Changeset 13806
- Timestamp:
- 04/25/2024 05:14:05 PM (23 months ago)
- Location:
- trunk/src/bp-xprofile
- Files:
-
- 21 edited
-
bp-xprofile-activity.php (modified) (1 diff)
-
bp-xprofile-admin.php (modified) (13 diffs)
-
bp-xprofile-filters.php (modified) (2 diffs)
-
bp-xprofile-template.php (modified) (36 diffs)
-
classes/class-bp-xprofile-data-template.php (modified) (1 diff)
-
classes/class-bp-xprofile-field-type-checkbox-acceptance.php (modified) (3 diffs)
-
classes/class-bp-xprofile-field-type-checkbox.php (modified) (1 diff)
-
classes/class-bp-xprofile-field-type-datebox.php (modified) (12 diffs)
-
classes/class-bp-xprofile-field-type-multiselectbox.php (modified) (5 diffs)
-
classes/class-bp-xprofile-field-type-number.php (modified) (2 diffs)
-
classes/class-bp-xprofile-field-type-radiobutton.php (modified) (3 diffs)
-
classes/class-bp-xprofile-field-type-selectbox.php (modified) (3 diffs)
-
classes/class-bp-xprofile-field-type-telephone.php (modified) (2 diffs)
-
classes/class-bp-xprofile-field-type-textarea.php (modified) (2 diffs)
-
classes/class-bp-xprofile-field-type-textbox.php (modified) (2 diffs)
-
classes/class-bp-xprofile-field-type-url.php (modified) (2 diffs)
-
classes/class-bp-xprofile-field-type-wordpress-biography.php (modified) (2 diffs)
-
classes/class-bp-xprofile-field-type-wordpress-textbox.php (modified) (2 diffs)
-
classes/class-bp-xprofile-field-type.php (modified) (2 diffs)
-
classes/class-bp-xprofile-field.php (modified) (2 diffs)
-
classes/class-bp-xprofile-user-admin.php (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/bp-xprofile/bp-xprofile-activity.php
r13503 r13806 274 274 ?> 275 275 276 <option value="updated_profile"><?php _e( 'Profile Updates', 'buddypress' ) ?></option>276 <option value="updated_profile"><?php esc_html_e( 'Profile Updates', 'buddypress' ) ?></option> 277 277 278 278 <?php -
trunk/src/bp-xprofile/bp-xprofile-admin.php
r13797 r13806 151 151 152 152 <div class="wrap"> 153 <h1 class="wp-heading-inline"><?php _ex( 'Profile Fields', 'Settings page header', 'buddypress'); ?></h1>154 155 <a id="add_group" class="page-title-action" href="<?php echo esc_url( $add_group_url ); ?>"><?php _e( 'Add New Field Group', 'buddypress' ); ?></a>153 <h1 class="wp-heading-inline"><?php echo esc_html_x( 'Profile Fields', 'Settings page header', 'buddypress'); ?></h1> 154 155 <a id="add_group" class="page-title-action" href="<?php echo esc_url( $add_group_url ); ?>"><?php esc_html_e( 'Add New Field Group', 'buddypress' ); ?></a> 156 156 157 157 <hr class="wp-header-end"> … … 167 167 $type = ( $type == 'error' ) ? 'error' : 'updated'; ?> 168 168 169 <div id="message" class="<?php echo $type; ?> fade notice is-dismissible">169 <div id="message" class="<?php echo esc_attr( $type ); ?> fade notice is-dismissible"> 170 170 <p><?php echo esc_html( $message ); ?></p> 171 171 </div> … … 186 186 187 187 <?php if ( ! $group->can_delete ) : ?> 188 <?php _e( '(Primary)', 'buddypress'); ?>188 <?php esc_html_e( '(Primary)', 'buddypress'); ?> 189 189 <?php endif; ?> 190 190 … … 235 235 <div class="tab-toolbar"> 236 236 <div class="tab-toolbar-left"> 237 <a class="button-primary" href="<?php echo esc_url( $add_field_url ); ?>"><?php _e( 'Add New Field', 'buddypress' ); ?></a>238 <a class="button edit" href="<?php echo esc_url( $edit_group_url ); ?>"><?php _ex( 'Edit Group', 'Edit Profile Fields Group', 'buddypress' ); ?></a>237 <a class="button-primary" href="<?php echo esc_url( $add_field_url ); ?>"><?php esc_html_e( 'Add New Field', 'buddypress' ); ?></a> 238 <a class="button edit" href="<?php echo esc_url( $edit_group_url ); ?>"><?php echo esc_html_x( 'Edit Group', 'Edit Profile Fields Group', 'buddypress' ); ?></a> 239 239 240 240 <?php if ( $group->can_delete ) : ?> 241 241 242 242 <div class="delete-button"> 243 <a class="confirm submitdelete deletion ajax-option-delete" href="<?php echo esc_url( $delete_group_url ); ?>"><?php _ex( 'Delete Group', 'Delete Profile Fields Group', 'buddypress' ); ?></a>243 <a class="confirm submitdelete deletion ajax-option-delete" href="<?php echo esc_url( $delete_group_url ); ?>"><?php echo esc_html_x( 'Delete Group', 'Delete Profile Fields Group', 'buddypress' ); ?></a> 244 244 </div> 245 245 … … 274 274 /** This filter is documented in bp-xprofile/bp-xprofile-template.php */ 275 275 /* translators: accessibility text */ 276 printf( esc_html__( 'Fields for "%s" Group', 'buddypress' ), apply_filters( 'bp_get_the_profile_group_name', $group->name) );276 printf( esc_html__( 'Fields for "%s" Group', 'buddypress' ), esc_html( apply_filters( 'bp_get_the_profile_group_name', $group->name ) ) ); 277 277 ?></legend> 278 278 … … 300 300 else : // !$group->fields ?> 301 301 302 <p class="nodrag nofields"><?php _e( 'There are no fields in this group.', 'buddypress' ); ?></p>302 <p class="nodrag nofields"><?php esc_html_e( 'There are no fields in this group.', 'buddypress' ); ?></p> 303 303 304 304 <?php endif; // End $group->fields. ?> … … 310 310 <?php endforeach; else : ?> 311 311 312 <div id="message" class="error notice is-dismissible"><p><?php _ex( 'You have no groups.', 'You have no profile fields groups.', 'buddypress' ); ?