Skip to:
Content

BuddyPress.org

Changeset 13810


Ignore:
Timestamp:
04/27/2024 01:40:03 AM (4 months ago)
Author:
imath
Message:

Messages component: improve PHP code standards using WPCS

See #7228 (trunk)

Location:
trunk/src/bp-messages
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-messages/bp-messages-star.php

    r13743 r13810  
    6363 */
    6464function bp_the_message_star_action_link( $args = array() ) {
     65    // phpcs:ignore WordPress.Security.EscapeOutput
    6566    echo bp_get_the_message_star_action_link( $args );
    6667}
     
    330331?>
    331332
    332     <option value="star"><?php _e( 'Add star', 'buddypress' ); ?></option>
    333     <option value="unstar"><?php _e( 'Remove star', 'buddypress' ); ?></option>
     333    <option value="star"><?php esc_html_e( 'Add star', 'buddypress' ); ?></option>
     334    <option value="unstar"><?php esc_html_e( 'Remove star', 'buddypress' ); ?></option>
    334335
    335336<?php
  • trunk/src/bp-messages/bp-messages-template.php

    r13743 r13810  
    131131 */
    132132function bp_message_thread_id() {
    133     echo bp_get_message_thread_id();
     133    echo intval( bp_get_message_thread_id() );
    134134}
    135135    /**
     
    157157 */
    158158function bp_message_thread_subject() {
     159    // Escaping is made in `bp-messages/bp-messages-filters.php`.
     160    // phpcs:ignore WordPress.Security.EscapeOutput
    159161    echo bp_get_message_thread_subject();
    160162}
     
    183185 */
    184186function bp_message_thread_excerpt() {
     187    // Escaping is made in `bp-messages/bp-messages-filters.php`.
     188    // phpcs:ignore WordPress.Security.EscapeOutput
    185189    echo bp_get_message_thread_excerpt();
    186190}
     
    217221 */
    218222function bp_message_thread_content() {
     223    // Escaping is made in `bp-messages/bp-messages-filters.php`.
     224    // phpcs:ignore WordPress.Security.EscapeOutput
    219225    echo bp_get_message_thread_content();
    220226}
     
    251257 */
    252258function bp_message_thread_from() {
     259    // Esaping is made in `bp_core_get_userlink()` && in `bp_core_get_user_displayname()`.
     260    // phpcs:ignore WordPress.Security.EscapeOutput
    253261    echo bp_get_message_thread_from();
    254262}
     
    277285 */
    278286function bp_message_thread_to() {
     287    // Esaping is made in `BP_Messages_Thread::get_recipient_links()`.
     288    // phpcs:ignore WordPress.Security.EscapeOutput
    279289    echo bp_get_message_thread_to();
    280290}
     
    310320 */
    311321function bp_message_thread_view_link( $thread_id = 0, $user_id = null ) {
    312     echo bp_get_message_thread_view_link( $thread_id, $user_id );
     322    echo esc_url( bp_get_message_thread_view_link( $thread_id, $user_id ) );
    313323}
    314324    /**
     
    614624 * @since 2.2.0
    615625 *
    616  * @param int|bool $thread_id Optional. ID of the thread. Defaults to current thread ID.
     626 * @param int $thread_id Optional. ID of the thread. Defaults to current thread ID.
    617627 */
    618628function bp_message_thread_total_count( $thread_id = false ) {
    619     echo bp_get_message_thread_total_count( $thread_id );
     629    echo intval( bp_get_message_thread_total_count( $thread_id ) );
    620630}
    621631    /**
     
    662672 */
    663673function bp_message_thread_total_and_unread_count( $thread_id = false ) {
     674    // phpcs:ignore WordPress.Security.EscapeOutput
    664675    echo bp_get_message_thread_total_and_unread_count( $thread_id );
    665676}
     
    681692            /* translators: 1: total number, 2: accessibility text: number of unread messages */
    682693            '<span class="thread-count">(%1$s)</span> <span class="bp-screen-reader-text">%2$s</span>',
    683             number_format_i18n( $total ),
     694            esc_html( number_format_i18n( $total ) ),
    684695            /* translators: %d: number of unread messages */
    685             sprintf( _n( '%d unread', '%d unread', $unread, 'buddypress' ), number_format_i18n( $unread ) )
     696            esc_html( sprintf( _n( '%d unread', '%d unread', $unread, 'buddypress' ), number_format_i18n( $unread ) ) )
    686697        );
    687698    }
     
    691702 */
    692703function bp_message_thread_last_post_date_raw() {
    693     echo bp_get_message_thread_last_post_date_raw();
     704    echo esc_html( bp_get_message_thread_last_post_date_raw() );
    694705}
    695706    /**
     
