- Timestamp:
- 04/27/2024 05:51:41 PM (10 months ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/bp-activity/classes/class-bp-activity-list-table.php
r13497 r13816 261 261 */ 262 262 function no_items() { 263 _e( 'No activities found.', 'buddypress' );263 esc_html_e( 'No activities found.', 'buddypress' ); 264 264 } 265 265 … … 272 272 $this->display_tablenav( 'top' ); ?> 273 273 274 <h2 class="screen-reader-text"><?php 275 /* translators: accessibility text */ 276 _e( 'Activities list', 'buddypress' ); 277 ?></h2> 278 279 <table class="wp-list-table <?php echo implode( ' ', $this->get_table_classes() ); ?>" cellspacing="0"> 274 <h2 class="screen-reader-text"> 275 <?php 276 /* translators: accessibility text */ 277 esc_html_e( 'Activities list', 'buddypress' ); 278 ?> 279 </h2> 280 281 <table class="wp-list-table <?php echo esc_attr( implode( ' ', $this->get_table_classes() ) ); ?>" cellspacing="0"> 280 282 <thead> 281 283 <tr> … … 309 311 static $even = false; 310 312 313 $row_classes = array(); 314 311 315 if ( $even ) { 312 $row_class = ' class="even"';316 $row_classes = array( 'even' ); 313 317 } else { 314 $row_class = ' class="alternate odd"';318 $row_classes = array( 'alternate', 'odd' ); 315 319 } 316 320 … … 321 325 } 322 326 323 echo '<tr' . $row_class . ' id="activity-' . esc_attr( $item['id'] ) . '" data-parent_id="' . esc_attr( $item['id'] ) . '" data-root_id="' . esc_attr( $root_id ) . '">'; 327 echo '<tr class="' . implode( ' ', array_map( 'sanitize_html_class', $row_classes ) ) . '" id="activity-' . esc_attr( $item['id'] ) . '" data-parent_id="' . esc_attr( $item['id'] ) . '" data-root_id="' . esc_attr( $root_id ) . '">'; 328 329 // Escapes are made into `self::single_row_columns()`. 330 // phpcs:ignore WordPress.Security.EscapeOutput 324 331 echo $this->single_row_columns( $item ); 325 332 echo '</tr>'; … … 336 343 $url_base = add_query_arg( array( 'page' => 'bp-activity' ), bp_get_admin_url( 'admin.php' ) ); ?> 337 344 338 <h2 class="screen-reader-text"><?php 339 /* translators: accessibility text */ 340 esc_html_e( 'Filter activities list', 'buddypress' ); 341 ?></h2> 345 <h2 class="screen-reader-text"> 346 <?php 347 /* translators: accessibility text */ 348 esc_html_e( 'Filter activities list', 'buddypress' ); 349 ?> 350 </h2> 342 351 343 352 <ul class="subsubsub"> … … 349 358 sprintf( 350 359 '<span class="count">(%s)</span>', 351 number_format_i18n( $this->all_count)360 esc_html( number_format_i18n( $this->all_count ) ) 352 361 ) 353 362 ); ?> … … 361 370 sprintf( 362 371 '<span class="count">(%s)</span>', 363 number_format_i18n( $this->spam_count)372 esc_html( number_format_i18n( $this->spam_count ) ) 364 373 ) 365 374 ); ?> … … 398 407 * @param array $actions Default available actions for bulk operations. 399 408 */ 400 return apply_filters( 'bp_activity_list_table_get_bulk_actions', array( 401 'bulk_spam' => __( 'Mark as Spam', 'buddypress' ), 402 'bulk_ham' => __( 'Not Spam', 'buddypress' ), 403 'bulk_delete' => __( 'Delete Permanently', 'buddypress' ), 404 ) ); 409 return apply_filters( 'bp_activity_list_table_get_bulk_actions', 410 array( 411 'bulk_spam' => __( 'Mark as Spam', 'buddypress' ), 412 'bulk_ham' => __( 'Not Spam', 'buddypress' ), 413 'bulk_delete' => __( 'Delete Permanently', 'buddypress' ), 414 ) 415 ); 405 416 } 406 417 … … 423 434 * @param array $value Array of slugs and titles for the columns. 424 435 */ 425 return apply_filters( 'bp_activity_list_table_get_columns', array( 426 'cb' => '<input name type="checkbox" />', 427 'author' => _x( 'Author', 'Admin SWA column header', 'buddypress' ), 428 'comment' => _x( 'Activity', 'Admin SWA column header', 'buddypress' ), 429 'action' => _x( 'Action', 'Admin SWA column header', 'buddypress' ), 430 'response' => _x( 'In Response To', 'Admin SWA column header', 'buddypress' ), 431 ) ); 436 return apply_filters( 'bp_activity_list_table_get_columns', 437 array( 438 'cb' => '<input name type="checkbox" />', 439 'author' => _x( 'Author', 'Admin SWA column header', 'buddypress' ), 440 'comment' => _x( 'Activity', 'Admin SWA column header', 'buddypress' ), 441 'action' => _x( 'Action', 'Admin SWA column header', 'buddypress' ), 442 'response' => _x( 'In Response To', 'Admin SWA column header', 'buddypress' ), 443 ) 444 ); 432 445 } 433 446 … … 472 485 473 486 <div class="alignleft actions"> 474 <label for="activity-type" class="screen-reader-text"><?php 475 /* translators: accessibility text */ 476 _e( 'Filter by activity type', 'buddypress' ); 477 ?