></p></div>313 <p><a href="<?php echo esc_url( $add_group_url ); ?>"><?php _ex( 'Add New Group', 'Add New Profile Fields Group', 'buddypress' ); ?></a></p>312 <div id="message" class="error notice is-dismissible"><p><?php echo esc_html_x( 'You have no groups.', 'You have no profile fields groups.', 'buddypress' ); ?></p></div> 313 <p><a href="<?php echo esc_url( $add_group_url ); ?>"><?php echo esc_html_x( 'Add New Group', 'Add New Profile Fields Group', 'buddypress' ); ?></a></p> 314 314 315 315 <?php endif; ?> … … 360 360 } 361 361 362 // Escaping is done in `xprofile_admin_field()`. 363 // phpcs:ignore WordPress.Security.EscapeOutput 362 364 echo $signup_fields[ $ordered_signup_field_id ]; 363 365 } … … 397 399 /* translators: %s is the link to the registration settings. */ 398 400 esc_html__( '* Fields in this group will appear on the registration page as soon as users will be able to register to your site.%s', 'buddypress' ), 401 // phpcs:ignore WordPress.Security.EscapeOutput 399 402 $settings_link 400 403 ); … … 804 807 /* translators: %s is the field type name. */ 805 808 esc_html__( 'Delete %s', 'buddypress' ), 806 $field_type809 esc_html( $field_type ) 807 810 ); 808 811 ?> … … 1071 1074 ?> 1072 1075 1073 <fieldset id="<?php echo esc_attr( $fieldset_id ); ?>" class="sortable<?php echo ' ' . $field->type; if ( ! empty( $class ) ) echo ' ' . $class; ?>">1076 <fieldset id="<?php echo esc_attr( $fieldset_id ); ?>" class="sortable<?php echo ' ' . esc_attr( $field->type ); if ( ! empty( $class ) ) echo ' ' . esc_attr( $class ); ?>"> 1074 1077 <legend> 1075 1078 <span> … … 1081 1084 <span class="bp-signup-field-label"><?php esc_html_e( '(Sign-up)', 'buddypress' );?></span> 1082 1085 <?php endif; ?> 1083 <?php if ( bp_get_member_types() ) : echo $field->get_member_type_label(); endif; ?>1086 <?php if ( bp_get_member_types() ) : echo wp_kses( $field->get_member_type_label(), array( 'span' => array( 'class' => true ) ) ); endif; ?> 1084 1087 1085 1088 <?php … … 1124 1127 1125 1128 <div class="actions"> 1126 <a class="button edit" href="<?php echo esc_url( $field_edit_url ); ?>"><?php _ex( 'Edit', 'Edit field link', 'buddypress' ); ?></a>1129 <a class="button edit" href="<?php echo esc_url( $field_edit_url ); ?>"><?php echo esc_html_x( 'Edit', 'Edit field link', 'buddypress' ); ?></a> 1127 1130 1128 1131 <?php if ( $field->can_delete && ! $is_signup ) : ?> 1129 1132 1130 1133 <div class="delete-button"> 1131 <a class="confirm submit-delete deletion" href="<?php echo esc_url( wp_nonce_url( $field_delete_url, 'bp_xprofile_delete_field-' . $field->id, 'bp_xprofile_delete_field' ) ); ?>"><?php _ex( 'Delete', 'Delete field link', 'buddypress' ); ?></a>1134 <a class="confirm submit-delete deletion" href="<?php echo esc_url( wp_nonce_url( $field_delete_url, 'bp_xprofile_delete_field-' . $field->id, 'bp_xprofile_delete_field' ) ); ?>"><?php echo esc_html_x( 'Delete', 'Delete field link', 'buddypress' ); ?></a> 1132 1135 </div> 1133 1136 -
trunk/src/bp-xprofile/bp-xprofile-filters.php
r13484 r13806 564 564 * 565 565 * @since 2.0.0 566 * 566 * 567 567 * @global wpdb $wpdb WordPress database object. 568 568 * … … 729 729 730 730 if ( 1 === $args['profile_group_id'] || array_diff_key( $expected_args, $needed_args ) ) { 731 _doing_it_wrong( 'bp_has_profile()', __( 'The argument of this function into your custom `members/register.php` template should be bp_xprofile_signup_args()', 'buddypress' ), '8.0.0' );731 _doing_it_wrong( 'bp_has_profile()', esc_html__( 'The argument of this function into your custom `members/register.php` template should be bp_xprofile_signup_args()', 'buddypress' ), '8.0.0' ); 732 732 $args = $expected_args; 733 733 } -
trunk/src/bp-xprofile/bp-xprofile-template.php
r13528 r13806 146 146 */ 147 147 function bp_field_css_class( $class = false ) { 148 // phpcs:ignore WordPress.Security.EscapeOutput 148 149 echo bp_get_field_css_class( $class ); 149 150 } … … 200 201 * @param array $css_classes Array of classes to be applied to field. Passed by reference. 201 202 */ 202 $css_classes = a pply_filters_ref_array( 'bp_field_css_classes', array( &$css_classes) );203 $css_classes = array_map( 'sanitize_html_class', apply_filters_ref_array( 'bp_field_css_classes', array( &$css_classes ) ) ); 203 204 204 205 /** … … 268 269 */ 269 270 function bp_the_profile_group_id() { 270 echo bp_get_the_profile_group_id();271 echo intval( bp_get_the_profile_group_id() ); 271 272 } 272 273 … … 299 300 */ 300 301 function bp_the_profile_group_name() { 301 echo bp_get_the_profile_group_name();302 echo esc_html( bp_get_the_profile_group_name() ); 302 303 } 303 304 … … 330 331 */ 331 332 function bp_the_profile_group_slug() { 332 echo bp_get_the_profile_group_slug();333 echo esc_url( bp_get_the_profile_group_slug() ); 333 334 } 334 335 … … 361 362 */ 362 363 function bp_the_profile_group_description() { 364 // Escaping is made in `bp-xprofile/bp-xprofile-filters.php`. 