Changeset 13818
- Timestamp:
- 04/28/2024 12:23:47 PM (8 months ago)
- Location:
- trunk/src
- Files:
-
- 23 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/bp-core/admin/bp-core-admin-components.php
r13637 r13818 187 187 ?> 188 188 189 <h3 class="screen-reader-text"><?php 190 /* translators: accessibility text */ 191 esc_html_e( 'Filter components list', 'buddypress' ); 192 ?></h3> 189 <h3 class="screen-reader-text"> 190 <?php 191 /* translators: accessibility text */ 192 esc_html_e( 'Filter components list', 'buddypress' ); 193 ?> 194 </h3> 193 195 194 196 <ul class="subsubsub"> … … 202 204 </ul> 203 205 204 <h3 class="screen-reader-text"><?php 205 /* translators: accessibility text */ 206 esc_html_e( 'Components list', 'buddypress' ); 207 ?></h3> 206 <h3 class="screen-reader-text"> 207 <?php 208 /* translators: accessibility text */ 209 esc_html_e( 'Components list', 'buddypress' ); 210 ?> 211 </h3> 208 212 209 213 <table class="wp-list-table widefat plugins"> … … 211 215 <tr> 212 216 <td id="cb" class="manage-column column-cb check-column"><input id="cb-select-all-1" type="checkbox" <?php checked( empty( $inactive_components ) ); ?>> 213 <label class="screen-reader-text" for="cb-select-all-1"><?php 214 /* translators: accessibility text */ 215 _e( 'Enable or disable all optional components in bulk', 'buddypress' ); 216 ?></label></td> 217 <th scope="col" id="name" class="manage-column column-title column-primary"><?php _e( 'Component', 'buddypress' ); ?></th> 218 <th scope="col" id="description" class="manage-column column-description"><?php _e( 'Description', 'buddypress' ); ?></th> 217 <label class="screen-reader-text" for="cb-select-all-1"> 218 <?php 219 /* translators: accessibility text */ 220 esc_html_e( 'Enable or disable all optional components in bulk', 'buddypress' ); 221 ?> 222 </label> 223 </td> 224 <th scope="col" id="name" class="manage-column column-title column-primary"><?php esc_html_e( 'Component', 'buddypress' ); ?></th> 225 <th scope="col" id="description" class="manage-column column-description"><?php esc_html_e( 'Description', 'buddypress' ); ?></th> 219 226 </tr> 220 227 </thead> … … 222 229 <tbody id="the-list"> 223 230 224 <?php if ( ! empty( $current_components ) ) : ?>231 <?php if ( ! empty( $current_components ) ) : ?> 225 232 226 233 <?php foreach ( $current_components as $name => $labels ) : ?> 227 234 228 <?php if ( !in_array( $name, array( 'core', 'members' ) ) ) : 235 <?php 236 if ( ! in_array( $name, array( 'core', 'members' ) ) ) { 229 237 $class = isset( $active_components[esc_attr( $name )] ) ? 'active' : 'inactive'; 230 else :238 } else { 231 239 $class = 'active'; 232 endif; ?> 240 } 241 ?> 233 242 234 243 <tr id="<?php echo esc_attr( $name ); ?>" class="<?php echo esc_attr( $name ) . ' ' . esc_attr( $class ); ?>"> 235 244 <th scope="row" class="check-column"> 236 245 237 <?php if ( !in_array( $name, array( 'core', 'members' ) ) ) : ?> 238 239 <input type="checkbox" id="<?php echo esc_attr( "bp_components[$name]" ); ?>" name="<?php echo esc_attr( "bp_components[$name]" ); ?>" value="1"<?php checked( isset( $active_components[esc_attr( $name )] ) ); ?> /><label for="<?php echo esc_attr( "bp_components[$name]" ); ?>" class="screen-reader-text"><?php 240 /* translators: accessibility text */ 241 printf( __( 'Select %s', 'buddypress' ), esc_html( $labels['title'] ) ); ?></label> 246 <?php if ( ! in_array( $name, array( 'core', 'members' ) ) ) : ?