Changeset 13810
- Timestamp:
- 04/27/2024 01:40:03 AM (4 months ago)
- Location:
- trunk/src/bp-messages
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/bp-messages/bp-messages-star.php
r13743 r13810 63 63 */ 64 64 function bp_the_message_star_action_link( $args = array() ) { 65 // phpcs:ignore WordPress.Security.EscapeOutput 65 66 echo bp_get_the_message_star_action_link( $args ); 66 67 } … … 330 331 ?> 331 332 332 <option value="star"><?php _e( 'Add star', 'buddypress' ); ?></option>333 <option value="unstar"><?php _e( 'Remove star', 'buddypress' ); ?></option>333 <option value="star"><?php esc_html_e( 'Add star', 'buddypress' ); ?></option> 334 <option value="unstar"><?php esc_html_e( 'Remove star', 'buddypress' ); ?></option> 334 335 335 336 <?php -
trunk/src/bp-messages/bp-messages-template.php
r13743 r13810 131 131 */ 132 132 function bp_message_thread_id() { 133 echo bp_get_message_thread_id();133 echo intval( bp_get_message_thread_id() ); 134 134 } 135 135 /** … … 157 157 */ 158 158 function bp_message_thread_subject() { 159 // Escaping is made in `bp-messages/bp-messages-filters.php`. 160 // phpcs:ignore WordPress.Security.EscapeOutput 159 161 echo bp_get_message_thread_subject(); 160 162 } … … 183 185 */ 184 186 function bp_message_thread_excerpt() { 187 // Escaping is made in `bp-messages/bp-messages-filters.php`. 188 // phpcs:ignore WordPress.Security.EscapeOutput 185 189 echo bp_get_message_thread_excerpt(); 186 190 } … … 217 221 */ 218 222 function bp_message_thread_content() { 223 // Escaping is made in `bp-messages/bp-messages-filters.php`. 224 // phpcs:ignore WordPress.Security.EscapeOutput 219 225 echo bp_get_message_thread_content(); 220 226 } … … 251 257 */ 252 258 function bp_message_thread_from() { 259 // Esaping is made in `bp_core_get_userlink()` && in `bp_core_get_user_displayname()`. 260 // phpcs:ignore WordPress.Security.EscapeOutput 253 261 echo bp_get_message_thread_from(); 254 262 } … … 277 285 */ 278 286 function bp_message_thread_to() { 287 // Esaping is made in `BP_Messages_Thread::get_recipient_links()`. 288 // phpcs:ignore WordPress.Security.EscapeOutput 279 289 echo bp_get_message_thread_to(); 280 290 } … … 310 320 */ 311 321 function bp_message_thread_view_link( $thread_id = 0, $user_id = null ) { 312 echo bp_get_message_thread_view_link( $thread_id, $user_id);322 echo esc_url( bp_get_message_thread_view_link( $thread_id, $user_id ) ); 313 323 } 314 324 /** … … 614 624 * @since 2.2.0 615 625 * 616 * @param int |bool$thread_id Optional. ID of the thread. Defaults to current thread ID.626 * @param int $thread_id Optional. ID of the thread. Defaults to current thread ID. 617 627 */ 618 628 function bp_message_thread_total_count( $thread_id = false ) { 619 echo bp_get_message_thread_total_count( $thread_id);629 echo intval( bp_get_message_thread_total_count( $thread_id ) ); 620 630 } 621 631 /** … … 662 672 */ 663 673 function bp_message_thread_total_and_unread_count( $thread_id = false ) { 674 // phpcs:ignore WordPress.Security.EscapeOutput 664 675 echo bp_get_message_thread_total_and_unread_count( $thread_id ); 665 676 } … … 681 692 /* translators: 1: total number, 2: accessibility text: number of unread messages */ 682 693 '<span class="thread-count">(%1$s)</span> <span class="bp-screen-reader-text">%2$s</span>', 683 number_format_i18n( $total),694 esc_html( number_format_i18n( $total ) ), 684 695 /* translators: %d: number of unread messages */ 685 sprintf( _n( '%d unread', '%d unread', $unread, 'buddypress' ), number_format_i18n( $unread) )696 esc_html( sprintf( _n( '%d unread', '%d unread', $unread, 'buddypress' ), number_format_i18n( $unread ) ) ) 686 697 ); 687 698 } … … 691 702 */ 692 703 function