Changeset 13812 for trunk/src/bp-notifications/bp-notifications-template.php

Timestamp:

04/27/2024 09:27:26 AM (13 months ago)

Author:

imath

Message:

Notifications component: improve PHP code standards using WPCS

See #7228 (trunk)

File:

• trunk/src/bp-notifications/bp-notifications-template.php (modified) (27 diffs)

trunk/src/bp-notifications/bp-notifications-template.php

@@ -17 +17 @@
  */
 function bp_notifications_slug() {
-    echo bp_get_notifications_slug();
+    echo esc_url( bp_get_notifications_slug() );
 }
     /**
@@ -47 +47 @@
  */
 function bp_notifications_permalink( $user_id = 0 ) {
-    echo bp_get_notifications_permalink( $user_id );
+    echo esc_url( bp_get_notifications_permalink( $user_id ) );
 }
     /**
@@ -89 +89 @@
  */
 function bp_notifications_unread_permalink( $user_id = 0 ) {
-    echo bp_get_notifications_unread_permalink( $user_id );
+    echo esc_url( bp_get_notifications_unread_permalink( $user_id ) );
 }
     /**
@@ -130 +130 @@
  */
 function bp_notifications_read_permalink( $user_id = 0 ) {
-    echo bp_get_notifications_read_permalink( $user_id );
+    echo esc_url( bp_get_notifications_read_permalink( $user_id ) );
 }
     /**
@@ -294 +294 @@
  */
 function bp_the_notification_id() {
-    echo bp_get_the_notification_id();
+    echo intval( bp_get_the_notification_id() );
 }
     /**
@@ -321 +321 @@
  */
 function bp_the_notification_item_id() {
-    echo bp_get_the_notification_item_id();
+    echo intval( bp_get_the_notification_item_id() );
 }
     /**
@@ -348 +348 @@
  */
 function bp_the_notification_secondary_item_id() {
-    echo bp_get_the_notification_secondary_item_id();
+    echo intval( bp_get_the_notification_secondary_item_id() );
 }
     /**
@@ -375 +375 @@
  */
 function bp_the_notification_component_name() {
-    echo bp_get_the_notification_component_name();
+    echo esc_html( bp_get_the_notification_component_name() );
 }
     /**
@@ -402 +402 @@
  */
 function bp_the_notification_component_action() {
-    echo bp_get_the_notification_component_action();
+    echo esc_html( bp_get_the_notification_component_action() );
 }
     /**
@@ -409 +409 @@
      * @since 1.9.0
      *
-     * @return int Name of the action associated with the current notification.
+     * @return string Name of the action associated with the current notification.
      */
     function bp_get_the_notification_component_action() {
@@ -418 +418 @@
          * @since 1.9.0
          *
-         * @param int $component_action Name of the action associated with the current notification.
+         * @param string $component_action Name of the action associated with the current notification.
          */
         return apply_filters( 'bp_get_the_notification_component_action', buddypress()->notifications->query_loop->notification->component_action );
@@ -429 +429 @@
  */
 function bp_the_notification_date_notified() {
-    echo bp_get_the_notification_date_notified();
+    echo esc_html( bp_get_the_notification_date_notified() );
 }
     /**
@@ -456 +456 @@
  */
 function bp_the_notification_time_since() {
-    echo bp_get_the_notification_time_since();
+    echo esc_html( bp_get_the_notification_time_since() );
 }
     /**
@@ -495 +495 @@
  */
 function bp_the_notification_description() {
-    echo bp_get_the_notification_description();
+    echo wp_kses(
+        bp_get_the_notification_description(),
+        array(
+            'a' => array(
+                'href'  => true,
+                'class' => true,
+            ),
+        )
+    );
 }
     /**
@@ -544 +552 @@
  */
 function bp_the_notification_mark_read_link( $user_id = 0 ) {
+    // Escaping is made in `bp_get_the_notification_mark_read_link()`.
+    // phpcs:ignore WordPress.Security.EscapeOutput
     echo bp_get_the_notification_mark_read_link( $user_id );
 }
@@ -559 +569 @@
         $user_id = 0 === $user_id ? bp_displayed_user_id() : $user_id;
 
-        $retval = sprintf( '<a href="%1$s" class="mark-read primary">%2$s</a>', esc_url( bp_get_the_notification_mark_read_url( $user_id ) ), __( 'Read', 'buddypress' ) );
+        $retval = sprintf( '<a href="%1$s" class="mark-read primary">%2$s</a>', esc_url( bp_get_the_notification_mark_read_url( $user_id ) ), esc_html__( 'Read', 'buddypress' ) );
 
         /**
@@ -598 +608 @@
 
         // Get the notification ID.
-        $id   = bp_get_the_notification_id();
+        $id = bp_get_the_notification_id();
 
         // Get the args to add to the URL.
@@ -636 +646 @@
  */
 function bp_the_notification_mark_unread_link( $user_id = 0 ) {
+    // Escaping is done in `bp_get_the_notification_mark_unread_link()`.
+    // phpcs:ignore WordPress.Security.EscapeOutput
     echo bp_get_the_notification_mark_unread_link( $user_id );
 }
@@ -651 +663 @@
         $user_id = 0 === $user_id ? bp_displayed_user_id() : $user_id;
 
