Changeset 13816 for trunk/src/bp-activity/bp-activity-template.php
- Timestamp:
- 04/27/2024 05:51:41 PM (9 months ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/bp-activity/bp-activity-template.php
r13757 r13816 18 18 */ 19 19 function bp_activity_slug() { 20 echo bp_get_activity_slug();20 echo esc_url( bp_get_activity_slug() ); 21 21 } 22 22 /** … … 47 47 */ 48 48 function bp_activity_root_slug() { 49 echo bp_get_activity_root_slug();49 echo esc_url( bp_get_activity_root_slug() ); 50 50 } 51 51 /** … … 458 458 */ 459 459 function bp_activity_pagination_count() { 460 echo bp_get_activity_pagination_count();460 echo esc_html( bp_get_activity_pagination_count() ); 461 461 } 462 462 … … 495 495 */ 496 496 function bp_activity_pagination_links() { 497 // Escaping is done in WordPress's `paginate_links()` function. 498 // phpcs:ignore WordPress.Security.EscapeOutput 497 499 echo bp_get_activity_pagination_links(); 498 500 } … … 561 563 */ 562 564 function bp_activity_count() { 563 echo bp_get_activity_count();565 echo intval( bp_get_activity_count() ); 564 566 } 565 567 … … 593 595 */ 594 596 function bp_activity_per_page() { 595 echo bp_get_activity_per_page();597 echo intval( bp_get_activity_per_page() ); 596 598 } 597 599 … … 625 627 */ 626 628 function bp_activity_id() { 627 echo bp_get_activity_id();629 echo intval( bp_get_activity_id() ); 628 630 } 629 631 … … 657 659 */ 658 660 function bp_activity_item_id() { 659 echo bp_get_activity_item_id();661 echo intval( bp_get_activity_item_id() ); 660 662 } 661 663 … … 689 691 */ 690 692 function bp_activity_secondary_item_id() { 691 echo bp_get_activity_secondary_item_id();693 echo intval( bp_get_activity_secondary_item_id() ); 692 694 } 693 695 … … 721 723 */ 722 724 function bp_activity_date_recorded() { 723 echo bp_get_activity_date_recorded();725 echo esc_html( bp_get_activity_date_recorded() ); 724 726 } 725 727 … … 753 755 */ 754 756 function bp_activity_member_display_name() { 755 echo bp_get_activity_member_display_name();757 echo esc_html( bp_get_activity_member_display_name() ); 756 758 } 757 759 … … 789 791 */ 790 792 function bp_activity_object_name() { 791 echo bp_get_activity_object_name();793 echo esc_html( bp_get_activity_object_name() ); 792 794 } 793 795 … … 821 823 */ 822 824 function bp_activity_type() { 823 echo bp_get_activity_type();825 echo esc_html( bp_get_activity_type() ); 824 826 } 825 827 … … 878 880 * 879 881 */ 880 function bp_activity_action_name() { echobp_activity_type(); }882 function bp_activity_action_name() { bp_activity_type(); } 881 883 882 884 /** … … 902 904 */ 903 905 function bp_activity_user_id() { 904 echo bp_get_activity_user_id();906 echo intval( bp_get_activity_user_id() ); 905 907 } 906 908 … … 934 936 */ 935 937 function bp_activity_user_link() { 936 echo bp_get_activity_user_link();938 echo esc_url( bp_get_activity_user_link() ); 937 939 } 938 940 … … 975 977 */ 976 978 function bp_activity_avatar( $args = '' ) { 979 // phpcs:ignore WordPress.Security.EscapeOutput 977 980 echo bp_get_activity_avatar( $args ); 978 981 } … … 1016 1019 1017 1020 // Prepend some descriptive text to alt. 1018 $alt_default = __( 'Profile picture', 'buddypress' );1021 $alt_default = esc_html__( 'Profile picture', 'buddypress' ); 1019 1022 if ( ! empty( $dn_default ) ) { 1020 1023 /* translators: %s: member name */ 1021 $alt_default = sprintf( __( 'Profile picture of %s', 'buddypress' ), $dn_default );1024 $alt_default = sprintf( esc_html__( 'Profile picture of %s', 'buddypress' ), $dn_default ); 1022 1025 } 1023 1026 … … 1035 1038 ); 1036 1039 1037 extract( $r, EXTR_SKIP ); 1038 1039 if ( !isset( $height ) && !isset( $width ) ) { 1040 if ( ! isset( $r['height'] ) && ! isset( $r['width'] ) ) { 1040 1041 1041 1042 // Backpat. 1042 1043 if ( isset( $bp->avatar->full->height ) || isset( $bp->avatar->thumb->height ) ) { 1043 $ height = ( 'full' == $type) ? $bp->avatar->full->height : $bp->avatar->thumb->height;1044 $r['height'] = ( 'full' == $r['type'] ) ? $bp->avatar->full->height : $bp->avatar->thumb->height; 1044 1045 } else { 1045 $ height= 20;1046 $r['height'] = 20; 1046 1047 } 1047 1048 1048 1049 // Backpat. 1049 1050 if ( isset( $bp->avatar->full->width ) || isset( $bp->avatar->thumb->width ) ) { 1050 $ width = ( 'full' == $type) ? $bp->avatar->full->width : $bp->avatar->thumb->width;1051 $r['width'] = ( 'full' == $r['type'] ) ? $bp->avatar->full->width : $bp->avatar->thumb->width; 1051 1052 } else { 1052 $ width= 20;1053 $r['width'] = 20; 1053 1054 } 1054 1055 } … … 1066 1067 */ 1067 1068 $object = apply_filters( 'bp_get_activity_avatar_object_' . $current_activity_item->component, 'user' ); 1068 $item_id = !empty( $user_id ) ? $user_id : $current_activity_item->user_id; 1069 $item_id = $current_activity_item->user_id; 1070 1071 if ( ! empty( $r['user_id'] ) ) { 1072 $item_id = (int) $r['user_id']; 1073 } 1069 1074 1070 1075 /** … … 1078 1083 1079 1084 // If this is a user object pass the users' email address for Gravatar so we don't have to prefetch it. 1080 if ( 'user' == $object && empty( $ user_id ) && empty( $email) && isset( $current_activity_item->user_email ) ) {1081 $ email= $current_activity_item->user_email;1085 if ( 'user' == $object && empty( $r['user_id'] ) && empty( $r['email'] ) && isset( $current_activity_item->user_email ) ) { 1086 $r['email'] = $current_activity_item->user_email; 1082 1087 } 1083 1088 … … 1089 1094 * @param array $value HTML image element containing the activity avatar. 1090 1095 */ 1091 return apply_filters( 'bp_get_activity_avatar', bp_core_fetch_avatar( array( 1092 'item_id' => $item_id, 1093 'object' => $object, 1094 'type' => $type, 1095 'alt' => $alt, 1096 'class' => $class, 1097 'width' => $width, 1098 'height' => $height, 1099 'email' => $email 1100 ) ) ); 1096 return apply_filters( 'bp_get_activity_avatar', 1097 bp_core_fetch_avatar( 1098 array( 1099 'item_id' => $item_id, 1100 'object' => $object, 1101 'type' => $r['type'], 1102 'alt' => $r['alt'], 1103 'class' => $r['class'], 1104 'width' => $r['width'], 1105 'height' => $r['height'], 1106 'email' => $r['email'], 1107 ) 1108 ) 1109 ); 1101 1110 } 1102 1111 … … 1111 1120 */ 1112 1121 function bp_activity_secondary_avatar( $args = '' ) { 1122 // phpcs:ignore WordPress.Security.EscapeOutput 1113 1123 echo bp_get_activity_secondary_avatar( $args ); 1114 1124 } … … 1151 1161 ); 1152 1162 1153 extract( $r, EXTR_SKIP );1154 1155 1163 // Set item_id and object (default to user). 