bp_message_thread_last_post_date_raw() { 693 echo bp_get_message_thread_last_post_date_raw();704 echo esc_html( bp_get_message_thread_last_post_date_raw() ); 694 705 } 695 706 /** … … 717 728 */ 718 729 function bp_message_thread_last_post_date() { 719 echo bp_get_message_thread_last_post_date();730 echo esc_html( bp_get_message_thread_last_post_date() ); 720 731 } 721 732 /** … … 744 755 */ 745 756 function bp_message_thread_avatar( $args = '' ) { 757 // phpcs:ignore WordPress.Security.EscapeOutput 746 758 echo bp_get_message_thread_avatar( $args ); 747 759 } … … 796 808 * @param array $r Array of parsed arguments. 797 809 */ 798 return apply_filters( 'bp_get_message_thread_avatar', bp_core_fetch_avatar( array( 799 'item_id' => $messages_template->thread->last_sender_id, 800 'type' => $r['type'], 801 'alt' => $r['alt'], 802 'css_id' => $r['id'], 803 'class' => $r['class'], 804 'width' => $r['width'], 805 'height' => $r['height'], 806 ) ), $r ); 810 return apply_filters( 811 'bp_get_message_thread_avatar', 812 bp_core_fetch_avatar( 813 array( 814 'item_id' => $messages_template->thread->last_sender_id, 815 'type' => $r['type'], 816 'alt' => $r['alt'], 817 'css_id' => $r['id'], 818 'class' => $r['class'], 819 'width' => $r['width'], 820 'height' => $r['height'], 821 ) 822 ), 823 $r 824 ); 807 825 } 808 826 … … 815 833 */ 816 834 function bp_total_unread_messages_count( $user_id = 0 ) { 817 echo bp_get_total_unread_messages_count( $user_id);835 echo intval( bp_get_total_unread_messages_count( $user_id ) ); 818 836 } 819 837 /** … … 843 861 */ 844 862 function bp_messages_pagination() { 863 // Escaping is done in WordPress's `paginate_links()` function. 864 // phpcs:ignore WordPress.Security.EscapeOutput 845 865 echo bp_get_messages_pagination(); 846 866 } … … 904 924 $search_value = ( $search_submitted !== $default_search_value ) ? ' value="' . esc_attr( $search_submitted ) . '"' : ''; 905 925 926 // phpcs:disable WordPress.Security.EscapeOutput 927 906 928 // Start the output buffer, so form can be filtered. 907 ob_start(); ?> 929 ob_start(); 930 ?> 908 931 909 932 <form action="" method="get" id="search-message-form"> … … 929 952 */ 930 953 echo apply_filters( 'bp_message_search_form', $search_form_html ); 954 // phpcs:enable 931 955 } 932 956 … … 1063 1087 <label for="message-type-select" class="bp-screen-reader-text"><?php 1064 1088 /* translators: accessibility text */ 1065 _e( 'Select:', 'buddypress' );1089 esc_html_e( 'Select:', 'buddypress' ); 1066 1090 ?></label> 1067 1091 <select name="message-type-select" id="message-type-select"> 1068 <option value=""><?php _e( 'Select', 'buddypress' ); ?></option>1069 <option value="read"><?php _ex('Read', 'Message dropdown filter', 'buddypress') ?></option>1070 <option value="unread"><?php _ex('Unread', 'Message dropdown filter', 'buddypress') ?></option>1071 <option value="all"><?php _ex('All', 'Message dropdown filter', 'buddypress') ?></option>1092 <option value=""><?php esc_html_e( 'Select', 'buddypress' ); ?></option> 1093 <option value="read"><?php echo esc_html_x('Read', 'Message dropdown filter', 'buddypress') ?></option> 1094 <option value="unread"><?php echo esc_html_x('Unread', 'Message dropdown filter', 'buddypress') ?></option> 1095 <option value="all"><?php echo esc_html_x('All', 'Message dropdown filter', 'buddypress') ?></option> 1072 1096 </select> 1073 1097 1074 1098 <?php if ( ! bp_is_current_action( 'sentbox' ) && ! bp_is_current_action( 'notices' ) ) : ?> 1075 1099 1076 <a href="#" id="mark_as_read"><?php _ex('Mark as Read', 'Message management markup', 'buddypress') ?></a> 1077 <a href="#" id="mark_as_unread"><?php _ex('Mark as Unread', 'Message management markup', 'buddypress') ?