    717728 */
    718729function bp_message_thread_last_post_date() {
    719     echo bp_get_message_thread_last_post_date();
     730    echo esc_html( bp_get_message_thread_last_post_date() );
    720731}
    721732    /**
     
    744755 */
    745756function bp_message_thread_avatar( $args = '' ) {
     757    // phpcs:ignore WordPress.Security.EscapeOutput
    746758    echo bp_get_message_thread_avatar( $args );
    747759}
     
    796808         * @param array  $r     Array of parsed arguments.
    797809         */
    798         return apply_filters( 'bp_get_message_thread_avatar', bp_core_fetch_avatar( array(
    799             'item_id' => $messages_template->thread->last_sender_id,
    800             'type'    => $r['type'],
    801             'alt'     => $r['alt'],
    802             'css_id'  => $r['id'],
    803             'class'   => $r['class'],
    804             'width'   => $r['width'],
    805             'height'  => $r['height'],
    806         ) ), $r );
     810        return apply_filters(
     811            'bp_get_message_thread_avatar',
     812            bp_core_fetch_avatar(
     813                array(
     814                    'item_id' => $messages_template->thread->last_sender_id,
     815                    'type'    => $r['type'],
     816                    'alt'     => $r['alt'],
     817                    'css_id'  => $r['id'],
     818                    'class'   => $r['class'],
     819                    'width'   => $r['width'],
     820                    'height'  => $r['height'],
     821                )
     822            ),
     823            $r
     824        );
    807825    }
    808826
     
    815833 */
    816834function bp_total_unread_messages_count( $user_id = 0 ) {
    817     echo bp_get_total_unread_messages_count( $user_id );
     835    echo intval( bp_get_total_unread_messages_count( $user_id ) );
    818836}
    819837    /**
     
    843861 */
    844862function bp_messages_pagination() {
     863    // Escaping is done in WordPress's `paginate_links()` function.
     864    // phpcs:ignore WordPress.Security.EscapeOutput
    845865    echo bp_get_messages_pagination();
    846866}
     
    904924    $search_value         = ( $search_submitted !== $default_search_value ) ? ' value="'       .  esc_attr( $search_submitted ) . '"' : '';
    905925
     926    // phpcs:disable WordPress.Security.EscapeOutput
     927
    906928    // Start the output buffer, so form can be filtered.
    907     ob_start(); ?>
     929    ob_start();
     930    ?>
    908931
    909932    <form action="" method="get" id="search-message-form">
     
    929952     */
    930953    echo apply_filters( 'bp_message_search_form', $search_form_html );
     954    // phpcs:enable
    931955}
    932956
     
    10631087    <label for="message-type-select" class="bp-screen-reader-text"><?php
    10641088        /* translators: accessibility text */
    1065         _e( 'Select:', 'buddypress' );
     1089        esc_html_e( 'Select:', 'buddypress' );
    10661090    ?></label>
    10671091    <select name="message-type-select" id="message-type-select">
    1068         <option value=""><?php _e( 'Select', 'buddypress' ); ?></option>
    1069         <option value="read"><?php _ex('Read', 'Message dropdown filter', 'buddypress') ?></option>
    1070         <option value="unread"><?php _ex('Unread', 'Message dropdown filter', 'buddypress') ?></option>
    1071         <option value="all"><?php _ex('All', 'Message dropdown filter', 'buddypress') ?></option>
     1092        <option value=""><?php esc_html_e( 'Select', 'buddypress' ); ?></option>
     1093        <option value="read"><?php echo esc_html_x('Read', 'Message dropdown filter', 'buddypress') ?></option>
     1094        <option value="unread"><?php echo esc_html_x('Unread', 'Message dropdown filter', 'buddypress') ?></option>
     1095        <option value="all"><?php echo esc_html_x('All', 'Message dropdown filter', 'buddypress') ?></option>
    10721096    </select> &nbsp;
    10731097
    10741098    <?php if ( ! bp_is_current_action( 'sentbox' ) && ! bp_is_current_action( 'notices' ) ) : ?>
    10751099
    1076         <a href="#" id="mark_as_read"><?php _ex('Mark as Read', 'Message management markup', 'buddypress') ?></a> &nbsp;
    1077         <a href="#" id="mark_as_unread"><?php _ex('Mark as Unread', 'Message management markup', 'buddypress') ?></a> &nbsp;
     1100        <a href="#" id="mark_as_read"><?php echo esc_html_x('Mark as Read', 'Message management markup', 'buddypress') ?></a> &nbsp;
     1101        <a href="#" id="mark_as_unread"><?php echo esc_html_x('Mark as Unread', 'Message management markup', 'buddypress') ?></a> &nbsp;
    10781102
    10791103        <?php wp_nonce_field( 'bp_messages_mark_messages_read', 'mark-messages-read-nonce', false ); ?>
     