1156 1164 switch ( $activities_template->activity->component ) { … … 1172 1180 } 1173 1181 1174 if ( empty( $ alt) ) {1175 $ alt =__( 'Group logo', 'buddypress' );1182 if ( empty( $r['alt'] ) ) { 1183 $r['alt'] = esc_html__( 'Group logo', 'buddypress' ); 1176 1184 1177 1185 if ( ! empty( $name ) ) { 1178 1186 /* translators: %s: the Group name */ 1179 $ alt = sprintf(__( 'Group logo of %s', 'buddypress' ), $name );1187 $r['alt'] = sprintf( esc_html__( 'Group logo of %s', 'buddypress' ), $name ); 1180 1188 } 1181 1189 } … … 1187 1195 $link = home_url(); 1188 1196 1189 if ( empty( $ alt) ) {1197 if ( empty( $r['alt'] ) ) { 1190 1198 /* translators: %s: the blog name */ 1191 $ alt = sprintf( __( 'Profile picture of the author of the site %s', 'buddypress' ), get_blog_option( $item_id, 'blogname') );1199 $r['alt'] = sprintf( esc_html__( 'Profile picture of the author of the site %s', 'buddypress' ), esc_html( get_blog_option( $item_id, 'blogname' ) ) ); 1192 1200 } 1193 1201 … … 1198 1206 $link = bp_core_get_userlink( $item_id, false, true ); 1199 1207 1200 if ( empty( $ alt) ) {1208 if ( empty( $r['alt'] ) ) { 1201 1209 /* translators: %s: member name */ 1202 $ alt = sprintf(__( 'Profile picture of %s', 'buddypress' ), bp_core_get_user_displayname( $activities_template->activity->secondary_item_id ) );1210 $r['alt'] = sprintf( esc_html__( 'Profile picture of %s', 'buddypress' ), bp_core_get_user_displayname( $activities_template->activity->secondary_item_id ) ); 1203 1211 } 1204 1212 1205 1213 break; 1206 1214 default : 1207 $object = 'user';1208 $item_id = $activities_template->activity->user_id;1209 $ email= $activities_template->activity->user_email;1210 $link = bp_core_get_userlink( $item_id, false, true );1211 1212 if ( empty( $ alt) ) {1215 $object = 'user'; 1216 $item_id = $activities_template->activity->user_id; 1217 $r['email'] = $activities_template->activity->user_email; 1218 $link = bp_core_get_userlink( $item_id, false, true ); 1219 1220 if ( empty( $r['alt'] ) ) { 1213 1221 /* translators: %s: member name */ 1214 $ alt = sprintf( __( 'Profile picture of %s', 'buddypress' ), $activities_template->activity->display_name);1222 $r['alt'] = sprintf( esc_html__( 'Profile picture of %s', 'buddypress' ), esc_html( $activities_template->activity->display_name ) ); 1215 1223 } 1216 1224 … … 1229 1237 * @param string $object Component being displayed. 1230 1238 */ 1231 $object 1239 $object = apply_filters( 'bp_get_activity_secondary_avatar_object_' . $activities_template->activity->component, $object ); 1232 1240 1233 1241 /** … … 1246 1254 1247 1255 // Get the avatar. 