></a> 1100 <a href="#" id="mark_as_read"><?php echo esc_html_x('Mark as Read', 'Message management markup', 'buddypress') ?></a> 1101 <a href="#" id="mark_as_unread"><?php echo esc_html_x('Mark as Unread', 'Message management markup', 'buddypress') ?></a> 1078 1102 1079 1103 <?php wp_nonce_field( 'bp_messages_mark_messages_read', 'mark-messages-read-nonce', false ); ?> … … 1082 1106 <?php endif; ?> 1083 1107 1084 <a href="#" id="delete_<?php echo bp_current_action(); ?>_messages"><?php_e( 'Delete Selected', 'buddypress' ); ?></a> 1108 <a href="#" id="delete_<?php echo esc_attr( bp_current_action() ); ?>_messages"><?php esc_html_e( 'Delete Selected', 'buddypress' ); ?></a> 1085 1109 <?php wp_nonce_field( 'bp_messages_delete_selected', 'delete-selected-nonce', false ); ?> 1086 1110 <?php … … 1095 1119 ?> 1096 1120 <label class="bp-screen-reader-text" for="messages-select"><?php 1097 _e( 'Select Bulk Action', 'buddypress' );1121 esc_html_e( 'Select Bulk Action', 'buddypress' ); 1098 1122 ?></label> 1099 1123 <select name="messages_bulk_action" id="messages-select"> 1100 <option value="" selected="selected"><?php _e( 'Bulk Actions', 'buddypress' ); ?></option>1101 <option value="read"><?php _e( 'Mark read', 'buddypress' ); ?></option>1102 <option value="unread"><?php _e( 'Mark unread', 'buddypress' ); ?></option>1103 <option value="delete"><?php _e( 'Delete', 'buddypress' ); ?></option>1124 <option value="" selected="selected"><?php esc_html_e( 'Bulk Actions', 'buddypress' ); ?></option> 1125 <option value="read"><?php esc_html_e( 'Mark read', 'buddypress' ); ?></option> 1126 <option value="unread"><?php esc_html_e( 'Mark unread', 'buddypress' ); ?></option> 1127 <option value="delete"><?php esc_html_e( 'Delete', 'buddypress' ); ?></option> 1104 1128 <?php 1105 1129 /** … … 1150 1174 */ 1151 1175 function bp_message_is_active_notice() { 1152 echo bp_get_message_is_active_notice();1176 echo esc_html( bp_get_message_is_active_notice() ); 1153 1177 } 1154 1178 /** … … 1175 1199 */ 1176 1200 function bp_message_notice_id() { 1177 echo bp_get_message_notice_id();1201 echo intval( bp_get_message_notice_id() ); 1178 1202 } 1179 1203 /** … … 1201 1225 */ 1202 1226 function bp_message_notice_post_date() { 1203 echo bp_get_message_notice_post_date();1227 echo esc_html( bp_get_message_notice_post_date() ); 1204 1228 } 1205 1229 /** … … 1231 1255 */ 1232 1256 function bp_message_notice_subject( $notice = null ) { 1257 // Escaping is made in `bp-messages/bp-messages-filters.php`. 1258 // phpcs:ignore WordPress.Security.EscapeOutput 1233 1259 echo bp_get_message_notice_subject( $notice ); 1234 1260 } … … 1268 1294 */ 1269 1295 function bp_message_notice_text( $notice = null ) { 1296 // Escaping is made in `bp-messages/bp-messages-filters.php`. 1297 // phpcs:ignore WordPress.Security.EscapeOutput 1270 1298 echo bp_get_message_notice_text( $notice ); 1271 1299 } … … 1435 1463 */ 1436 1464 function bp_messages_slug() { 1437 echo bp_get_messages_slug();1465 echo esc_url( bp_get_messages_slug() ); 1438 1466 } 1439 1467 /** … … 1477 1505 <div id="message" class="info notice" rel="n-<?php echo esc_attr( $notice->id ); ?>"> 1478 1506 <strong><?php bp_message_notice_subject( $notice ); ?></strong> 1479 <a href="<?php bp_message_notice_dismiss_link(); ?>" id="close-notice" class="bp-tooltip button" data-bp-tooltip="<?php esc_attr_e( 'Dismiss this notice', 'buddypress' ) ?>"><span class="bp-screen-reader-text"><?php _e( 'Dismiss this notice', 'buddypress' ) ?></span> <span aria-hidden="true">Χ</span></a>1507 <a href="<?php bp_message_notice_dismiss_link(); ?>" id="close-notice" class="bp-tooltip button" data-bp-tooltip="<?php esc_attr_e( 'Dismiss this notice', 'buddypress' ) ?