></label> 487 <label for="activity-type" class="screen-reader-text"> 488 <?php 489 /* translators: accessibility text */ 490 esc_html_e( 'Filter by activity type', 'buddypress' ); 491 ?> 492 </label> 478 493 <select name="activity_type" id="activity-type"> 479 <option value="" <?php selected( ! $selected ); ?>><?php _e( 'View all actions', 'buddypress' ); ?></option>494 <option value="" <?php selected( ! $selected ); ?>><?php esc_html_e( 'View all actions', 'buddypress' ); ?></option> 480 495 481 496 <?php foreach ( $activity_actions as $component => $actions ) : ?> … … 573 588 function column_cb( $item ) { 574 589 /* translators: accessibility text */ 575 printf( '<label class="screen-reader-text" for="aid-%1$d">' . __( 'Select activity item %1$d', 'buddypress' ) . '</label><input type="checkbox" name="aid[]" value="%1$d" id="aid-%1$d" />', $item['id']);590 printf( '<label class="screen-reader-text" for="aid-%1$d">' . esc_html__( 'Select activity item %1$d', 'buddypress' ) . '</label><input type="checkbox" name="aid[]" value="%1$d" id="aid-%1$d" />', intval( $item['id'] ) ); 576 591 } 577 592 … … 586 601 */ 587 602 function column_author( $item ) { 588 echo '<strong>' . get_avatar( $item['user_id'], '32' ) . ' ' . bp_core_get_userlink( $item['user_id'] ) . '</strong>'; 603 $avatar = get_avatar( $item['user_id'], '32' ); 604 605 printf( 606 '<strong>%1$s %2$s</strong>', 607 wp_kses( 608 $avatar, 609 array( 610 'img' => array( 611 'alt' => true, 612 'src' => true, 613 'srcset' => true, 614 'class' => true, 615 'height' => true, 616 'width' => true, 617 ) 618 ) 619 ), 620 // phpcs:ignore WordPress.Security.EscapeOutput 621 bp_core_get_userlink( $item['user_id'] ) 622 ); 589 623 } 590 624 … … 602 636 603 637 if ( isset( $actions[ $item['type'] ] ) ) { 604 echo $actions[ $item['type'] ];638 echo esc_html( $actions[ $item['type'] ] ); 605 639 } else { 606 640 /* translators: %s: the name of the activity type */ 607 printf( __( 'Unregistered action - %s', 'buddypress' ), $item['type']);641 printf( esc_html__( 'Unregistered action - %s', 'buddypress' ), esc_html( $item['type'] ) ); 608 642 } 609 643 } … … 622 656 function column_comment( $item ) { 623 657 // Determine what type of item (row) we're dealing with. 624 if ( $item['is_spam'] ) 658 if ( $item['is_spam'] ) { 625 659 $item_status = 'spam'; 626 else660 } else { 627 661 $item_status = 'all'; 662 } 628 663 629 664 // Preorder items: Reply | Edit | Spam | Delete Permanently. … … 682 717 printf( 683 718 /* translators: %s: activity date and time */ 684 __( 'Submitted on %s', 'buddypress' ),719 esc_html__( 'Submitted on %s', 'buddypress' ), 685 720 sprintf( 686 721 '<a href="%1$s">%2$s</a>', 687 bp_activity_get_permalink( $item['id']),722 esc_url( bp_activity_get_permalink( $item['id'] ) ), 688 723 sprintf( 689 724 /* translators: 1: activity date, 2: activity time */ 690 __( '%1$s at %2$s', 'buddypress' ),691 date_i18n( bp_get_option( 'date_format' ), strtotime( $item['date_recorded']) ),692 get_date_from_gmt( $item['date_recorded'], bp_get_option( 'time_format') )725 esc_html__( '%1$s at %2$s', 'buddypress' ), 726 esc_html( date_i18n( bp_get_option( 'date_format' ), strtotime( $item['date_recorded'] ) ) ), 727 esc_html( get_date_from_gmt( $item['date_recorded'], bp_get_option( 'time_format' ) ) ) 693 728 ) 694 729 ) … … 714 749 } 715 750 716 /** 717 * Filter here to add extra output to the activity content into the Administration. 