1248 $avatar = bp_core_fetch_avatar( array( 1249 'item_id' => $item_id, 1250 'object' => $object, 1251 'type' => $type, 1252 'alt' => $alt, 1253 'class' => $class, 1254 'width' => $width, 1255 'height' => $height, 1256 'email' => $email 1257 ) ); 1258 1259 if ( !empty( $linked ) ) { 1256 $avatar = bp_core_fetch_avatar( 1257 array( 1258 'item_id' => $item_id, 1259 'object' => $object, 1260 'type' => $r['type'], 1261 'alt' => $r['alt'], 1262 'class' => $r['class'], 1263 'width' => $r['width'], 1264 'height' => $r['height'], 1265 'email' => $r['email'], 1266 ) 1267 ); 1268 1269 if ( ! empty( $r['linked'] ) ) { 1260 1270 1261 1271 /** … … 1279 1289 1280 1290 return sprintf( '<a href="%s" class="%s">%s</a>', 1281 $link,1282 $link_class,1291 esc_url( $link ), 1292 esc_attr( $r['link_class'] ), 1283 1293 $avatar 1284 1294 ); … … 1297 1307 */ 1298 1308 function bp_activity_action( $args = array() ) { 1299 echo bp_get_activity_action( $args ); 1309 echo wp_kses( 1310 bp_get_activity_action( $args ), 1311 array( 1312 'p' => true, 1313 'a' => array( 1314 'href' => true, 1315 'class' => true, 1316 'data-bp-tooltip' => true, 1317 ), 1318 'span' => array( 1319 'class' => true, 1320 ), 1321 'img' => array( 1322 'src' => true, 1323 'loading' => true, 1324 'class' => true, 1325 'alt' => true, 1326 'height' => true, 1327 'width' => true, 1328 ), 1329 ) 1330 ); 1300 1331 } 1301 1332 … … 1363 1394 */ 1364 1395 function bp_activity_content_body() { 1396 // Escaping is made in `bp-activity/bp-activity-filters.php`. 1397 // phpcs:ignore WordPress.Security.EscapeOutput 1365 1398 echo bp_get_activity_content_body(); 1366 1399 } … … 1608 1641 */ 1609 1642 function bp_activity_generated_content_part( $property = '' ) { 1643 // phpcs:ignore WordPress.Security.EscapeOutput 1610 1644 echo bp_activity_get_generated_content_part( $property ); 1611 1645 } … … 1664 1698 */ 1665 1699 function bp_activity_content() { 1700 // Escaping is made in `bp-activity/bp-activity-filters.php`. 1701 // phpcs:ignore WordPress.Security.EscapeOutput 1666 1702 echo bp_get_activity_content(); 1667 1703 } … … 1842 1878 */ 1843 1879 function bp_activity_parent_content( $args = '' ) { 1844 echo bp_get_activity_parent_content($args); 1880 // Escaping is made in `bp-activity/bp-activity-filters.php`. 1881 // phpcs:ignore WordPress.Security.EscapeOutput 1882 echo bp_get_activity_parent_content( $args ); 1845 1883 } 1846 1884 … … 1906 1944 */ 1907 1945 function bp_activity_parent_user_id() { 1908 echo bp_get_activity_parent_user_id();1946 echo intval( bp_get_activity_parent_user_id() ); 1909 1947 } 1910 1948 … … 1959 1997 */ 1960 1998 function bp_activity_is_favorite() { 1999 // phpcs:ignore WordPress.Security.EscapeOutput 1961 2000 echo bp_get_activity_is_favorite(); 1962 2001 } … … 1999 2038 sprintf( 2000 2039 /* translators: 1: the name of the function. 2: the name of the file. */ 2001 __( '%1$s no longer accepts arguments. See the inline documentation at %2$s for more details.', 'buddypress' ),2040 esc_html__( '%1$s no longer accepts arguments. See the inline documentation at %2$s for more details.', 'buddypress' ), 2002 2041 __FUNCTION__, 2003 2042 __FILE__ … … 2006 2045 } 2007 2046 2047 // phpcs:ignore WordPress.Security.EscapeOutput 2008 2048 echo bp_activity_get_comments(); 2009 2049 } … … 2032 2072 sprintf( 2033 2073 /* translators: 1: the name of the function. 