> 247 248 <input type="checkbox" id="<?php echo esc_attr( "bp_components[$name]" ); ?>" name="<?php echo esc_attr( "bp_components[$name]" ); ?>" value="1"<?php checked( isset( $active_components[esc_attr( $name )] ) ); ?> /> 249 <label for="<?php echo esc_attr( "bp_components[$name]" ); ?>" class="screen-reader-text"> 250 <?php 251 /* translators: accessibility text */ 252 printf( esc_html__( 'Select %s', 'buddypress' ), esc_html( $labels['title'] ) ); 253 ?> 254 </label> 242 255 243 256 <?php endif; ?> … … 253 266 <td class="column-description desc"> 254 267 <div class="plugin-description"> 255 <p><?php echo $labels['description']; ?></p> 268 <p> 269 <?php 270 echo wp_kses( 271 $labels['description'], 272 array( 273 'a' => array( 274 'href' => true, 275 ), 276 'del' => true, 277 'span' => array( 278 'class' => true, 279 ), 280 ) 281 ); 282 ?> 283 </p> 256 284 </div> 257 285 … … 264 292 265 293 <tr class="no-items"> 266 <td class="colspanchange" colspan="3"><?php _e( 'No components found.', 'buddypress' ); ?></td>294 <td class="colspanchange" colspan="3"><?php esc_html_e( 'No components found.', 'buddypress' ); ?></td> 267 295 </tr> 268 296 … … 274 302 <tr> 275 303 <td class="manage-column column-cb check-column"><input id="cb-select-all-2" type="checkbox" <?php checked( empty( $inactive_components ) ); ?>> 276 <label class="screen-reader-text" for="cb-select-all-2"><?php 277 /* translators: accessibility text */ 278 _e( 'Enable or disable all optional components in bulk', 'buddypress' ); 279 ?></label></td> 280 <th class="manage-column column-title column-primary"><?php _e( 'Component', 'buddypress' ); ?></th> 281 <th class="manage-column column-description"><?php _e( 'Description', 'buddypress' ); ?></th> 304 <label class="screen-reader-text" for="cb-select-all-2"> 305 <?php 306 /* translators: accessibility text */ 307 esc_html_e( 'Enable or disable all optional components in bulk', 'buddypress' ); 308 ?> 309 </label> 310 </td> 311 <th class="manage-column column-title column-primary"><?php esc_html_e( 'Component', 'buddypress' ); ?></th> 312 <th class="manage-column column-description"><?php esc_html_e( 'Description', 'buddypress' ); ?></th> 282 313 </tr> 283 314 </tfoot> -
trunk/src/bp-core/admin/bp-core-admin-functions.php
r13772 r13818 116 116 printf( 117 117 // Translators: 1: is the url to the BP Components settings screen. 2: is the url to the xProfile administration screen. 118 __( 'Components, Pages, Settings, and Forums, have been moved to <a href="%1$s">Settings > BuddyPress</a>. Profile Fields has been moved into the <a href="%2$s">Users</a> menu.', 'buddypress' ),118 esc_html__( 'Components, Pages, Settings, and Forums, have been moved to <a href="%1$s">Settings > BuddyPress</a>. Profile Fields has been moved into the <a href="%2$s">Users</a> menu.', 'buddypress' ), 119 119 esc_url( $settings_url ), 120 bp_get_admin_url( 'users.php?page=bp-profile-setup')120 esc_url( bp_get_admin_url( 'users.php?page=bp-profile-setup' ) ) 121 121 ); 122 122 ?> … … 161 161 162 162 foreach ( $notices as $notice ) { 163 printf( '<p>%s</p>', $notice['message'] ); 163 printf( 164 '<p>%s</p>', 165 wp_kses( 166 $notice['message'], 167 array( 168 'strong' => true, 169 'code' => true, 170 'a' => array( 171 'href' => true, 172 ), 173 ) 174 ) 175 ); 164 176 } 165 177 … … 423 435 <?php foreach ( $bp->admin->nav_tabs as $nav_tab ) : ?