ) {
    964979        echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['blogs_search'] ) . '" name="search_terms" />';
     980    }
    965981}
    966982
     
    969985 */
    970986function bp_total_blog_count() {
    971     echo bp_get_total_blog_count();
     987    echo intval( bp_get_total_blog_count() );
    972988}
    973989    /**
     
    9951011 */
    9961012function bp_total_blog_count_for_user( $user_id = 0 ) {
    997     echo bp_get_total_blog_count_for_user( $user_id );
     1013    echo intval( bp_get_total_blog_count_for_user( $user_id ) );
    9981014}
    9991015    /**
     
    10671083                printf(
    10681084                    '<p class="error">%s</p>',
    1069                     $errors->get_error_message()
     1085                    esc_html( $errors->get_error_message() )
    10701086                );
    10711087            }
     
    11681184                '<input name="blogname" type="text" id="blogname" value="%1$s" maxlength="63" style="width: auto!important" %2$s/> <span class="suffix_address">.%3$s</span><br />',
    11691185                esc_attr( $blogname ),
     1186                // phpcs:ignore WordPress.Security.EscapeOutput
    11701187                bp_get_form_field_attributes( 'blogname' ),
    1171                 bp_signup_get_subdomain_base()
     1188                esc_url( bp_signup_get_subdomain_base() )
    11721189            );
    11731190        }
    11741191        if ( is_wp_error( $errors ) && $errors->get_error_message( 'blogname' ) ) {
    1175             printf( '<div class="error">%s</div>', $errors->get_error_message( 'blogname' ) );
     1192            printf( '<div class="error">%s</div>', esc_html( $errors->get_error_message( 'blogname' ) ) );
    11761193        }
    11771194        ?>
     
    11981215            sprintf(
    11991216                /* translators: %s is the site url. */
    1200                 esc_html__( 'Your address will be %s' , 'buddypress' ), $url
     1217                esc_html__( 'Your address will be %s' , 'buddypress' ), esc_url( $url )
    12011218            ),
    12021219            esc_html__( 'Must be at least 4 characters, letters and numbers only. It cannot be changed so choose carefully!' , 'buddypress' )
     
    12121229        <?php
    12131230        if ( is_wp_error( $errors ) && $errors->get_error_message( 'blog_title' ) ) {
    1214             printf( '<div class="error">%s</div>', $errors->get_error_message( 'blog_title' ) );
     1231            printf( '<div class="error">%s</div>', esc_html( $errors->get_error_message( 'blog_title' ) ) );
    12151232        }
    12161233        ?>
     
    13631380    );
    13641381
    1365     /**
    1366      * Filters "Create a Site" links for users viewing their own profiles.
    1367      *
    1368      * @since 1.0.0
    1369      *
    1370      * @param string $url HTML link for creating a site.
    1371      */
    1372     echo apply_filters( 'bp_create_blog_link', '<a href="' . $url . '">' . __( 'Create a Site', 'buddypress' ) . '</a>' );
     1382    // phpcs:ignore WordPress.Security.EscapeOutput
     1383    echo apply_filters(
     1384        /**
     1385         * Filters "Create a Site" links for users viewing their own profiles.
     1386         *
     1387         * @since 1.0.0
     1388         *
     1389         * @param string $url HTML link for creating a site.
     1390         */
     1391        'bp_create_blog_link',
     1392        '<a href="' . esc_url( $url ) . '">' . esc_html__( 'Create a Site', 'buddypress' ) . '</a>'
     1393    );
    13731394}
    13741395
     
    13901411    $search_form_html = '<form action="" method="get" id="search-blogs-form">
    13911412        <label for="blogs_search"><input type="text" name="' . esc_attr( $query_arg ) . '" id="blogs_search" placeholder="'. esc_attr( $search_value ) .'" /></label>
    1392         <input type="submit" id="blogs_search_submit" name="blogs_search_submit" value="' . __( 'Search', 'buddypress' ) . '" />
     1413        <input type="submit" id="blogs_search_submit" name="blogs_search_submit" value="' . esc_attr__( 'Search', 'buddypress' ) . '" />
    13931414    </form>';
    13941415
    1395     /**
    1396      * Filters the output for the blog directory search form.
    1397      *
    1398      * @since 1.9.0
    1399      *
    1400      * @param string $search_form_html HTML markup for blog directory search form.
    1401      */
    1402     echo apply_filters( 'bp_directory_blogs_search_form', $search_form_html );
     1416    // phpcs:ignore WordPress.Security.EscapeOutput
     1417    echo apply_filters(
     1418        /**
     1419         * Filters the output for the blog directory search form.
     1420         *
     1421         * @since 1.9.0
     1422         *
     1423         * @param string $search_form_html HTML markup for blog directory search form.
     1424         */
     1425        'bp_directory_blogs_search_form',
     1426        $search_form_html
     1427    );
    14031428}
    14041429
     