365 // phpcs:ignore WordPress.Security.EscapeOutput 363 366 echo bp_get_the_profile_group_description(); 364 367 } … … 392 395 */ 393 396 function bp_the_profile_group_edit_form_action() { 394 echo bp_get_the_profile_group_edit_form_action();397 echo esc_url( bp_get_the_profile_group_edit_form_action() ); 395 398 } 396 399 … … 427 430 */ 428 431 function bp_the_profile_group_field_ids() { 429 echo bp_get_the_profile_group_field_ids();432 echo esc_attr( bp_get_the_profile_group_field_ids() ); 430 433 } 431 434 … … 459 462 */ 460 463 function bp_the_profile_field_ids() { 461 echo bp_get_the_profile_field_ids();464 echo esc_attr( bp_get_the_profile_field_ids() ); 462 465 } 463 466 /** … … 531 534 */ 532 535 function bp_the_profile_field_id() { 533 echo bp_get_the_profile_field_id();536 echo intval( bp_get_the_profile_field_id() ); 534 537 } 535 538 … … 562 565 */ 563 566 function bp_the_profile_field_name() { 567 // Escaping is made in `bp-xprofile/bp-xprofile-filters.php`. 568 // phpcs:ignore WordPress.Security.EscapeOutput 564 569 echo bp_get_the_profile_field_name(); 565 570 } … … 593 598 */ 594 599 function bp_the_profile_field_value() { 600 // Escaping is made in `bp_xprofile_escape_field_data()`. 601 // phpcs:ignore WordPress.Security.EscapeOutput 595 602 echo bp_get_the_profile_field_value(); 596 603 } … … 628 635 */ 629 636 function bp_the_profile_field_edit_value() { 637 // Escaping is made in `bp_xprofile_escape_field_data()`. 638 // phpcs:ignore WordPress.Security.EscapeOutput 630 639 echo bp_get_the_profile_field_edit_value(); 631 640 } … … 678 687 */ 679 688 function bp_the_profile_field_type() { 680 echo bp_get_the_profile_field_type();689 echo esc_html( bp_get_the_profile_field_type() ); 681 690 } 682 691 … … 709 718 */ 710 719 function bp_the_profile_field_description() { 720 // Escaping is made in `bp-xprofile/bp-xprofile-filters.php`. 721 // phpcs:ignore WordPress.Security.EscapeOutput 711 722 echo bp_get_the_profile_field_description(); 712 723 } … … 740 751 */ 741 752 function bp_the_profile_field_input_name() { 742 echo bp_get_the_profile_field_input_name();753 echo esc_attr( bp_get_the_profile_field_input_name() ); 743 754 } 744 755 … … 794 805 */ 795 806 function bp_the_profile_field_options( $args = array() ) { 807 // Escaping is made in `BP_XProfile_Field_Type->edit_field_options_html()`. 808 // phpcs:ignore WordPress.Security.EscapeOutput 796 809 echo bp_get_the_profile_field_options( $args ); 797 810 } … … 852 865 * Render whether or not a profile field is required. 853 866 * 867 * @todo deprecate (not used internaly) + it doesn't make much sense to output a boolean. 868 * 854 869 * @since 1.1.0 855 870 */ 856 871 function bp_the_profile_field_is_required() { 872 // phpcs:ignore WordPress.Security.EscapeOutput 857 873 echo bp_get_the_profile_field_is_required(); 858 874 } … … 894 910 */ 895 911 function bp_the_profile_field_visibility_level() { 896 echo bp_get_the_profile_field_visibility_level();912 echo esc_html( bp_get_the_profile_field_visibility_level() ); 897 913 } 898 914 … … 934 950 */ 935 951 function bp_the_profile_field_visibility_level_label() { 936 echo bp_get_the_profile_field_visibility_level_label();952 echo esc_html( bp_get_the_profile_field_visibility_level_label() ); 937 953 } 938 954 … … 999 1015 */ 1000 1016 function bp_profile_field_data( $args = '' ) { 1017 // Escaping is made in `bp-xprofile/bp-xprofile-filters.php`. 1018 // phpcs:ignore WordPress.Security.EscapeOutput 1001 1019 echo bp_get_profile_field_data( $args ); 1002 1020 } … … 1088 1106 */ 1089 1107 function bp_profile_group_tabs() { 1108 // phpcs:ignore WordPress.Security.EscapeOutput 1090 1109 echo bp_get_profile_group_tabs(); 1091 1110 … … 1166 1185 return bp_get_profile_group_name(); 1167 1186 } else { 1168 echo bp_get_profile_group_name();1187 echo esc_html( bp_get_profile_group_name() ); 1169 1188 } 1170 1189 } … … 1210 1229 1211 1230 if ( empty( $last_updated ) ) { 1212 _e( 'Profile not recently updated.', 'buddypress' );1231 esc_html_e( 'Profile not recently updated.', 'buddypress' ); 1213 1232 } else { 1214 echo $last_updated;1233 echo esc_html( $last_updated ); 1215 1234 } 1216 1235 } … … 1252 1271 */ 1253 1272 function bp_current_profile_group_id() { 1254 echo bp_get_current_profile_group_id();1273 echo intval( bp_get_current_profile_group_id() ); 1255 1274 } 1256 1275 … … 1307 1326 */ 1308 1327 function bp_profile_visibility_radio_buttons( $args = '' ) { 1328 // phpcs:ignore WordPress.Security.EscapeOutput 1309 1329 echo bp_profile_get_visibility_radio_buttons( $args ); 1310 1330 } … … 1351 1371 ob_start(); 1352 1372 1353 // Output anything before.1373 // phpcs:ignore WordPress.Security.EscapeOutput 1354 1374 echo $r['before']; ?> 1355 1375 … … 1358 1378 <?php foreach( bp_xprofile_get_visibility_levels() as $level ) : ?> 1359 1379 1360 <?php printf( $r['before_radio'], esc_attr( $level['id'] ) ); ?> 1380 <?php 1381 // phpcs:ignore WordPress.Security.EscapeOutput 1382 printf( $r['before_radio'], esc_attr( $level['id'] ) ); 1383 ?> 1361 1384 1362 1385 <label for="<?php echo esc_attr( 'see-field_' . $r['field_id'] . '_' . $level['id'] ); ?>"> … … 1365 1388 </label> 1366 1389 1367 <?php echo $r['after_radio']; ?> 1390 <?php 1391 // phpcs:ignore WordPress.Security.EscapeOutput 1392 echo $r['after_radio']; 1393 ?