    10821106    <?php endif; ?>
    10831107
    1084     <a href="#" id="delete_<?php echo bp_current_action(); ?>_messages"><?php _e( 'Delete Selected', 'buddypress' ); ?></a> &nbsp;
     1108    <a href="#" id="delete_<?php echo esc_attr( bp_current_action() ); ?>_messages"><?php esc_html_e( 'Delete Selected', 'buddypress' ); ?></a> &nbsp;
    10851109    <?php wp_nonce_field( 'bp_messages_delete_selected', 'delete-selected-nonce', false ); ?>
    10861110<?php
     
    10951119    ?>
    10961120    <label class="bp-screen-reader-text" for="messages-select"><?php
    1097         _e( 'Select Bulk Action', 'buddypress' );
     1121        esc_html_e( 'Select Bulk Action', 'buddypress' );
    10981122    ?></label>
    10991123    <select name="messages_bulk_action" id="messages-select">
    1100         <option value="" selected="selected"><?php _e( 'Bulk Actions', 'buddypress' ); ?></option>
    1101         <option value="read"><?php _e( 'Mark read', 'buddypress' ); ?></option>
    1102         <option value="unread"><?php _e( 'Mark unread', 'buddypress' ); ?></option>
    1103         <option value="delete"><?php _e( 'Delete', 'buddypress' ); ?></option>
     1124        <option value="" selected="selected"><?php esc_html_e( 'Bulk Actions', 'buddypress' ); ?></option>
     1125        <option value="read"><?php esc_html_e( 'Mark read', 'buddypress' ); ?></option>
     1126        <option value="unread"><?php esc_html_e( 'Mark unread', 'buddypress' ); ?></option>
     1127        <option value="delete"><?php esc_html_e( 'Delete', 'buddypress' ); ?></option>
    11041128        <?php
    11051129            /**
     
    11501174 */
    11511175function bp_message_is_active_notice() {
    1152     echo bp_get_message_is_active_notice();
     1176    echo esc_html( bp_get_message_is_active_notice() );
    11531177}
    11541178    /**
     
    11751199 */
    11761200function bp_message_notice_id() {
    1177     echo bp_get_message_notice_id();
     1201    echo intval( bp_get_message_notice_id() );
    11781202}
    11791203    /**
     
    12011225 */
    12021226function bp_message_notice_post_date() {
    1203     echo bp_get_message_notice_post_date();
     1227    echo esc_html( bp_get_message_notice_post_date() );
    12041228}
    12051229    /**
     
    12311255 */
    12321256function bp_message_notice_subject( $notice = null ) {
     1257    // Escaping is made in `bp-messages/bp-messages-filters.php`.
     1258    // phpcs:ignore WordPress.Security.EscapeOutput
    12331259    echo bp_get_message_notice_subject( $notice );
    12341260}
     
    12681294 */
    12691295function bp_message_notice_text( $notice = null ) {
     1296    // Escaping is made in `bp-messages/bp-messages-filters.php`.
     1297    // phpcs:ignore WordPress.Security.EscapeOutput
    12701298    echo bp_get_message_notice_text( $notice );
    12711299}
     
    14351463 */
    14361464function bp_messages_slug() {
    1437     echo bp_get_messages_slug();
     1465    echo esc_url( bp_get_messages_slug() );
    14381466}
    14391467    /**
     
    14771505            <div id="message" class="info notice" rel="n-<?php echo esc_attr( $notice->id ); ?>">
    14781506                <strong><?php bp_message_notice_subject( $notice ); ?></strong>
    1479                 <a href="<?php bp_message_notice_dismiss_link(); ?>" id="close-notice" class="bp-tooltip button" data-bp-tooltip="<?php esc_attr_e( 'Dismiss this notice', 'buddypress' ) ?>"><span class="bp-screen-reader-text"><?php _e( 'Dismiss this notice', 'buddypress' ) ?></span> <span aria-hidden="true">&Chi;</span></a>
     1507                <a href="<?php bp_message_notice_dismiss_link(); ?>" id="close-notice" class="bp-tooltip button" data-bp-tooltip="<?php esc_attr_e( 'Dismiss this notice', 'buddypress' ) ?>"><span class="bp-screen-reader-text"><?php esc_html_e( 'Dismiss this notice', 'buddypress' ) ?></span> <span aria-hidden="true">&Chi;</span></a>
    14801508                <?php bp_message_notice_text( $notice ); ?>
    14811509                <?php wp_nonce_field( 'bp_messages_close_notice', 'close-notice-nonce' ); ?>
     