> 424 436 425 <?php echo $nav_tab; ?> 437 <?php 438 echo wp_kses( 439 $nav_tab, 440 array( 441 'a' => array( 442 'href' => true, 443 'class' => true 444 ), 445 ) 446 ); 447 ?> 426 448 427 449 <?php endforeach; ?> … … 472 494 } 473 495 496 // phpcs:ignore WordPress.Security.EscapeOutput 474 497 echo implode( "\n", $tabs_html ); 498 475 499 /** 476 500 * Fires after the output of tabs for the admin area. … … 651 675 _doing_it_wrong( 652 676 'bp_core_admin_tabs()', 653 __( 'BuddyPress Settings and Tools Screens are now using a new tabbed header. Please use `bp_core_admin_tabbed_screen_header()` instead of bp_core_admin_tabs() to output tabs.', 'buddypress' ),677 esc_html__( 'BuddyPress Settings and Tools Screens are now using a new tabbed header. Please use `bp_core_admin_tabbed_screen_header()` instead of bp_core_admin_tabs() to output tabs.', 'buddypress' ), 654 678 '10.0.0' 655 679 ); … … 1194 1218 } 1195 1219 1220 // phpcs:ignore WordPress.Security.EscapeOutput 1196 1221 echo preg_replace( '/\<div(\sclass=\".*\"\s|\s)id=\"tabs-panel-posttype-bp_nav_menu_item-search\"[^>]*>(.*?)\<\/div\>/s', $all_bp_tabs, $output ); 1197 1222 } … … 1275 1300 1276 1301 $tax_name = esc_attr( $r['taxonomy'] ); 1302 1303 // phpcs:disable WordPress.Security.EscapeOutput 1277 1304 ?> 1278 1305 <div id="taxonomy-<?php echo $tax_name; ?>" class="categorydiv"> … … 1298 1325 </div> 1299 1326 <?php 1327 // phpcs:enable 1300 1328 } 1301 1329 … … 1327 1355 <?php 1328 1356 /* translators: accessibility text */ 1329 _e( 'Plain text email content', 'buddypress' );1357 esc_html_e( 'Plain text email content', 'buddypress' ); 1330 1358 ?> 1331 </label><textarea rows="5" cols="40" name="excerpt" id="excerpt"><?php echo $post->post_excerpt; // textarea_escaped ?></textarea> 1332 1333 <p><?php _e( 'Most email clients support HTML email. However, some people prefer to receive plain text email. Enter a plain text alternative version of your email here.', 'buddypress' ); ?></p> 1359 </label> 1360 <textarea rows="5" cols="40" name="excerpt" id="excerpt"><?php 1361 // phpcs:ignore WordPress.Security.EscapeOutput 1362 echo $post->post_excerpt; ?> 1363 </textarea> 1364 1365 <p><?php esc_html_e( 'Most email clients support HTML email. However, some people prefer to receive plain text email. Enter a plain text alternative version of your email here.', 'buddypress' ); ?></p> 1334 1366 1335 1367 <?php … … 1608 1640 <a class="bp-welcome-panel-close bp-is-dismissible" href="#" data-notice_id="<?php echo esc_attr( $notification->id ); ?>" aria-label="<?php esc_attr_e( 'Dismiss the notification', 'buddypress' ); ?>"><?php esc_html_e( 'Dismiss', 'buddypress' ); ?></a> 1609 1641 <div class="bp-welcome-panel-content"> 1610 <h2><span class="bp-version"><?php echo number_format_i18n( $notification->version, 1); ?></span> <?php echo esc_html( $notification->title ); ?></h2>1642 <h2><span class="bp-version"><?php echo esc_html( number_format_i18n( $notification->version, 1 ) ); ?></span> <?php echo esc_html( $notification->title ); ?></h2> 1611 1643 <p class="about-description"> 1612 1644 <?php echo wp_kses( $notification->content, array( 'a' => array( 'href' => true ), 'br' => array(), 'strong' => array() ) ); ?> -
trunk/src/bp-core/admin/bp-core-admin-optouts.php
r13137 r13818 438 438 $last_modified = mysql2date( 'Y/m/d g:i:s a', $optout->date_modified ); 439 439 /* translators: %s: modification date */ 440 printf( esc_html__( 'Date modified: %s', 'buddypress'), $last_modified);440 printf( esc_html__( 'Date modified: %s', 'buddypress'), esc_html( $last_modified ) ); 441 441 ?> 442 442 </p> -