> 1368 1394 1369 1395 <?php endforeach; ?> … … 1371 1397 <?php endif; 1372 1398 1373 // Output anything after.1399 // phpcs:ignore WordPress.Security.EscapeOutput 1374 1400 echo $r['after']; 1375 1401 … … 1398 1424 */ 1399 1425 function bp_profile_settings_visibility_select( $args = '' ) { 1426 // phpcs:ignore WordPress.Security.EscapeOutput 1400 1427 echo bp_profile_get_settings_visibility_select( $args ); 1401 1428 } … … 1448 1475 ob_start(); 1449 1476 1450 // Output anything before.1477 // phpcs:ignore WordPress.Security.EscapeOutput 1451 1478 echo $r['before']; ?> 1452 1479 1453 1480 <?php if ( bp_current_user_can( 'bp_xprofile_change_field_visibility' ) ) : ?> 1454 1481 1455 <?php echo $r['before_controls']; ?> 1482 <?php 1483 // phpcs:ignore WordPress.Security.EscapeOutput 1484 echo $r['before_controls']; 1485 ?> 1456 1486 1457 1487 <label for="<?php echo esc_attr( 'field_' . $r['field_id'] ) ; ?>_visibility" class="<?php echo esc_attr( $r['label_class'] ); ?>"><?php 1458 1488 /* translators: accessibility text */ 1459 _e( 'Select visibility', 'buddypress' );1489 esc_html_e( 'Select visibility', 'buddypress' ); 1460 1490 ?></label> 1461 1491 <select class="<?php echo esc_attr( $r['class'] ); ?>" name="<?php echo esc_attr( 'field_' . $r['field_id'] ) ; ?>_visibility" id="<?php echo esc_attr( 'field_' . $r['field_id'] ) ; ?>_visibility"> … … 1469 1499 </select> 1470 1500 1471 <?php echo $r['after_controls']; ?> 1501 <?php 1502 // phpcs:ignore WordPress.Security.EscapeOutput 1503 echo $r['after_controls']; 1504 ?> 1472 1505 1473 1506 <?php else : ?> … … 1477 1510 <?php endif; 1478 1511 1479 // Output anything after.1512 // phpcs:ignore WordPress.Security.EscapeOutput 1480 1513 echo $r['after']; 1481 1514 … … 1502 1535 */ 1503 1536 function bp_the_profile_field_required_label() { 1537 // phpcs:ignore WordPress.Security.EscapeOutput 1504 1538 echo bp_get_the_profile_field_required_label(); 1505 1539 } … … 1516 1550 1517 1551 if ( bp_get_the_profile_field_is_required() ) { 1518 $translated_string = __( '(required)', 'buddypress' );1552 $translated_string = esc_html__( '(required)', 'buddypress' ); 1519 1553 1520 1554 $retval = ' <span class="bp-required-field-label">'; -
trunk/src/bp-xprofile/classes/class-bp-xprofile-data-template.php
r13484 r13806 132 132 // Backward compatibility with old method of passing arguments. 133 133 if ( ! is_array( $args ) || count( $function_args ) > 1 ) { 134 _deprecated_argument( __METHOD__, '2.3.0', sprintf( __( 'Arguments passed to %1$s should be in an associative array. See the inline documentation at %2$s for more details.', 'buddypress' ), __METHOD__, __FILE__ ) );134 _deprecated_argument( __METHOD__, '2.3.0', sprintf( esc_html__( 'Arguments passed to %1$s should be in an associative array. See the inline documentation at %2$s for more details.', 'buddypress' ), __METHOD__, __FILE__ ) ); 135 135 136 136 $old_args_keys = array( -
trunk/src/bp-xprofile/classes/class-bp-xprofile-field-type-checkbox-acceptance.php
r13372 r13806 153 153 <?php if ( $page instanceof WP_Post ) : ?> 154 154 <label for="<?php bp_the_profile_field_input_name(); ?>"> 155 <input <?php echo $this->get_edit_field_html_elements( $r ); ?>>155 <input <?php $this->output_edit_field_html_elements( $r ); ?>> 156 156 <?php 157 157 printf( … … 189 189 <p> 190 190 <?php 191 // Escaping is done in `wp_dropdown_pages()`. 192 // phpcs:ignore WordPress.Security.EscapeOutput 191 193 echo wp_dropdown_pages( 192 194 array( … … 298 300 } 299 301 300 /** 301 * Filter here to edit the HTML output. 302 * 303 * @since 8.0.0 304 * 305 * @param string $html The HTML output. 306 * @param int $field_id The field ID. 307 * @param array $r The edit field HTML elements data. 308 * @param int $checkbox_acceptance The field value. 309 */ 310 echo apply_filters( 'bp_get_the_profile_field_checkbox_acceptance', $html, $field_id, $checkbox_acceptance ); 302 // phpcs:ignore WordPress.Security.EscapeOutput 303 echo apply_filters( 304 /** 305 * Filter here to edit the HTML output. 306 * 307 * @since 8.0.0 308 * 309 * @param string $html The HTML output. 310 * @param int $field_id The field ID. 311 * @param array $r The edit field HTML elements data. 312 * @param int $checkbox_acceptance The field value. 313 */ 314 'bp_get_the_profile_field_checkbox_acceptance', 315 $html, 316 $field_id, 317 $checkbox_acceptance 318 ); 311 319 } 312 320 -
trunk/src/bp-xprofile/classes/class-bp-xprofile-field-type-checkbox.php
r13394 r13806 177 177 } 178 178 179 printf( '<div id="%1$s" class="input-options checkbox-options">%2$s</div>', 179 printf( 180 '<div id="%1$s" class="input-options checkbox-options">%2$s</div>', 180 181 esc_attr( 'field_' . $this->field_obj->id ), 182 // phpcs:ignore WordPress.Security.EscapeOutput 181 183 $html 182 184 ); -
trunk/src/bp-xprofile/classes/class-bp-xprofile-field-type-datebox.php