718 * 719 * @since 2.4.0 720 * 721 * @param string $content The activity content. 722 * @param array $item The activity object converted into an array. 723 */ 724 echo apply_filters( 'bp_activity_admin_comment_content', $content, $item ) . ' ' . $this->row_actions( $actions ); 751 // phpcs:disable WordPress.Security.EscapeOutput 752 echo apply_filters( 753 /** 754 * Filter here to add extra output to the activity content into the Administration. 755 * 756 * @since 2.4.0 757 * 758 * @param string $content The activity content. 759 * @param array $item The activity object converted into an array. 760 */ 761 'bp_activity_admin_comment_content', 762 $content, 763 $item 764 ); 765 766 echo ' ' . $this->row_actions( $actions ); 767 // phpcs:enable 725 768 } 726 769 … … 745 788 $activity_permalink = ''; 746 789 if ( ! $item['is_spam'] ) { 747 $activity_permalink = '<a href="' . bp_activity_get_permalink( $item['id'], (object) $item ) . '" class="comments-view-item-link">' .__( 'View Activity', 'buddypress' ) . '</a>';790 $activity_permalink = '<a href="' . esc_url( bp_activity_get_permalink( $item['id'], (object) $item ) ) . '" class="comments-view-item-link">' . esc_html__( 'View Activity', 'buddypress' ) . '</a>'; 748 791 } 749 792 … … 757 800 */ 758 801 if ( empty( $item['item_id'] ) || ! in_array( $item['type'], apply_filters( 'bp_activity_admin_root_activity_types', array( 'activity_comment' ), $item ) ) ) { 802 // phpcs:ignore WordPress.Security.EscapeOutput 759 803 echo $activity_permalink; 760 804 761 $comment_count = ! empty( $item['children'] ) ? bp_activity_recurse_comment_count( (object) $item ) : 0;805 $comment_count = ! empty( $item['children'] ) ? bp_activity_recurse_comment_count( (object) $item ) : 0; 762 806 $root_activity_url = bp_get_admin_url( 'admin.php?page=bp-activity&aid=' . $item['id'] ); 763 807 764 808 // If the activity has comments, display a link to the activity's permalink, with its comment count in a speech bubble. 765 809 if ( $comment_count ) { 766 printf( '<a href="%1$s" class="post-com-count post-com-count-approved"><span class="comment-count comment-count-approved">%2$s</span></a>', esc_url( $root_activity_url ), number_format_i18n( $comment_count) );810 printf( '<a href="%1$s" class="post-com-count post-com-count-approved"><span class="comment-count comment-count-approved">%2$s</span></a>', esc_url( $root_activity_url ), esc_html( number_format_i18n( $comment_count ) ) ); 767 811 } 768 812 769 813 // For non-root activities, display a link to the replied-to activity's author's profile. 770 814 } else { 771 echo '<strong>' . get_avatar( $this->get_activity_user_id( $item['item_id'] ), '32' ) . ' ' . bp_core_get_userlink( $this->get_activity_user_id( $item['item_id'] ) ) . '</strong><br />'; 815 $avatar = get_avatar( $this->get_activity_user_id( $item['item_id'] ), '32' ); 816 printf( 817 '<strong>%1$s %2$s</strong><br />', 818 wp_kses( 819 $avatar, 820 array( 821 'img' => array( 822 'alt' => true, 823 'src' => true, 824 'srcset' => true, 825 'class' => true, 826 'height' => true, 827 'width' => true, 828 ) 829 ) 830 ), 831 // phpcs:ignore WordPress.Security.EscapeOutput 832 bp_core_get_userlink( $this->get_activity_user_id( $item['item_id'] ) ) 833 ); 834 835 // phpcs:ignore WordPress.Security.EscapeOutput 772 836 echo $activity_permalink; 773 837 } 774 838 ?> 775 776 839 </div> 777 778 840 <?php 779 841 } … … 829 891 * activities as orphans, use the logged in user's ID to avoid errors. 830 892 */ 831 if ( empty( $activity['activities'] ) ) 893 if ( empty( $activity['activities'] ) ) { 832 894 return bp_loggedin_user_id(); 895 } 833 896 834 897 // Store the new activity/user ID mapping for any later re-use. … … 854 917 * @return bool $can_comment 855 918 */ 856 protected function can_comment( $item 919 protected function can_comment( $item ) { 857 920 $can_comment = bp_activity_type_supports( $item['type'], 'comment-reply' ); 858 921
Note: See TracChangeset
for help on using the changeset viewer.