- Timestamp:
- 04/27/2024 01:40:03 AM (9 months ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/bp-messages/classes/class-bp-messages-notices-list-table.php
r13096 r13810 95 95 */ 96 96 public function single_row( $item ) { 97 $class = '';98 97 99 98 if ( ! empty( $item->is_active ) ) { 100 $class = ' class="notice-active"'; 99 echo '<tr class="notice-active">'; 100 } else { 101 echo '<tr>'; 101 102 } 102 103 103 echo "<tr{$class}>";104 104 $this->single_row_columns( $item ); 105 105 echo '</tr>'; … … 146 146 } 147 147 148 echo '<strong>' . apply_filters( 'bp_get_message_notice_subject', $item->subject ) . '</strong> ' . $this->row_actions( $actions ); 148 echo '<strong>' . esc_html( apply_filters( 'bp_get_message_notice_subject', $item->subject ) ) . '</strong> '; 149 150 // BuddyPress relies on WordPress's `WP_List_Table::row_actions()`. 151 // phpcs:ignore WordPress.Security.EscapeOutput 152 echo $this->row_actions( $actions ); 149 153 } 150 154 … … 157 161 */ 158 162 public function column_message( $item ) { 163 // Escaping is made in `bp-messages/bp-messages-filters.php`. 164 // phpcs:ignore WordPress.Security.EscapeOutput 159 165 echo apply_filters( 'bp_get_message_notice_text', $item->message ); 160 166 } … … 168 174 */ 169 175 public function column_date_sent( $item ) { 170 echo apply_filters( 'bp_get_message_notice_post_date', bp_format_time( strtotime( $item->date_sent) ) );176 echo esc_html( apply_filters( 'bp_get_message_notice_post_date', bp_format_time( strtotime( $item->date_sent ) ) ) ); 171 177 } 172 178 }
Note: See TracChangeset
for help on using the changeset viewer.