r13394 r13806 118 118 esc_html_e( 'Day', 'buddypress' ); 119 119 ?></label> 120 <select <?php echo $this->get_edit_field_html_elements( $day_r ); ?>>120 <select <?php $this->output_edit_field_html_elements( $day_r ); ?>> 121 121 <?php bp_the_profile_field_options( array( 122 122 'type' => 'day', … … 128 128 esc_html_e( 'Month', 'buddypress' ); 129 129 ?></label> 130 <select <?php echo $this->get_edit_field_html_elements( $month_r ); ?>>130 <select <?php $this->output_edit_field_html_elements( $month_r ); ?>> 131 131 <?php bp_the_profile_field_options( array( 132 132 'type' => 'month', … … 138 138 esc_html_e( 'Year', 'buddypress' ); 139 139 ?></label> 140 <select <?php echo $this->get_edit_field_html_elements( $year_r ); ?>>140 <select <?php $this->output_edit_field_html_elements( $year_r ); ?>> 141 141 <?php bp_the_profile_field_options( array( 142 142 'type' => 'year', … … 216 216 switch ( $args['type'] ) { 217 217 case 'day': 218 $html = sprintf( '<option value="" %1$s>%2$s</option>', selected( $day, 0, false ), /* translators: no option picked in select box */ __( '----', 'buddypress' ) );218 $html = sprintf( '<option value="" %1$s>%2$s</option>', selected( $day, 0, false ), /* translators: no option picked in select box */ esc_html__( '----', 'buddypress' ) ); 219 219 220 220 for ( $i = 1; $i < 32; ++$i ) { … … 225 225 case 'month': 226 226 $months = array( 227 __( 'January', 'buddypress' ),228 __( 'February', 'buddypress' ),229 __( 'March', 'buddypress' ),230 __( 'April', 'buddypress' ),231 __( 'May', 'buddypress' ),232 __( 'June', 'buddypress' ),233 __( 'July', 'buddypress' ),234 __( 'August', 'buddypress' ),235 __( 'September', 'buddypress' ),236 __( 'October', 'buddypress' ),237 __( 'November', 'buddypress' ),238 __( 'December', 'buddypress' ),227 esc_html__( 'January', 'buddypress' ), 228 esc_html__( 'February', 'buddypress' ), 229 esc_html__( 'March', 'buddypress' ), 230 esc_html__( 'April', 'buddypress' ), 231 esc_html__( 'May', 'buddypress' ), 232 esc_html__( 'June', 'buddypress' ), 233 esc_html__( 'July', 'buddypress' ), 234 esc_html__( 'August', 'buddypress' ), 235 esc_html__( 'September', 'buddypress' ), 236 esc_html__( 'October', 'buddypress' ), 237 esc_html__( 'November', 'buddypress' ), 238 esc_html__( 'December', 'buddypress' ), 239 239 ); 240 240 241 $html = sprintf( '<option value="" %1$s>%2$s</option>', selected( $month, 0, false ), /* translators: no option picked in select box */ __( '----', 'buddypress' ) );241 $html = sprintf( '<option value="" %1$s>%2$s</option>', selected( $month, 0, false ), /* translators: no option picked in select box */ esc_html__( '----', 'buddypress' ) ); 242 242 243 243 for ( $i = 0; $i < 12; ++$i ) { … … 247 247 248 248 case 'year': 249 $html = sprintf( '<option value="" %1$s>%2$s</option>', selected( $year, 0, false ), /* translators: no option picked in select box */ __( '----', 'buddypress' ) );249 $html = sprintf( '<option value="" %1$s>%2$s</option>', selected( $year, 0, false ), /* translators: no option picked in select box */ esc_html__( '----', 'buddypress' ) ); 250 250 251 251 $settings = $this->get_field_settings( $this->field_obj->id ); … … 265 265 } 266 266 267 /** 268 * Filters the output for the profile field datebox. 269 * 270 * @since 1.1.0 271 * 272 * @param string $html HTML output for the field. 273 * @param string $value Which date type is being rendered for. 274 * @param string $day Date formatted for the current day. 275 * @param string $month Date formatted for the current month. 276 * @param string $year Date formatted for the current year. 277 * @param int $id ID of the field object being rendered. 278 * @param string $date Current date. 279 */ 280 echo apply_filters( 'bp_get_the_profile_field_datebox', $html, $args['type'], $day, $month, $year, $this->field_obj->id, $date ); 267 // phpcs:ignore WordPress.Security.EscapeOutput 268 echo apply_filters( 269 /** 270 * Filters the output for the profile field datebox. 271 * 272 * @since 1.1.0 273 * 274 * @param string $html HTML output for the field. 275 * @param string $value Which date type is being rendered for. 276 * @param string $day Date formatted for the current day. 277 * @param string $month Date formatted for the current month. 278 * @param string $year Date formatted for the current year. 279 * @param int $id ID of the field object being rendered. 280 * @param string $date Current date. 281 */ 282 'bp_get_the_profile_field_datebox', 283 $html, 284 $args['type'], 285 $day, 286 $month, 287 $year, 288 $this->field_obj->id, 289 $date 290 ); 281 291 } 282 292 … … 320 330 esc_html_e( 'Day', 'buddypress' ); 321 331 ?></label> 322 <select <?php echo $this->get_edit_field_html_elements( $day_r ); ?>>332 <select <?php $this->output_edit_field_html_elements( $day_r ); ?>> 323 333 <?php bp_the_profile_field_options( array( 'type' => 'day' ) ); ?> 324 334 </select> … … 327 337 esc_html_e( 'Month', 'buddypress' ); 328 338 ?></label> 329 <select <?php echo $this->get_edit_field_html_elements( $month_r ); ?>>339 <select <?php $this->output_edit_field_html_elements( $month_r ); ?>> 330 340 <?php bp_the_profile_field_options( array( 'type' => 'month' ) ); ?> 331 341 </select> … … 334 344 esc_html_e( 'Year', 'buddypress' ); 335 345 ?></label> 336 <select <?php echo $this->get_edit_field_html_elements( $year_r ); ?>>346 <select <?php $this->output_edit_field_html_elements( $year_r ); ?>> 337 347 <?php bp_the_profile_field_options( array( 'type' => 'year' ) ); ?