trunk/src/bp-core/admin/bp-core-admin-settings.php
r13633 r13818 28 28 29 29 <input id="hide-loggedout-adminbar" name="hide-loggedout-adminbar" type="checkbox" value="1" <?php checked( !bp_hide_loggedout_adminbar( false ) ); ?> /> 30 <label for="hide-loggedout-adminbar"><?php _e( 'Show the Toolbar for logged out users', 'buddypress' ); ?></label>30 <label for="hide-loggedout-adminbar"><?php esc_html_e( 'Show the Toolbar for logged out users', 'buddypress' ); ?></label> 31 31 32 32 <?php … … 109 109 } 110 110 111 // phpcs:disable WordPress.Security.EscapeOutput 111 112 if ( $options ) : ?> 112 113 <select name="_bp_theme_package_id" id="_bp_theme_package_id" aria-describedby="_bp_theme_package_description"><?php echo $options; ?></select> … … 117 118 118 119 <?php endif; 120 // phpcs:enable 119 121 } 120 122 … … 138 140 139 141 <input id="_bp_enable_akismet" name="_bp_enable_akismet" type="checkbox" value="1" <?php checked( bp_is_akismet_active( true ) ); ?> /> 140 <label for="_bp_enable_akismet"><?php _e( 'Allow Akismet to scan for activity stream spam', 'buddypress' ); ?></label>142 <label for="_bp_enable_akismet"><?php esc_html_e( 'Allow Akismet to scan for activity stream spam', 'buddypress' ); ?></label> 141 143 142 144 <?php … … 170 172 171 173 <input id="_bp_enable_heartbeat_refresh" name="_bp_enable_heartbeat_refresh" type="checkbox" value="1" <?php checked( bp_is_activity_heartbeat_active( true ) ); ?> /> 172 <label for="_bp_enable_heartbeat_refresh"><?php _e( 'Automatically check for new items while viewing the activity stream', 'buddypress' ); ?></label>174 <label for="_bp_enable_heartbeat_refresh"><?php esc_html_e( 'Automatically check for new items while viewing the activity stream', 'buddypress' ); ?></label> 173 175 174 176 <?php … … 208 210 function bp_admin_setting_callback_avatar_uploads() { 209 211 ?> 210 <input id="bp-disable-avatar-uploads" name="bp-disable-avatar-uploads" type="checkbox" value="1" <?php checked( ! bp_disable_avatar_uploads( false ) ); ?> />211 <label for="bp-disable-avatar-uploads"><?php _e( 'Allow registered members to upload avatars', 'buddypress' ); ?></label>212 <input id="bp-disable-avatar-uploads" name="bp-disable-avatar-uploads" type="checkbox" value="1" <?php checked( ! bp_disable_avatar_uploads( false ) ); ?> /> 213 <label for="bp-disable-avatar-uploads"><?php esc_html_e( 'Allow registered members to upload avatars', 'buddypress' ); ?></label> 212 214 <?php 213 215 } … … 222 224 ?> 223 225 <input id="bp-disable-cover-image-uploads" name="bp-disable-cover-image-uploads" type="checkbox" value="1" <?php checked( ! bp_disable_cover_image_uploads() ); ?> /> 224 <label for="bp-disable-cover-image-uploads"><?php _e( 'Allow registered members to upload cover images', 'buddypress' ); ?></label>226 <label for="bp-disable-cover-image-uploads"><?php esc_html_e( 'Allow registered members to upload cover images', 'buddypress' ); ?></label> 225 227 <?php 226 228 } … … 234 236 ?> 235 237 <input id="bp-enable-members-invitations" name="bp-enable-members-invitations" type="checkbox" value="1" <?php checked( bp_get_members_invitations_allowed() ); ?> /> 236 <label for="bp-enable-members-invitations"><?php _e( 'Allow registered members to invite people to join this network', 'buddypress' ); ?