    14091434 */
    14101435function bp_blog_create_button() {
     1436    // Escaping is done in `BP_Core_HTML_Element()`.
     1437    // phpcs:ignore WordPress.Security.EscapeOutput
    14111438    echo bp_get_blog_create_button();
    14121439}
     
    14591486 */
    14601487function bp_blog_create_nav_item() {
     1488    // Escaping is done in `BP_Core_HTML_Element()`.
     1489    // phpcs:ignore WordPress.Security.EscapeOutput
    14611490    echo bp_get_blog_create_nav_item();
    14621491}
     
    15191548 */
    15201549function bp_blogs_visit_blog_button( $args = '' ) {
     1550    // Escaping is done in `BP_Core_HTML_Element()`.
     1551    // phpcs:ignore WordPress.Security.EscapeOutput
    15211552    echo bp_get_blogs_visit_blog_button( $args );
    15221553}
     
    16021633 */
    16031634function bp_blogs_profile_stats( $args = '' ) {
    1604     echo bp_blogs_get_profile_stats( $args );
     1635    echo wp_kses(
     1636        bp_blogs_get_profile_stats( $args ),
     1637        array(
     1638            'li'     => array( 'class' => true ),
     1639            'div'    => array( 'class' => true ),
     1640            'strong' => true,
     1641            'a'      => array( 'href' => true ),
     1642        )
     1643    );
    16051644}
    16061645add_action( 'bp_members_admin_user_stats', 'bp_blogs_profile_stats', 9, 1 );

  • trunk/src/bp-blogs/bp-blogs-widgets.php

    r13481 r13802  
    1212defined( 'ABSPATH' ) || exit;
    1313
    14 _deprecated_file( basename( __FILE__ ), '12.0.0', '', __( 'BuddyPress does not include Legacy Widgets anymore, you can restore it using the BP Classic plugin', 'buddypress' ) );
     14_deprecated_file( basename( __FILE__ ), '12.0.0', '', esc_html__( 'BuddyPress does not include Legacy Widgets anymore, you can restore it using the BP Classic plugin', 'buddypress' ) );

  • trunk/src/bp-blogs/classes/class-bp-blogs-blog.php

    r13421 r13802  
    198198        // Backward compatibility with old method of passing arguments.
    199199        if ( ! is_array( $args[0] ) || count( $args ) > 1 ) {
    200             _deprecated_argument( __METHOD__, '10.0.0', sprintf( __( 'Arguments passed to %1$s should be in an associative array. See the inline documentation at %2$s for more details.', 'buddypress' ), __METHOD__, __FILE__ ) );
     200            _deprecated_argument( __METHOD__, '10.0.0', sprintf( esc_html__( 'Arguments passed to %1$s should be in an associative array. See the inline documentation at %2$s for more details.', 'buddypress' ), __METHOD__, __FILE__ ) );
    201201
    202202            $old_args_keys = [

  • trunk/src/bp-blogs/classes/class-bp-blogs-recent-posts-widget.php

    r13481 r13802  
    1212defined( 'ABSPATH' ) || exit;
    1313
    14 _deprecated_file( basename( __FILE__ ), '12.0.0', '', __( 'BuddyPress does not include Legacy Widgets anymore, you can restore it using the BP Classic plugin', 'buddypress' ) );
     14_deprecated_file( basename( __FILE__ ), '12.0.0', '', esc_html__( 'BuddyPress does not include Legacy Widgets anymore, you can restore it using the BP Classic plugin', 'buddypress' ) );
    1515
    1616/**

  • trunk/src/bp-blogs/classes/class-bp-blogs-template.php

    r13405 r13802  
    103103        // Backward compatibility with old method of passing arguments.
    104104        if ( ! is_array( $args[0] ) || count( $args ) > 1 ) {
    105             _deprecated_argument( __METHOD__, '10.0.0', sprintf( __( 'Arguments passed to %1$s should be in an associative array. See the inline documentation at %2$s for more details.', 'buddypress' ), __METHOD__, __FILE__ ) );
     105            _deprecated_argument( __METHOD__, '10.0.0', sprintf( esc_html__( 'Arguments passed to %1$s should be in an associative array. See the inline documentation at %2$s for more details.', 'buddypress' ), __METHOD__, __FILE__ ) );
    106106
    107107            $old_args_keys = [
Note: See TracChangeset for help on using the changeset viewer.