> 338 348 </select> … … 490 500 <label for="date-format-<?php echo esc_attr( $format ); ?>"> 491 501 <input type="radio" name="field-settings[date_format]" id="date-format-<?php echo esc_attr( $format ); ?>" value="<?php echo esc_attr( $format ); ?>" <?php checked( $format, $settings['date_format'] ); ?> /> 492 <span class="date-format-label"><?php echo date_i18n( $format); ?></span>502 <span class="date-format-label"><?php echo esc_html( date_i18n( $format ) ); ?></span> 493 503 <code><?php echo esc_html( $format ); ?></code> 494 504 </label> … … 518 528 <input type="text" name="field-settings[date_format_custom]" id="date-format-custom-value" class="date-format-custom-value" value="<?php echo esc_attr( $settings['date_format_custom'] ); ?>" aria-describedby="date-format-custom-example" /> <span class="screen-reader-text"><?php esc_html_e( 'Example:', 'buddypress' ); ?></span><span class="date-format-custom-example" id="date-format-custom-sample"><?php if ( $settings['date_format_custom'] ) : ?><?php echo esc_html( date_i18n( $settings['date_format_custom'] ) ); endif; ?></span><span class="spinner" id="date-format-custom-spinner" aria-hidden="true"></span> 519 529 520 <p><a href="https:// codex.wordpress.org/Formatting_Date_and_Time"><?php esc_html_e( 'Documentation on date and time formatting', 'buddypress' ); ?></a></p>530 <p><a href="https://wordpress.org/documentation/article/customize-date-and-time-format/"><?php esc_html_e( 'Documentation on date and time formatting', 'buddypress' ); ?></a></p> 521 531 </div> 522 532 -
trunk/src/bp-xprofile/classes/class-bp-xprofile-field-type-multiselectbox.php
r13394 r13806 87 87 do_action( bp_get_the_profile_field_errors_action() ); ?> 88 88 89 <select <?php echo $this->get_edit_field_html_elements( $r ); ?> aria-labelledby="<?php bp_the_profile_field_input_name(); ?>-1" aria-describedby="<?php bp_the_profile_field_input_name(); ?>-3">89 <select <?php $this->output_edit_field_html_elements( $r ); ?> aria-labelledby="<?php bp_the_profile_field_input_name(); ?>-1" aria-describedby="<?php bp_the_profile_field_input_name(); ?>-3"> 90 90 <?php bp_the_profile_field_options( array( 91 91 'user_id' => $user_id, … … 105 105 106 106 $js_clear = sprintf( 'javascript:%1$s( \'%2$s[]\' );', $clear, esc_js( bp_get_the_profile_field_input_name() ) ); 107 108 // phpcs:disable WordPress.Security.EscapeOutput 107 109 ?> 108 110 … … 111 113 </a> 112 114 113 <?php endif; ?>114 <?php115 <?php endif; 116 // phpcs:enable 115 117 } 116 118 … … 182 184 } 183 185 186 // phpcs:ignore WordPress.Security.EscapeOutput 184 187 echo $html; 185 188 } … … 207 210 esc_html_e( 'Select', 'buddypress' ); 208 211 ?></label> 209 <select <?php echo $this->get_edit_field_html_elements( $r ); ?>>212 <select <?php $this->output_edit_field_html_elements( $r ); ?>> 210 213 <?php bp_the_profile_field_options(); ?> 211 214 </select> -
trunk/src/bp-xprofile/classes/class-bp-xprofile-field-type-number.php
r13372 r13806 79 79 do_action( bp_get_the_profile_field_errors_action() ); ?> 80 80 81 <input <?php echo $this->get_edit_field_html_elements( $r ); ?> aria-labelledby="<?php bp_the_profile_field_input_name(); ?>-1" aria-describedby="<?php bp_the_profile_field_input_name(); ?>-3">81 <input <?php $this->output_edit_field_html_elements( $r ); ?> aria-labelledby="<?php bp_the_profile_field_input_name(); ?>-1" aria-describedby="<?php bp_the_profile_field_input_name(); ?>-3"> 82 82 83 83 <?php if ( bp_get_the_profile_field_description() ) : ?> … … 110 110 esc_html_e( 'Number field', 'buddypress' ); 111 111 ?></label> 112 <input <?php echo $this->get_edit_field_html_elements( $r ); ?>>112 <input <?php $this->output_edit_field_html_elements( $r ); ?>> 113 113 <?php 114 114 } -
trunk/src/bp-xprofile/classes/class-bp-xprofile-field-type-radiobutton.php
r13392 r13806 89 89 90 90 $js_clear = sprintf( 'javascript:%1$s( \'%2$s\' );', $clear, esc_js( bp_get_the_profile_field_input_name() ) ); 91 92 // phpcs:disable WordPress.Security.EscapeOutput 91 93 ?> 92 94 … … 95 97 </a> 96 98 97 <?php endif; ?> 98 99 <?php 99 <?php endif; 100 // phpcs:enable 100 101 } 101 102 … … 162 163 } 163 164 164 printf( '<div id="%1$s" class="input-options radio-button-options">%2$s</div>', 165 printf( 166 '<div id="%1$s" class="input-options radio-button-options">%2$s</div>', 165 167 esc_attr( 'field_' . $this->field_obj->id ), 168 // phpcs:ignore WordPress.Security.EscapeOutput 166 169 $html 167 170 ); -
trunk/src/bp-xprofile/classes/class-bp-xprofile-field-type-selectbox.php
r13393 r13806 75 75 do_action( bp_get_the_profile_field_errors_action() ); ?> 76 76 77 <select <?php echo $this->get_edit_field_html_elements( $raw_properties ); ?> aria-labelledby="<?php bp_the_profile_field_input_name(); ?>-1" aria-describedby="<?php bp_the_profile_field_input_name(); ?>-3">77 <select <?php $this->output_edit_field_html_elements( $raw_properties ); ?> aria-labelledby="<?php bp_the_profile_field_input_name(); ?>-1" aria-describedby="<?php bp_the_profile_field_input_name(); ?>-3"> 78 78 <?php bp_the_profile_field_options( array( 'user_id' => $user_id ) ); ?> 79 79 </select> … … 153 153 } 154 154 155 // phpcs:ignore WordPress.Security.EscapeOutput 155 156 echo $html; 156 157 } … … 172 173 esc_html_e( 'Select', 'buddypress' ); 173 174 ?></label> 174 <select <?php echo $this->get_edit_field_html_elements( $raw_properties ); ?>>175 <select <?php $this->output_edit_field_html_elements( $raw_properties ); ?>> 175 176 <?php bp_the_profile_field_options(); ?> 176 177 </select> -