></label>238 <label for="bp-enable-members-invitations"><?php esc_html_e( 'Allow registered members to invite people to join this network', 'buddypress' ); ?></label> 237 239 <?php if ( ! bp_get_signup_allowed() ) : ?> 238 240 <p class="description"><?php esc_html_e( 'Public registration is currently disabled. However, invitees will still be able to register if network invitations are enabled.', 'buddypress' ); ?></p> … … 296 298 297 299 <input id="bp-disable-profile-sync" name="bp-disable-profile-sync" type="checkbox" value="1" <?php checked( !bp_disable_profile_sync( false ) ); ?> /> 298 <label for="bp-disable-profile-sync"><?php _e( 'Enable BuddyPress to WordPress profile syncing', 'buddypress' ); ?></label>300 <label for="bp-disable-profile-sync"><?php esc_html_e( 'Enable BuddyPress to WordPress profile syncing', 'buddypress' ); ?></label> 299 301 300 302 <?php … … 320 322 321 323 <input id="bp_restrict_group_creation" name="bp_restrict_group_creation" type="checkbox" aria-describedby="bp_group_creation_description" value="1" <?php checked( !bp_restrict_group_creation( false ) ); ?> /> 322 <label for="bp_restrict_group_creation"><?php _e( 'Enable group creation for all users', 'buddypress' ); ?></label>323 <p class="description" id="bp_group_creation_description"><?php _e( 'Administrators can always create groups, regardless of this setting.', 'buddypress' ); ?></p>324 <label for="bp_restrict_group_creation"><?php esc_html_e( 'Enable group creation for all users', 'buddypress' ); ?></label> 325 <p class="description" id="bp_group_creation_description"><?php esc_html_e( 'Administrators can always create groups, regardless of this setting.', 'buddypress' ); ?></p> 324 326 325 327 <?php … … 334 336 ?> 335 337 <input id="bp-disable-group-avatar-uploads" name="bp-disable-group-avatar-uploads" type="checkbox" value="1" <?php checked( ! bp_disable_group_avatar_uploads() ); ?> /> 336 <label for="bp-disable-group-avatar-uploads"><?php _e( 'Allow customizable avatars for groups', 'buddypress' ); ?></label>338 <label for="bp-disable-group-avatar-uploads"><?php esc_html_e( 'Allow customizable avatars for groups', 'buddypress' ); ?></label> 337 339 <?php 338 340 } … … 346 348 ?> 347 349 <input id="bp-disable-group-cover-image-uploads" name="bp-disable-group-cover-image-uploads" type="checkbox" value="1" <?php checked( ! bp_disable_group_cover_image_uploads() ); ?> /> 348 <label for="bp-disable-group-cover-image-uploads"><?php _e( 'Allow customizable cover images for groups', 'buddypress' ); ?></label>350 <label for="bp-disable-group-cover-image-uploads"><?php esc_html_e( 'Allow customizable cover images for groups', 'buddypress' ); ?></label> 349 351 <?php 350 352 } … … 463 465 */ 464 466 function bp_form_option( $option, $default = '' , $slug = false ) { 467 // phpcs:ignore WordPress.Security.EscapeOutput 465 468 echo bp_get_form_option( $option, $default, $slug ); 466 469 } -
trunk/src/bp-core/admin/bp-core-admin-slugs.php
r13477 r13818 12 12 defined( 'ABSPATH' ) || exit; 13 13 14 _deprecated_file( basename( __FILE__ ), '12.0.0', '', __( 'BuddyPress does not use page association anymore, you can restore it using the BP Classic plugin', 'buddypress' ) );14 _deprecated_file( basename( __FILE__ ), '12.0.0', '', esc_html__( 'BuddyPress does not use page association anymore, you can restore it using the BP Classic plugin', 'buddypress' ) ); -