2: the name of the file. */ 2034 __( '%1$s no longer accepts arguments. See the inline documentation at %2$s for more details.', 'buddypress' ),2074 esc_html__( '%1$s no longer accepts arguments. See the inline documentation at %2$s for more details.', 'buddypress' ), 2035 2075 __FUNCTION__, 2036 2076 __FILE__ … … 2070 2110 } 2071 2111 2072 /** 2073 * Filters the opening tag for the template that lists activity comments. 2074 * 2075 * @since 1.6.0 2076 * 2077 * @param string $value Opening tag for the HTML markup to use. 2078 */ 2079 echo apply_filters( 'bp_activity_recurse_comments_start_ul', '<ul>' ); 2112 // phpcs:ignore WordPress.Security.EscapeOutput 2113 echo apply_filters( 2114 /** 2115 * Filters the opening tag for the template that lists activity comments. 2116 * 2117 * @since 1.6.0 2118 * 2119 * @param string $value Opening tag for the HTML markup to use. 2120 */ 2121 'bp_activity_recurse_comments_start_ul', 2122 '<ul>' 2123 ); 2124 2080 2125 foreach ( (array) $comment->children as $comment_child ) { 2081 2126 … … 2108 2153 } 2109 2154 2110 /** 2111 * Filters the closing tag for the template that list activity comments. 2112 * 2113 * @since 1.6.0 2114 * 2115 * @param string $value Closing tag for the HTML markup to use. 2116 */ 2117 echo apply_filters( 'bp_activity_recurse_comments_end_ul', '</ul>' ); 2155 // phpcs:ignore WordPress.Security.EscapeOutput 2156 echo apply_filters( 2157 /** 2158 * Filters the closing tag for the template that list activity comments. 2159 * 2160 * @since 1.6.0 2161 * 2162 * @param string $value Closing tag for the HTML markup to use. 2163 */ 2164 'bp_activity_recurse_comments_end_ul', 2165 '</ul>' 2166 ); 2118 2167 } 2119 2168 … … 2153 2202 */ 2154 2203 function bp_activity_comment_id() { 2155 echo bp_get_activity_comment_id();2204 echo intval( bp_get_activity_comment_id() ); 2156 2205 } 2157 2206 … … 2188 2237 */ 2189 2238 function bp_activity_comment_user_id() { 2190 echo bp_get_activity_comment_user_id();2239 echo intval( bp_get_activity_comment_user_id() ); 2191 2240 } 2192 2241 … … 2223 2272 */ 2224 2273 function bp_activity_comment_user_link() { 2225 echo bp_get_activity_comment_user_link();2274 echo esc_url( bp_get_activity_comment_user_link() ); 2226 2275 } 2227 2276 … … 2254 2303 */ 2255 2304 function bp_activity_comment_name() { 2256 echo bp_get_activity_comment_name();2305 echo esc_html( bp_get_activity_comment_name() ); 2257 2306 } 2258 2307 … … 2296 2345 */ 2297 2346 function bp_activity_comment_date_recorded() { 2298 echo bp_get_activity_comment_date_recorded();2347 echo esc_html( bp_get_activity_comment_date_recorded() ); 2299 2348 } 2300 2349 … … 2327 2376 */ 2328 2377 function bp_activity_comment_date_recorded_raw() { 2329 echo bp_get_activity_comment_date_recorded_raw();2378 echo esc_html( bp_get_activity_comment_date_recorded_raw() ); 2330 2379 } 2331 2380 … … 2360 2409 */ 2361 2410 function bp_activity_comment_delete_link() { 2362 echo bp_get_activity_comment_delete_link();2411 echo esc_url( bp_get_activity_comment_delete_link() ); 2363 2412 } 2364 2413 … … 2399 2448 */ 2400 2449 function bp_activity_comment_content() { 2450 // Escaping is made in `bp-activity/bp-activity-filters.php`. 