trunk/src/bp-xprofile/classes/class-bp-xprofile-field-type-telephone.php
r13372 r13806 80 80 do_action( bp_get_the_profile_field_errors_action() ); ?> 81 81 82 <input <?php echo $this->get_edit_field_html_elements( $r ); ?> aria-labelledby="<?php bp_the_profile_field_input_name(); ?>-1" aria-describedby="<?php bp_the_profile_field_input_name(); ?>-3">82 <input <?php $this->output_edit_field_html_elements( $r ); ?> aria-labelledby="<?php bp_the_profile_field_input_name(); ?>-1" aria-describedby="<?php bp_the_profile_field_input_name(); ?>-3"> 83 83 84 84 <?php if ( bp_get_the_profile_field_description() ) : ?> … … 111 111 esc_html_e( 'Phone Number', 'buddypress' ); 112 112 ?></label> 113 <input <?php echo $this->get_edit_field_html_elements( $r ); ?>>113 <input <?php $this->output_edit_field_html_elements( $r ); ?>> 114 114 115 115 <?php -
trunk/src/bp-xprofile/classes/class-bp-xprofile-field-type-textarea.php
r13372 r13806 83 83 ?> 84 84 85 <textarea <?php echo $this->get_edit_field_html_elements( $r ); ?> aria-labelledby="<?php bp_the_profile_field_input_name(); ?>-1" aria-describedby="<?php bp_the_profile_field_input_name(); ?>-3"><?php bp_the_profile_field_edit_value(); ?></textarea>85 <textarea <?php $this->output_edit_field_html_elements( $r ); ?> aria-labelledby="<?php bp_the_profile_field_input_name(); ?>-1" aria-describedby="<?php bp_the_profile_field_input_name(); ?>-3"><?php bp_the_profile_field_edit_value(); ?></textarea> 86 86 87 87 <?php … … 148 148 ?> 149 149 150 <textarea <?php echo $this->get_edit_field_html_elements( $r ); ?>></textarea>150 <textarea <?php $this->output_edit_field_html_elements( $r ); ?>></textarea> 151 151 152 152 <?php -
trunk/src/bp-xprofile/classes/class-bp-xprofile-field-type-textbox.php
r13372 r13806 78 78 do_action( bp_get_the_profile_field_errors_action() ); ?> 79 79 80 <input <?php echo $this->get_edit_field_html_elements( $r ); ?> aria-labelledby="<?php bp_the_profile_field_input_name(); ?>-1" aria-describedby="<?php bp_the_profile_field_input_name(); ?>-3">80 <input <?php $this->output_edit_field_html_elements( $r ); ?> aria-labelledby="<?php bp_the_profile_field_input_name(); ?>-1" aria-describedby="<?php bp_the_profile_field_input_name(); ?>-3"> 81 81 82 82 <?php if ( bp_get_the_profile_field_description() ) : ?> … … 110 110 esc_html_e( 'Textbox', 'buddypress' ); 111 111 ?></label> 112 <input <?php echo $this->get_edit_field_html_elements( $r ); ?>>112 <input <?php $this->output_edit_field_html_elements( $r ); ?>> 113 113 114 114 <?php -
trunk/src/bp-xprofile/classes/class-bp-xprofile-field-type-url.php
r13372 r13806 90 90 do_action( bp_get_the_profile_field_errors_action() ); ?> 91 91 92 <input <?php echo $this->get_edit_field_html_elements( $r ); ?> aria-labelledby="<?php bp_the_profile_field_input_name(); ?>-1" aria-describedby="<?php bp_the_profile_field_input_name(); ?>-3">92 <input <?php $this->output_edit_field_html_elements( $r ); ?> aria-labelledby="<?php bp_the_profile_field_input_name(); ?>-1" aria-describedby="<?php bp_the_profile_field_input_name(); ?>-3"> 93 93 94 94 <?php if ( bp_get_the_profile_field_description() ) : ?> … … 123 123 esc_html_e( 'URL', 'buddypress' ); 124 124 ?></label> 125 <input <?php echo $this->get_edit_field_html_elements( $r ); ?>>125 <input <?php $this->output_edit_field_html_elements( $r ); ?>> 126 126 127 127 <?php -
trunk/src/bp-xprofile/classes/class-bp-xprofile-field-type-wordpress-biography.php
r13372 r13806 119 119 ) 120 120 ); 121 122 // phpcs:disable WordPress.Security.EscapeOutput 121 123 ?> 122 124 123 <textarea <?php echo $this->get_edit_field_html_elements( $r ); ?>><?php125 <textarea <?php $this->output_edit_field_html_elements( $r ); ?>><?php 124 126 echo $this->sanitize_for_output( bp_get_user_meta( $user_id, $this->wp_user_key, true ), $user_id ); 125 127 ?></textarea> 126 128 127 129 <?php 130 // phpcs:enable 128 131 } 129 132 … … 147 150 ?> 148 151 149 <textarea <?php echo $this->get_edit_field_html_elements( $r ); ?>></textarea>152 <textarea <?php $this->output_edit_field_html_elements( $r ); ?>></textarea> 150 153 151 154 <?php -
trunk/src/bp-xprofile/classes/class-bp-xprofile-field-type-wordpress-textbox.php
r13372 r13806 180 180 do_action( bp_get_the_profile_field_errors_action() ); ?> 181 181 182 <input <?php echo $this->get_edit_field_html_elements( $r ); ?> aria-labelledby="<?php bp_the_profile_field_input_name(); ?>-1" aria-describedby="<?php bp_the_profile_field_input_name(); ?>-3">182 <input <?php $this->output_edit_field_html_elements( $r ); ?> aria-labelledby="<?php bp_the_profile_field_input_name(); ?>-1" aria-describedby="<?php bp_the_profile_field_input_name(); ?>-3"> 183 183 184 184 <?php if ( bp_get_the_profile_field_description() ) : ?> … … 211 211 esc_html_e( 'WordPress field', 'buddypress' ); 212 212 ?></label> 213 <input <?php echo $this->get_edit_field_html_elements( $r ); ?>>213 <input <?php $this->output_edit_field_html_elements( $r ); ?>> 214 214 215 215 <?php -