    15301558 */
    15311559function bp_send_private_message_button() {
     1560    // Escaping is done in `BP_Core_HTML_Element()`.
     1561    // phpcs:ignore WordPress.Security.EscapeOutput
    15321562    echo bp_get_send_message_button();
    15331563}
     
    15441574 */
    15451575function bp_send_message_button( $args = '' ) {
     1576    // Escaping is done in `BP_Core_HTML_Element()`.
     1577    // phpcs:ignore WordPress.Security.EscapeOutput
    15461578    echo bp_get_send_message_button( $args );
    15471579}
     
    16621694
    16631695            <li id="un-<?php echo esc_attr( $recipient ); ?>" class="friend-tab">
    1664                 <span><?php
    1665                     echo bp_core_fetch_avatar( array( 'item_id' => $user_id, 'type' => 'thumb', 'width' => 15, 'height' => 15 ) );
    1666                     echo bp_core_get_userlink( $user_id );
    1667                 ?></span>
     1696                <span>
     1697                    <?php
     1698                        // phpcs:disable WordPress.Security.EscapeOutput
     1699                        echo bp_core_fetch_avatar(
     1700                            array(
     1701                                'item_id' => $user_id,
     1702                                'type'    => 'thumb',
     1703                                'width'   => 15,
     1704                                'height'  => 15
     1705                            )
     1706                        );
     1707
     1708                        echo bp_core_get_userlink( $user_id );
     1709                        // phpcs:enable
     1710                    ?>
     1711                </span>
    16681712            </li>
    16691713
     
    18251869 */
    18261870function bp_the_thread_subject() {
     1871    // Escaping is made in `bp-messages/bp-messages-filters.php`.
     1872    // phpcs:ignore WordPress.Security.EscapeOutput
    18271873    echo bp_get_the_thread_subject();
    18281874}
     
    19201966 */
    19211967function bp_the_thread_recipients_list() {
     1968    // phpcs:ignore WordPress.Security.EscapeOutput
    19221969    echo bp_get_thread_recipients_list();
    19231970}
     
    19411988
    19421989                if ( empty( $recipient_link ) ) {
    1943                     $recipient_link = __( 'Deleted User', 'buddypress' );
     1990                    $recipient_link = esc_html__( 'Deleted User', 'buddypress' );
    19441991                }
    19451992
    19461993                $recipient_links[] = $recipient_link;
    19471994            } else {
    1948                 $recipient_links[] = __( 'you', 'buddypress' );
     1995                $recipient_links[] = esc_html__( 'you', 'buddypress' );
    19491996            }
    19501997        }
     
    19692016 */
    19702017function bp_the_thread_message_id() {
    1971     echo bp_get_the_thread_message_id();
     2018    echo intval( bp_get_the_thread_message_id() );
    19722019}
    19732020    /**
     
    20792126 */
    20802127function bp_the_thread_message_sender_id() {
    2081     echo bp_get_the_thread_message_sender_id();
     2128    echo intval( bp_get_the_thread_message_sender_id() );
    20822129}
    20832130    /**
     
    21142161 */
    21152162function bp_the_thread_message_sender_avatar( $args = '' ) {
     2163    // phpcs:ignore WordPress.Security.EscapeOutput
    21162164    echo bp_get_the_thread_message_sender_avatar_thumb( $args );
    21172165}
     
    21512199         * @param array  $r     Array of parsed arguments.
    21522200         */
    2153         return apply_filters( 'bp_get_the_thread_message_sender_avatar_thumb', bp_core_fetch_avatar( array(
    2154             'item_id' => $thread_template->message->sender_id,
    2155             'type'    => $r['type'],
    2156             'width'   => $r['width'],
    2157             'height'  => $r['height'],
    2158             'alt'     => bp_core_get_user_displayname( $thread_template->message->sender_id )
    2159         ) ), $r );
     2201        return apply_filters(
     2202            'bp_get_the_thread_message_sender_avatar_thumb',
     2203            bp_core_fetch_avatar(
     2204                array(
     2205                    'item_id' => $thread_template->message->sender_id,
     2206                    'type'    => $r['type'],
     2207                    'width'   => $r['width'],
     2208                    'height'  => $r['height'],
     2209                    'alt'     => bp_core_get_user_displayname( $thread_template->message->sender_id )
     2210                )
     2211            ),
     2212            $r
     2213        );
    21602214    }
    21612215
     