>"><span class="bp-screen-reader-text"><?php esc_html_e( 'Dismiss this notice', 'buddypress' ) ?></span> <span aria-hidden="true">Χ</span></a> 1480 1508 <?php bp_message_notice_text( $notice ); ?> 1481 1509 <?php wp_nonce_field( 'bp_messages_close_notice', 'close-notice-nonce' ); ?> … … 1530 1558 */ 1531 1559 function bp_send_private_message_button() { 1560 // Escaping is done in `BP_Core_HTML_Element()`. 1561 // phpcs:ignore WordPress.Security.EscapeOutput 1532 1562 echo bp_get_send_message_button(); 1533 1563 } … … 1544 1574 */ 1545 1575 function bp_send_message_button( $args = '' ) { 1576 // Escaping is done in `BP_Core_HTML_Element()`. 1577 // phpcs:ignore WordPress.Security.EscapeOutput 1546 1578 echo bp_get_send_message_button( $args ); 1547 1579 } … … 1662 1694 1663 1695 <li id="un-<?php echo esc_attr( $recipient ); ?>" class="friend-tab"> 1664 <span><?php 1665 echo bp_core_fetch_avatar( array( 'item_id' => $user_id, 'type' => 'thumb', 'width' => 15, 'height' => 15 ) ); 1666 echo bp_core_get_userlink( $user_id ); 1667 ?></span> 1696 <span> 1697 <?php 1698 // phpcs:disable WordPress.Security.EscapeOutput 1699 echo bp_core_fetch_avatar( 1700 array( 1701 'item_id' => $user_id, 1702 'type' => 'thumb', 1703 'width' => 15, 1704 'height' => 15 1705 ) 1706 ); 1707 1708 echo bp_core_get_userlink( $user_id ); 1709 // phpcs:enable 1710 ?> 1711 </span> 1668 1712 </li> 1669 1713 … … 1825 1869 */ 1826 1870 function bp_the_thread_subject() { 1871 // Escaping is made in `bp-messages/bp-messages-filters.php`. 1872 // phpcs:ignore WordPress.Security.EscapeOutput 1827 1873 echo bp_get_the_thread_subject(); 1828 1874 } … … 1920 1966 */ 1921 1967 function bp_the_thread_recipients_list() { 1968 // phpcs:ignore WordPress.Security.EscapeOutput 1922 1969 echo bp_get_thread_recipients_list(); 1923 1970 } … … 1941 1988 1942 1989 if ( empty( $recipient_link ) ) { 1943 $recipient_link = __( 'Deleted User', 'buddypress' );1990 $recipient_link = esc_html__( 'Deleted User', 'buddypress' ); 1944 1991 } 1945 1992 1946 1993 $recipient_links[] = $recipient_link; 1947 1994 } else { 1948 $recipient_links[] = __( 'you', 'buddypress' );1995 $recipient_links[] = esc_html__( 'you', 'buddypress' ); 1949 1996 } 1950 1997 } … … 1969 2016 */ 1970 2017 function bp_the_thread_message_id() { 1971 echo bp_get_the_thread_message_id();2018 echo intval( bp_get_the_thread_message_id() ); 1972 2019 } 1973 2020 /** … … 2079 2126 */ 2080 2127 function bp_the_thread_message_sender_id() { 2081 echo bp_get_the_thread_message_sender_id();2128 echo intval( bp_get_the_thread_message_sender_id() ); 2082 2129 } 2083 2130 /** … … 2114 2161 */ 2115 2162 function bp_the_thread_message_sender_avatar( $args = '' ) { 2163 // phpcs:ignore WordPress.Security.EscapeOutput 2116 2164 echo bp_get_the_thread_message_sender_avatar_thumb( $args ); 2117 2165 } … … 2151 2199 * @param array $r Array of parsed arguments. 2152 2200 */ 2153 return apply_filters( 'bp_get_the_thread_message_sender_avatar_thumb', bp_core_fetch_avatar( array( 2154 'item_id' => $thread_template->message->sender_id, 2155 'type' => $r['type'], 2156 'width' => $r['width'], 2157 'height' => $r['height'], 2158 'alt' => bp_core_get_user_displayname( $thread_template->message->sender_id ) 2159 ) ), $r ); 2201 return apply_filters( 2202 'bp_get_the_thread_message_sender_avatar_thumb', 2203 bp_core_fetch_avatar( 2204 array( 2205 'item_id' => $thread_template->message->sender_id, 2206 'type' => $r['type'], 2207 'width' => $r['width'], 2208 'height' => $r['height'], 2209 'alt' => bp_core_get_user_displayname( $thread_template->message->sender_id ) 2210 ) 2211 ), 2212 $r 2213 ); 2160 2214 } 2161 2215 … … 2290 2344 */ 2291 2345 function bp_the_thread_message_time_since() { 2292 echo bp_get_the_thread_message_time_since();2346 echo esc_html( bp_get_the_thread_message_time_since() ); 2293 2347 } 2294 2348 /** … … 2324 2378 */ 2325 2379 function bp_the_thread_message_date_sent() { 2326 echo bp_get_the_thread_message_date_sent();2380 echo esc_html( bp_get_the_thread_message_date_sent() ); 2327 2381 } 2328 2382 /** … … 2354 2408 */ 2355 2409 function bp_the_thread_message_content() { 2410 // Escaping is made in `bp-messages/bp-messages-filters.php`. 