-        $retval = sprintf( '<a href="%1$s" class="mark-unread primary bp-tooltip">%2$s</a>', esc_url( bp_get_the_notification_mark_unread_url( $user_id ) ), __( 'Unread', 'buddypress' ) );
+        $retval = sprintf( '<a href="%1$s" class="mark-unread primary bp-tooltip">%2$s</a>', esc_url( bp_get_the_notification_mark_unread_url( $user_id ) ), esc_html__( 'Unread', 'buddypress' ) );
 
         /**
@@ -728 +740 @@
  */
 function bp_the_notification_mark_link( $user_id = 0 ) {
+    // Escaping is made in `bp_get_the_notification_mark_read_link()` & `bp_get_the_notification_mark_unread_link()`.
+    // phpcs:ignore WordPress.Security.EscapeOutput
     echo bp_get_the_notification_mark_link( $user_id );
 }
@@ -770 +784 @@
  */
 function bp_the_notification_delete_link( $user_id = 0 ) {
+    // Escaping is made in `bp_get_the_notification_delete_link()`.
+    // phpcs:ignore WordPress.Security.EscapeOutput
     echo bp_get_the_notification_delete_link( $user_id );
 }
@@ -785 +801 @@
         $user_id = 0 === $user_id ? bp_displayed_user_id() : $user_id;
 
-        $retval = sprintf( '<a href="%1$s" class="delete secondary confirm bp-tooltip">%2$s</a>', esc_url( bp_get_the_notification_delete_url( $user_id ) ), __( 'Delete', 'buddypress' ) );
+        $retval = sprintf( '<a href="%1$s" class="delete secondary confirm bp-tooltip">%2$s</a>', esc_url( bp_get_the_notification_delete_url( $user_id ) ), esc_html__( 'Delete', 'buddypress' ) );
 
         /**
@@ -868 +884 @@
  */
 function bp_the_notification_action_links( $args = '' ) {
+    // phpcs:ignore WordPress.Security.EscapeOutput
     echo bp_get_the_notification_action_links( $args );
 }
@@ -924 +941 @@
  */
 function bp_notifications_pagination_count() {
-    echo bp_get_notifications_pagination_count();
+    echo esc_html( bp_get_notifications_pagination_count() );
 }
     /**
@@ -963 +980 @@
  */
 function bp_notifications_pagination_links() {
+    // Escaping is done in WordPress's `paginate_links()` function.
+    // phpcs:ignore WordPress.Security.EscapeOutput
     echo bp_get_notifications_pagination_links();
 }
@@ -1008 +1027 @@
 
         <select id="notifications-sort-order-list" name="sort_order" onchange="this.form.submit();">
-            <option value="DESC" <?php selected( $selected, 'DESC' ); ?>><?php _e( 'Newest First', 'buddypress' ); ?></option>
-            <option value="ASC"  <?php selected( $selected, 'ASC'  ); ?>><?php _e( 'Oldest First', 'buddypress' ); ?></option>
+            <option value="DESC" <?php selected( $selected, 'DESC' ); ?>><?php esc_html_e( 'Newest First', 'buddypress' ); ?></option>
+            <option value="ASC"  <?php selected( $selected, 'ASC'  ); ?>><?php esc_html_e( 'Oldest First', 'buddypress' ); ?></option>
         </select>
 
@@ -1029 +1048 @@
     <label class="bp-screen-reader-text" for="notification-select"><?php
         /* translators: accessibility text */
-        _e( 'Select Bulk Action', 'buddypress' );
+        esc_html_e( 'Select Bulk Action', 'buddypress' );
     ?></label>
     <select name="notification_bulk_action" id="notification-select">
-        <option value="" selected="selected"><?php _e( 'Bulk Actions', 'buddypress' ); ?></option>
+        <option value="" selected="selected"><?php esc_html_e( 'Bulk Actions', 'buddypress' ); ?></option>
 
         <?php if ( bp_is_current_action( 'unread' ) ) : ?>
-            <option value="read"><?php _e( 'Mark read', 'buddypress' ); ?></option>
+            <option value="read"><?php esc_html_e( 'Mark read', 'buddypress' ); ?></option>
         <?php elseif ( bp_is_current_action( 'read' ) ) : ?>
-            <option value="unread"><?php _e( 'Mark unread', 'buddypress' ); ?></option>
+            <option value="unread"><?php esc_html_e( 'Mark unread', 'buddypress' ); ?></option>
         <?php endif; ?>
-        <option value="delete"><?php _e( 'Delete', 'buddypress' ); ?></option>
+        <option value="delete"><?php esc_html_e( 'Delete', 'buddypress' ); ?></option>
     </select>
     <input type="submit" id="notification-bulk-manage" class="button action" value="<?php esc_attr_e( 'Apply', 'buddypress' ); ?>">