trunk/src/bp-core/admin/bp-core-admin-tools.php
r13798 r13818 558 558 $message = '<div id="message" class="' . esc_attr( $class ) . ' notice is-dismissible">' . $message . '</div>'; 559 559 $message = str_replace( "'", "\'", $message ); 560 $lambda = function() use ( $message ) { echo $message; }; 560 $lambda = function() use ( $message ) { 561 echo wp_kses( 562 $message, 563 array( 564 'p' => true, 565 'ul' => true, 566 'li' => true, 567 'div' => array( 568 'id' => true, 569 'class' => true, 570 ), 571 'a' => array( 572 'href' => true, 573 ), 574 ) 575 ); 576 }; 561 577 562 578 add_action( bp_core_do_network_admin() ? 'network_admin_notices' : 'admin_notices', $lambda ); … … 723 739 } 724 740 725 echo '<div class="error"><p>' . __( 'It looks like you have more sites to record. Resume recording by checking the "Repopulate site tracking records" option.', 'buddypress' ) . '</p></div>';741 echo '<div class="error"><p>' . esc_html__( 'It looks like you have more sites to record. Resume recording by checking the "Repopulate site tracking records" option.', 'buddypress' ) . '</p></div>'; 726 742 } 727 743 add_action( 'network_admin_notices', 'bp_core_admin_notice_repopulate_blogs_resume' ); -
trunk/src/bp-core/bp-core-caps.php
r13540 r13818 483 483 */ 484 484 function bp_add_roles() { 485 _doing_it_wrong( 'bp_add_roles', __( 'Special community roles no longer exist. Use mapped capabilities instead', 'buddypress' ), '1.7' );485 _doing_it_wrong( 'bp_add_roles', esc_html__( 'Special community roles no longer exist. Use mapped capabilities instead', 'buddypress' ), '1.7' ); 486 486 } 487 487 … … 495 495 */ 496 496 function bp_remove_roles() { 497 _doing_it_wrong( 'bp_remove_roles', __( 'Special community roles no longer exist. Use mapped capabilities instead', 'buddypress' ), '1.7' );497 _doing_it_wrong( 'bp_remove_roles', esc_html__( 'Special community roles no longer exist. Use mapped capabilities instead', 'buddypress' ), '1.7' ); 498 498 } 499 499 … … 509 509 */ 510 510 function bp_get_participant_role() { 511 _doing_it_wrong( 'bp_get_participant_role', __( 'Special community roles no longer exist. Use mapped capabilities instead', 'buddypress' ), '1.7' );511 _doing_it_wrong( 'bp_get_participant_role', esc_html__( 'Special community roles no longer exist. Use mapped capabilities instead', 'buddypress' ), '1.7' ); 512 512 } 513 513 … … 519 519 */ 520 520 function bp_get_moderator_role() { 521 _doing_it_wrong( 'bp_get_moderator_role', __( 'Special community roles no longer exist. Use mapped capabilities instead', 'buddypress' ), '1.7' );522 } 521 _doing_it_wrong( 'bp_get_moderator_role', esc_html__( 'Special community roles no longer exist. Use mapped capabilities instead', 'buddypress' ), '1.7' ); 522 } -
trunk/src/bp-core/bp-core-cssjs.php
r13709 r13818 328 328 <style type="text/css"> 329 329 .jcrop-holder { float: left; margin: 0 20px 20px 0; text-align: left; } 330 #avatar-crop-pane { width: <?php echo bp_core_avatar_full_width() ?>px; height: <?php echo bp_core_avatar_full_height()?>px; overflow: hidden; }330 #avatar-crop-pane { width: <?php echo intval( bp_core_avatar_full_width() ); ?>px; height: <?php echo intval( bp_core_avatar_full_height() ); ?>px; overflow: hidden; } 331 331 #avatar-crop-submit { margin: 20px 0; } 332 332 .jcrop-holder img, … … 348 348 ?> 349 349 350 <script type="text/javascript">var ajaxurl = '<?php echo bp_core_ajax_url(); ?>';</script>350 <script type="text/javascript">var ajaxurl = '<?php echo esc_url( bp_core_ajax_url() ); ?>';</script> 351 351 352 352 <?php -