2451 // phpcs:ignore WordPress.Security.EscapeOutput 2401 2452 echo bp_get_activity_comment_content(); 2402 2453 } … … 2441 2492 */ 2442 2493 function bp_activity_comment_count() { 2443 echo bp_activity_get_comment_count();2494 echo intval( bp_activity_get_comment_count() ); 2444 2495 } 2445 2496 … … 2464 2515 sprintf( 2465 2516 /* translators: 1: the name of the function. 2: the name of the file. */ 2466 __( '%1$s no longer accepts arguments. See the inline documentation at %2$s for more details.', 'buddypress' ),2517 esc_html__( '%1$s no longer accepts arguments. See the inline documentation at %2$s for more details.', 'buddypress' ), 2467 2518 __FUNCTION__, 2468 2519 __FILE__ … … 2534 2585 */ 2535 2586 function bp_activity_comment_depth( $comment = 0 ) { 2536 echo bp_activity_get_comment_depth( $comment);2587 echo intval( bp_activity_get_comment_depth( $comment ) ); 2537 2588 } 2538 2589 … … 2601 2652 */ 2602 2653 function bp_activity_comment_link() { 2603 echo bp_get_activity_comment_link();2654 echo esc_url( bp_get_activity_comment_link() ); 2604 2655 } 2605 2656 … … 2648 2699 */ 2649 2700 function bp_activity_comment_form_nojs_display() { 2701 // phpcs:ignore WordPress.Security.EscapeOutput 2650 2702 echo bp_get_activity_comment_form_nojs_display(); 2651 2703 } … … 2752 2804 */ 2753 2805 function bp_activity_permalink_id() { 2754 echo bp_get_activity_permalink_id();2806 echo esc_html( bp_get_activity_permalink_id() ); 2755 2807 } 2756 2808 … … 2853 2905 */ 2854 2906 function bp_activity_favorite_link() { 2855 echo bp_get_activity_favorite_link();2907 echo esc_url( bp_get_activity_favorite_link() ); 2856 2908 } 2857 2909 … … 2895 2947 */ 2896 2948 function bp_activity_unfavorite_link() { 2897 echo bp_get_activity_unfavorite_link();2949 echo esc_url( bp_get_activity_unfavorite_link() ); 2898 2950 } 2899 2951 … … 2937 2989 */ 2938 2990 function bp_activity_css_class() { 2939 echo bp_get_activity_css_class();2991 echo esc_attr( bp_get_activity_css_class() ); 2940 2992 } 2941 2993 … … 2995 3047 */ 2996 3048 function bp_activity_delete_link() { 3049 // phpcs:ignore WordPress.Security.EscapeOutput 2997 3050 echo bp_get_activity_delete_link(); 2998 3051 } … … 3020 3073 } 3021 3074 3022 $link = '<a href="' . esc_url( $url ) . '" class="button item-button bp-secondary-action ' . $class . ' confirm" rel="nofollow">' .__( 'Delete', 'buddypress' ) . '</a>';3075 $link = '<a href="' . esc_url( $url ) . '" class="button item-button bp-secondary-action ' . esc_attr( $class ) . ' confirm" rel="nofollow">' . esc_html__( 'Delete', 'buddypress' ) . '</a>'; 3023 3076 3024 3077 /** … … 3096 3149 */ 3097 3150 function bp_activity_latest_update( $user_id = 0 ) { 3151 // Escaping is made in `bp-activity/bp-activity-filters.php`. 3152 // phpcs:ignore WordPress.Security.EscapeOutput 3098 3153 echo bp_get_activity_latest_update( $user_id ); 3099 3154 } … … 3163 3218 */ 3164 3219 function bp_activity_filter_links( $args = false ) { 3220 // phpcs:ignore WordPress.Security.EscapeOutput 3165 3221 echo bp_get_activity_filter_links( $args ); 3166 3222 } … … 3201 3257 3202 3258 // Skip the activity comment filter. 