trunk/src/bp-xprofile/classes/class-bp-xprofile-field-type.php
r13399 r13806 431 431 <label for="<?php echo esc_attr( "{$type}_option{$default_name}" ); ?>"> 432 432 <input type="<?php echo esc_attr( $control_type ); ?>" id="<?php echo esc_attr( "{$type}_option{$default_name}" ); ?>" name="<?php echo esc_attr( "isDefault_{$type}_option{$default_name}" ); ?>" <?php checked( $options[ $i ]->is_default_option, true ); ?> value="<?php echo esc_attr( $j ); ?>" /> 433 <?php _e( 'Default Value', 'buddypress' ); ?>433 <?php esc_html_e( 'Default Value', 'buddypress' ); ?> 434 434 </label> 435 435 … … 566 566 return bp_get_form_field_attributes( sanitize_key( bp_get_the_profile_field_name() ), $r ); 567 567 } 568 569 /** 570 * Output a sanitized and escaped string of the edit field's HTML elements and attributes. 571 * 572 * @since 12.4.1 573 * 574 * @param array $properties Optional key/value array of attributes for this edit field. 575 */ 576 protected function output_edit_field_html_elements( array $properties = array() ) { 577 // Escaping is done in `bp_get_form_field_attributes()`. 578 // phpcs:ignore WordPress.Security.EscapeOutput 579 echo $this->get_edit_field_html_elements( $properties ); 580 } 568 581 } -
trunk/src/bp-xprofile/classes/class-bp-xprofile-field.php
r13792 r13806 1601 1601 1602 1602 <div id="field-type-member-types" class="postbox"> 1603 <h2><?php _e( 'Member Types', 'buddypress' ); ?></h2>1603 <h2><?php esc_html_e( 'Member Types', 'buddypress' ); ?></h2> 1604 1604 <div class="inside"> 1605 <p class="description"><?php _e( 'This field should be available to:', 'buddypress' ); ?></p>1605 <p class="description"><?php esc_html_e( 'This field should be available to:', 'buddypress' ); ?></p> 1606 1606 1607 1607 <ul> 1608 1608 <?php foreach ( $member_types as $member_type ) : ?> 1609 1609 <li> 1610 <label for="member-type-<?php echo $member_type->labels['name']; ?>">1611 <input name="member-types[]" id="member-type-<?php echo $member_type->labels['name']; ?>" class="member-type-selector" type="checkbox" value="<?php echo $member_type->name; ?>" <?php checked( in_array( $member_type->name, $field_member_types ) ); ?>/>1612 <?php echo $member_type->labels['name']; ?>1610 <label for="member-type-<?php echo esc_attr( $member_type->labels['name'] ); ?>"> 1611 <input name="member-types[]" id="member-type-<?php echo esc_attr( $member_type->labels['name'] ); ?>" class="member-type-selector" type="checkbox" value="<?php echo esc_attr( $member_type->name ); ?>" <?php checked( in_array( $member_type->name, $field_member_types ) ); ?>/> 1612 <?php echo esc_html( $member_type->labels['name'] ); ?> 1613 1613 </label> 1614 1614 </li> … … 1618 1618 <label for="member-type-none"> 1619 1619 <input name="member-types[]" id="member-type-none" class="member-type-selector" type="checkbox" value="null" <?php checked( in_array( 'null', $field_member_types ) ); ?>/> 1620 <?php _e( 'Users with no member type', 'buddypress' ); ?>1620 <?php esc_html_e( 'Users with no member type', 'buddypress' ); ?> 1621 1621 </label> 1622 1622 </li> 1623 1623 1624 1624 </ul> 1625 <p class="description member-type-none-notice<?php if ( ! empty( $field_member_types ) ) : ?> hide<?php endif; ?>"><?php _e( 'Unavailable to all members.', 'buddypress' ) ?></p>1625 <p class="description member-type-none-notice<?php if ( ! empty( $field_member_types ) ) : ?> hide<?php endif; ?>"><?php esc_html_e( 'Unavailable to all members.', 'buddypress' ) ?></p> 1626 1626 </div> 1627 1627 -
trunk/src/bp-xprofile/classes/class-bp-xprofile-user-admin.php
r13756 r13806 326 326 <?php 327 327 printf( 328 __( 'This field can be seen by: %s', 'buddypress' ),329 '<span class="current-visibility-level">' . bp_get_the_profile_field_visibility_level_label() . '</span>'328 esc_html__( 'This field can be seen by: %s', 'buddypress' ), 329 '<span class="current-visibility-level">' . esc_html( bp_get_the_profile_field_visibility_level_label() ) . '</span>' 330 330 ); 331 331 ?> … … 343 343 <div class="field-visibility-settings" id="field-visibility-settings-<?php bp_the_profile_field_id() ?>"> 344 344 <fieldset> 345 <legend><?php _e( 'Who can see this field?', 'buddypress' ); ?></legend>345 <legend><?php esc_html_e( 'Who can see this field?', 'buddypress' ); ?></legend> 346 346 347 347 <?php bp_profile_visibility_radio_buttons(); ?> … … 379 379 public function user_admin_spammer_metabox( $user = null ) { 380 380 ?> 381 <p><?php printf( __( '%s has been marked as a spammer. All BuddyPress data associated with the user has been removed', 'buddypress' ), esc_html( bp_core_get_user_displayname( $user->ID ) ) ) ;?></p>381 <p><?php printf( esc_html__( '%s has been marked as a spammer. All BuddyPress data associated with the user has been removed', 'buddypress' ), esc_html( bp_core_get_user_displayname( $user->ID ) ) ) ;?></p> 382 382 <?php 383 383 }
Note: See TracChangeset
for help on using the changeset viewer.