trunk/src/bp-core/bp-core-filters.php
r13687 r13818 1321 1321 // Make sure we add a <title> tag so WP Customizer picks it up. 1322 1322 $template = str_replace( '<head>', '<head><title>' . esc_html_x( 'BuddyPress Emails', 'screen heading', 'buddypress' ) . '</title>', $template ); 1323 1324 // phpcs:ignore WordPress.Security.EscapeOutput 1323 1325 echo str_replace( '{{{content}}}', wpautop( get_post()->post_content ), $template ); 1324 1326 -
trunk/src/bp-core/bp-core-functions.php
r13777 r13818 19 19 */ 20 20 function bp_version() { 21 echo bp_get_version();21 echo esc_html( bp_get_version() ); 22 22 } 23 23 /** … … 38 38 */ 39 39 function bp_db_version() { 40 echo bp_get_db_version();40 echo esc_html( bp_get_db_version() ); 41 41 } 42 42 /** … … 57 57 */ 58 58 function bp_db_version_raw() { 59 echo bp_get_db_version_raw();59 echo esc_html( bp_get_db_version_raw() ); 60 60 } 61 61 /** … … 79 79 */ 80 80 function bp_major_version( $version = '' ) { 81 echo bp_get_major_version( $version);81 echo esc_html( bp_get_major_version( $version ) ); 82 82 } 83 83 … … 113 113 */ 114 114 function bp_initial_version() { 115 echo bp_get_initial_version();115 echo esc_html( bp_get_initial_version() ); 116 116 } 117 117 … … 1571 1571 */ 1572 1572 function bp_core_iso8601_date( $timestamp = '' ) { 1573 echo bp_core_get_iso8601_date( $timestamp);1573 echo esc_attr( bp_core_get_iso8601_date( $timestamp ) ); 1574 1574 } 1575 1575 /** … … 1696 1696 <div id="message" class="bp-template-notice <?php echo esc_attr( $type ); ?>"> 1697 1697 1698 <?php echo $content; ?> 1698 <?php 1699 // Escaping is done in `bp-core/bp-core-filters.php`. 1700 // phpcs:ignore WordPress.Security.EscapeOutput 1701 echo $content; 1702 ?> 1699 1703 1700 1704 </div> … … 3165 3169 */ 3166 3170 function bp_email_post_type() { 3167 echo bp_get_email_post_type();3171 echo esc_html( bp_get_email_post_type() ); 3168 3172 } 3169 3173 /** … … 3291 3295 */ 3292 3296 function bp_email_tax_type() { 3293 echo bp_get_email_tax_type();3297 echo esc_html( bp_get_email_tax_type() ); 3294 3298 } 3295 3299 /** … … 4496 4500 esc_html( $unsub_msg ), 4497 4501 array( 4498 'link_url' => home_url(),4499 'link_text' => __( 'Go to website\'s home page.', 'buddypress' ),4502 'link_url' => esc_url( home_url() ), 4503 'link_text' => esc_html__( 'Go to website\'s home page.', 'buddypress' ), 4500 4504 ) 4501 4505 ); -
trunk/src/bp-core/bp-core-template-loader.php
r13752 r13818 415 415 // Echo or return the output buffer contents. 416 416 if ( true === $echo ) { 417 // phpcs:ignore WordPress.Security.EscapeOutput 417 418 echo $output; 418 419 } else { -
trunk/src/bp-core/bp-core-template.php
r13692 r13818 92 92 $list_type = bp_is_group() ? 'groups' : 'personal'; 93 93 94 /** 95 * Filters the "options nav", the secondary-level single item navigation menu. 96 * 97 * This is a dynamic filter that is dependent on the provided css_id value. 98 * 99 * @since 1.1.0 100 * 101 * @param string $value HTML list item for the submenu item. 102 * @param array $subnav_item Submenu array item being displayed. 103 * @param string $selected_item Current action. 