3203 if ( 'activity' == $component ) {3259 if ( 'activity' === $component ) { 3204 3260 continue; 3205 3261 } 3206 3262 3207 if ( isset( $_GET['afilter'] ) && $component == $_GET['afilter'] ) {3263 if ( isset( $_GET['afilter'] ) && $component === $_GET['afilter'] ) { 3208 3264 $selected = ' class="selected"'; 3209 3265 } else { … … 3250 3306 3251 3307 if ( isset( $_GET['afilter'] ) ) { 3252 $component_links[] = '<' . $tag . ' id="afilter-clear"><a href="' . esc_url( $link ) . '">' . __( 'Clear Filter', 'buddypress' ) . '</a></' . $tag . '>';3308 $component_links[] = '<' . $tag . ' id="afilter-clear"><a href="' . esc_url( $link ) . '">' . esc_html__( 'Clear Filter', 'buddypress' ) . '</a></' . $tag . '>'; 3253 3309 } 3254 3310 … … 3378 3434 */ 3379 3435 function bp_total_favorite_count_for_user( $user_id = 0 ) { 3380 echo bp_get_total_favorite_count_for_user( $user_id);3436 echo intval( bp_get_total_favorite_count_for_user( $user_id ) ); 3381 3437 } 3382 3438 … … 3428 3484 */ 3429 3485 function bp_total_mention_count_for_user( $user_id = 0 ) { 3430 echo bp_get_total_mention_count_for_user( $user_id);3486 echo intval( bp_get_total_mention_count_for_user( $user_id ) ); 3431 3487 } 3432 3488 … … 3540 3596 */ 3541 3597 function bp_mentioned_user_display_name( $user_id_or_username = false ) { 3598 // phpcs:ignore WordPress.Security.EscapeOutput 3542 3599 echo bp_get_mentioned_user_display_name( $user_id_or_username ); 3543 3600 } … … 3559 3616 // If user somehow has no name, return this really lame string. 3560 3617 if ( empty( $name ) ) { 3561 $name = __( 'a user', 'buddypress' );3618 $name = esc_html__( 'a user', 'buddypress' ); 3562 3619 } 3563 3620 … … 3583 3640 */ 3584 3641 function bp_send_public_message_button( $args = '' ) { 3642 // Escaping is done in `BP_Core_HTML_Element()`. 3643 // phpcs:ignore WordPress.Security.EscapeOutput 3585 3644 echo bp_get_send_public_message_button( $args ); 3586 3645 } … … 3662 3721 */ 3663 3722 function bp_activity_post_form_action() { 3664 echo bp_get_activity_post_form_action();3723 echo esc_url( bp_get_activity_post_form_action() ); 3665 3724 } 3666 3725 … … 3734 3793 3735 3794 // Get avatar for this user. 3736 $image_html = bp_core_fetch_avatar( array( 3737 'item_id' => $user_id, 3738 'height' => $r['height'], 3739 'html' => $r['html'], 3740 'type' => $r['type'], 3741 'width' => $r['width'] 3742 ) ); 3795 $image_html = bp_core_fetch_avatar( 3796 array( 3797 'item_id' => $user_id, 3798 'height' => $r['height'], 3799 'html' => $r['html'], 3800 'type' => $r['type'], 3801 'width' => $r['width'] 3802 ) 3803 ); 3743 3804 3744 3805 // If user has link & avatar, add them to the output array. … … 3754 3815 } 3755 3816 3756 /** 3757 * Filters the list of linked avatars for users who have commented on the current activity item. 3758 * 3759 * @since 1.7.0 3760 * 3761 * @param string $retval HTML markup for the list of avatars. 3762 * @param array $r Array of arguments used for each avatar. 3763 * @param array $output Array of each avatar found, before imploded into single string. 3764 */ 3765 echo apply_filters( 'bp_activity_comments_user_avatars', $retval, $r, $output ); 3817 // phpcs:ignore WordPress.Security.EscapeOutput 3818 echo apply_filters( 3819 /** 3820 * Filters the list of linked avatars for users who have commented on the current activity item. 3821 * 3822 * @since 1.7.0 3823 * 3824 * @param string $retval HTML markup for the list of avatars. 