    22902344 */
    22912345function bp_the_thread_message_time_since() {
    2292     echo bp_get_the_thread_message_time_since();
     2346    echo esc_html( bp_get_the_thread_message_time_since() );
    22932347}
    22942348    /**
     
    23242378 */
    23252379function bp_the_thread_message_date_sent() {
    2326     echo bp_get_the_thread_message_date_sent();
     2380    echo esc_html( bp_get_the_thread_message_date_sent() );
    23272381}
    23282382    /**
     
    23542408 */
    23552409function bp_the_thread_message_content() {
     2410    // Escaping is made in `bp-messages/bp-messages-filters.php`.
     2411    // phpcs:ignore WordPress.Security.EscapeOutput
    23562412    echo bp_get_the_thread_message_content();
    23572413}
  • trunk/src/bp-messages/bp-messages-widgets.php

    r13481 r13810  
    1212defined( 'ABSPATH' ) || exit;
    1313
    14 _deprecated_file( basename( __FILE__ ), '12.0.0', '', __( 'BuddyPress does not include Legacy Widgets anymore, you can restore it using the BP Classic plugin', 'buddypress' ) );
     14_deprecated_file( basename( __FILE__ ), '12.0.0', '', esc_html__( 'BuddyPress does not include Legacy Widgets anymore, you can restore it using the BP Classic plugin', 'buddypress' ) );
  • trunk/src/bp-messages/classes/class-bp-messages-notices-list-table.php

    r13096 r13810  
    9595     */
    9696    public function single_row( $item ) {
    97         $class = '';
    9897
    9998        if ( ! empty( $item->is_active ) ) {
    100             $class = ' class="notice-active"';
     99            echo '<tr class="notice-active">';
     100        } else {
     101            echo '<tr>';
    101102        }
    102103
    103         echo "<tr{$class}>";
    104104        $this->single_row_columns( $item );
    105105        echo '</tr>';
     
    146146        }
    147147
    148         echo '<strong>' . apply_filters( 'bp_get_message_notice_subject', $item->subject ) . '</strong> ' . $this->row_actions( $actions );
     148        echo '<strong>' . esc_html( apply_filters( 'bp_get_message_notice_subject', $item->subject ) ) . '</strong> ';
     149
     150        // BuddyPress relies on WordPress's `WP_List_Table::row_actions()`.
     151        // phpcs:ignore WordPress.Security.EscapeOutput
     152        echo $this->row_actions( $actions );
    149153    }
    150154
     
    157161     */
    158162    public function column_message( $item ) {
     163        // Escaping is made in `bp-messages/bp-messages-filters.php`.
     164        // phpcs:ignore WordPress.Security.EscapeOutput
    159165        echo apply_filters( 'bp_get_message_notice_text', $item->message );
    160166    }
     
    168174     */
    169175    public function column_date_sent( $item ) {
    170         echo apply_filters( 'bp_get_message_notice_post_date', bp_format_time( strtotime( $item->date_sent ) ) );
     176        echo esc_html( apply_filters( 'bp_get_message_notice_post_date', bp_format_time( strtotime( $item->date_sent ) ) ) );
    171177    }
    172178}
  • trunk/src/bp-messages/classes/class-bp-messages-sitewide-notices-widget.php

    r13481 r13810  
    1212defined( 'ABSPATH' ) || exit;
    1313
    14 _deprecated_file( basename( __FILE__ ), '12.0.0', '', __( 'BuddyPress does not include Legacy Widgets anymore, you can restore it using the BP Classic plugin', 'buddypress' ) );
     14_deprecated_file( basename( __FILE__ ), '12.0.0', '', esc_html__( 'BuddyPress does not include Legacy Widgets anymore, you can restore it using the BP Classic plugin', 'buddypress' ) );
    1515
    1616/**
  • trunk/src/bp-messages/classes/class-bp-messages-thread.php

    r13499 r13810  
    11931193        if ( count( $recipients ) >= 5 ) {
    11941194            /* translators: %s: number of message recipients */
    1195             return sprintf( __( '%s Recipients', 'buddypress' ), number_format_i18n( count( $recipients ) ) );
     1195            return sprintf( esc_html__( '%s Recipients', 'buddypress' ), number_format_i18n( count( $recipients ) ) );
    11961196        }
    11971197
     
    12021202
    12031203            if ( empty( $recipient_link ) ) {
    1204                 $recipient_link = __( 'Deleted User', 'buddypress' );
     1204                $recipient_link = esc_html__( 'Deleted User', 'buddypress' );
    12051205            }
    12061206
Note: See TracChangeset for help on using the changeset viewer.