2411 // phpcs:ignore WordPress.Security.EscapeOutput 2356 2412 echo bp_get_the_thread_message_content(); 2357 2413 } -
trunk/src/bp-messages/bp-messages-widgets.php
r13481 r13810 12 12 defined( 'ABSPATH' ) || exit; 13 13 14 _deprecated_file( basename( __FILE__ ), '12.0.0', '', __( 'BuddyPress does not include Legacy Widgets anymore, you can restore it using the BP Classic plugin', 'buddypress' ) );14 _deprecated_file( basename( __FILE__ ), '12.0.0', '', esc_html__( 'BuddyPress does not include Legacy Widgets anymore, you can restore it using the BP Classic plugin', 'buddypress' ) ); -
trunk/src/bp-messages/classes/class-bp-messages-notices-list-table.php
r13096 r13810 95 95 */ 96 96 public function single_row( $item ) { 97 $class = '';98 97 99 98 if ( ! empty( $item->is_active ) ) { 100 $class = ' class="notice-active"'; 99 echo '<tr class="notice-active">'; 100 } else { 101 echo '<tr>'; 101 102 } 102 103 103 echo "<tr{$class}>";104 104 $this->single_row_columns( $item ); 105 105 echo '</tr>'; … … 146 146 } 147 147 148 echo '<strong>' . apply_filters( 'bp_get_message_notice_subject', $item->subject ) . '</strong> ' . $this->row_actions( $actions ); 148 echo '<strong>' . esc_html( apply_filters( 'bp_get_message_notice_subject', $item->subject ) ) . '</strong> '; 149 150 // BuddyPress relies on WordPress's `WP_List_Table::row_actions()`. 151 // phpcs:ignore WordPress.Security.EscapeOutput 152 echo $this->row_actions( $actions ); 149 153 } 150 154 … … 157 161 */ 158 162 public function column_message( $item ) { 163 // Escaping is made in `bp-messages/bp-messages-filters.php`. 164 // phpcs:ignore WordPress.Security.EscapeOutput 159 165 echo apply_filters( 'bp_get_message_notice_text', $item->message ); 160 166 } … … 168 174 */ 169 175 public function column_date_sent( $item ) { 170 echo apply_filters( 'bp_get_message_notice_post_date', bp_format_time( strtotime( $item->date_sent) ) );176 echo esc_html( apply_filters( 'bp_get_message_notice_post_date', bp_format_time( strtotime( $item->date_sent ) ) ) ); 171 177 } 172 178 } -
trunk/src/bp-messages/classes/class-bp-messages-sitewide-notices-widget.php
r13481 r13810 12 12 defined( 'ABSPATH' ) || exit; 13 13 14 _deprecated_file( basename( __FILE__ ), '12.0.0', '', __( 'BuddyPress does not include Legacy Widgets anymore, you can restore it using the BP Classic plugin', 'buddypress' ) );14 _deprecated_file( basename( __FILE__ ), '12.0.0', '', esc_html__( 'BuddyPress does not include Legacy Widgets anymore, you can restore it using the BP Classic plugin', 'buddypress' ) ); 15 15 16 16 /** -
trunk/src/bp-messages/classes/class-bp-messages-thread.php
r13499 r13810 1193 1193 if ( count( $recipients ) >= 5 ) { 1194 1194 /* translators: %s: number of message recipients */ 1195 return sprintf( __( '%s Recipients', 'buddypress' ), number_format_i18n( count( $recipients ) ) );1195 return sprintf( esc_html__( '%s Recipients', 'buddypress' ), number_format_i18n( count( $recipients ) ) ); 1196 1196 } 1197 1197 … … 1202 1202 1203 1203 if ( empty( $recipient_link ) ) { 1204 $recipient_link = __( 'Deleted User', 'buddypress' );1204 $recipient_link = esc_html__( 'Deleted User', 'buddypress' ); 1205 1205 } 1206 1206
Note: See TracChangeset
for help on using the changeset viewer.