3825 * @param array $r Array of arguments used for each avatar. 3826 * @param array $output Array of each avatar found, before imploded into single string. 3827 */ 3828 'bp_activity_comments_user_avatars', 3829 $retval, 3830 $r, 3831 $output 3832 ); 3766 3833 } 3767 3834 … … 3842 3909 */ 3843 3910 function bp_displayed_user_mentionname() { 3844 echo bp_get_displayed_user_mentionname();3911 echo esc_html( bp_get_displayed_user_mentionname() ); 3845 3912 } 3846 3913 /** … … 3900 3967 switch ( $output ) { 3901 3968 case 'select' : 3969 // phpcs:ignore WordPress.Security.EscapeOutput 3902 3970 printf( '<option value="%1$s" %2$s>%3$s</option>', esc_attr( $type ), $selected, esc_html( $description ) ); 3903 3971 break; 3904 3972 case 'checkbox' : 3973 // phpcs:ignore WordPress.Security.EscapeOutput 3905 3974 printf( '<label style="" for="%1$s[]">%2$s<input type="checkbox" id="%1$s[]" name="%1$s[]" value="%3$s" %4$s/></label>', esc_attr( $args['checkbox_name'] ), esc_html( $description ), esc_attr( $args['checkbox_name'] ), esc_attr( $args['checkbox_name'] ), esc_attr( $type ), $checked ); 3906 3975 break; … … 3938 4007 */ 3939 4008 function bp_sitewide_activity_feed_link() { 3940 echo bp_get_sitewide_activity_feed_link();4009 echo esc_url( bp_get_sitewide_activity_feed_link() ); 3941 4010 } 3942 4011 … … 4054 4123 */ 4055 4124 function bp_activity_feed_item_guid() { 4056 echo bp_get_activity_feed_item_guid();4125 echo esc_html( bp_get_activity_feed_item_guid() ); 4057 4126 } 4058 4127 … … 4086 4155 */ 4087 4156 function bp_activity_feed_item_title() { 4157 // phpcs:ignore WordPress.Security.EscapeOutput 4088 4158 echo bp_get_activity_feed_item_title(); 4089 4159 } … … 4135 4205 */ 4136 4206 function bp_activity_feed_item_link() { 4137 echo bp_get_activity_feed_item_link();4207 echo esc_url( bp_get_activity_feed_item_link() ); 4138 4208 } 4139 4209 … … 4171 4241 */ 4172 4242 function bp_activity_feed_item_date() { 4173 echo bp_get_activity_feed_item_date();4243 echo esc_html( bp_get_activity_feed_item_date() ); 4174 4244 } 4175 4245 … … 4207 4277 */ 4208 4278 function bp_activity_feed_item_description() { 4279 // Escaping is made in `bp-activity/bp-activity-filters.php`. 4280 // phpcs:ignore WordPress.Security.EscapeOutput 4209 4281 echo bp_get_activity_feed_item_description(); 4210 4282 } … … 4251 4323 ?> 4252 4324 4253 <link rel="alternate" type="application/rss+xml" title="<?php bloginfo( 'name' ) ?> | <?php _e( 'Site Wide Activity RSS Feed', 'buddypress' ) ?>" href="<?php bp_sitewide_activity_feed_link() ?>" />4325 <link rel="alternate" type="application/rss+xml" title="<?php bloginfo( 'name' ) ?> | <?php esc_html_e( 'Site Wide Activity RSS Feed', 'buddypress' ) ?>" href="<?php bp_sitewide_activity_feed_link() ?>" /> 4254 4326 4255 4327 <?php … … 4266 4338 */ 4267 4339 function bp_activity_show_filters( $context = '' ) { 4340 // phpcs:ignore WordPress.Security.EscapeOutput 4268 4341 echo bp_get_activity_show_filters( $context ); 4269 4342 }
Note: See TracChangeset
for help on using the changeset viewer.