104 */ 105 echo apply_filters( 'bp_get_options_nav_' . $subnav_item->css_id, '<li id="' . esc_attr( $subnav_item->css_id . '-' . $list_type . '-li' ) . '" ' . $selected . '><a id="' . esc_attr( $subnav_item->css_id ) . '" href="' . esc_url( $subnav_item->link ) . '">' . $subnav_item->name . '</a></li>', $subnav_item, $selected_item ); 94 // phpcs:ignore WordPress.Security.EscapeOutput 95 echo apply_filters( 96 /** 97 * Filters the "options nav", the secondary-level single item navigation menu. 98 * 99 * This is a dynamic filter that is dependent on the provided css_id value. 100 * 101 * @since 1.1.0 102 * 103 * @param string $value HTML list item for the submenu item. 104 * @param array $subnav_item Submenu array item being displayed. 105 * @param string $selected_item Current action. 106 */ 107 'bp_get_options_nav_' . $subnav_item->css_id, 108 '<li id="' . esc_attr( $subnav_item->css_id . '-' . $list_type . '-li' ) . '" ' . $selected . '><a id="' . esc_attr( $subnav_item->css_id ) . '" href="' . esc_url( $subnav_item->link ) . '">' . wp_kses( $subnav_item->name, array( 'span' => array( 'class' => true ) ) ) . '</a></li>', 109 $subnav_item, 110 $selected_item 111 ); 106 112 } 107 113 } … … 150 156 */ 151 157 function bp_avatar_admin_step() { 152 echo bp_get_avatar_admin_step();158 echo esc_html( bp_get_avatar_admin_step() ); 153 159 } 154 160 /** … … 182 188 */ 183 189 function bp_avatar_to_crop() { 184 echo bp_get_avatar_to_crop();190 echo esc_url( bp_get_avatar_to_crop() ); 185 191 } 186 192 /** … … 213 219 */ 214 220 function bp_avatar_to_crop_src() { 215 echo bp_get_avatar_to_crop_src();221 echo esc_attr( bp_get_avatar_to_crop_src() ); 216 222 } 217 223 /** … … 244 250 */ 245 251 function bp_site_name() { 246 echo bp_get_site_name();252 echo esc_html( bp_get_site_name() ); 247 253 } 248 254 /** … … 381 387 * @param string $youtext Context-determined string to display. 382 388 */ 383 echo apply_filters( 'bp_word_or_name', $youtext);389 echo esc_html( apply_filters( 'bp_word_or_name', $youtext ) ); 384 390 } else { 385 391 … … 394 400 395 401 /** This filter is documented in bp-core/bp-core-template.php */ 396 echo apply_filters( 'bp_word_or_name', $nametext);402 echo esc_html( apply_filters( 'bp_word_or_name', $nametext ) ); 397 403 } else { 398 404 … … 558 564 */ 559 565 function bp_search_default_text( $component = '' ) { 560 echo bp_get_search_default_text( $component);566 echo esc_attr( bp_get_search_default_text( $component ) ); 561 567 } 562 568 /** … … 614 620 */ 615 621 function bp_form_field_attributes( $name = '', $attributes = array() ) { 622 // phpcs:ignore WordPress.Security.EscapeOutput 616 623 echo bp_get_form_field_attributes( $name, $attributes ); 617 624 } … … 696 703 */ 697 704 function bp_button( $args = '' ) { 705 // Escaping is done in `BP_Core_HTML_Element()`. 706 // phpcs:ignore WordPress.Security.EscapeOutput 698 707 echo bp_get_button( $args ); 699 708 } … … 970 979 */ 971 980 function bp_total_member_count() { 972 echo bp_get_total_member_count();981 echo esc_html( bp_get_total_member_count() ); 973 982 } 974 983 /** … … 1325 1334 */ 1326 1335 function bp_root_slug( $component = '' ) { 1327 echo bp_get_root_slug( $component);1336 echo esc_url( bp_get_root_slug( $component ) ); 1328 1337 } 1329 1338 /** … … 1455 1464 */ 1456 1465 function bp_search_slug() { 1457 echo bp_get_search_slug();1466 echo esc_url( bp_get_search_slug() ); 1458 1467 } 1459 1468 /** … … 3141 3150 */ 3142 3151 function bp_the_body_class() { 3143 echo bp_get_the_body_class();3152 echo implode( ' ', array_map( 'sanitize_html_class', bp_get_the_body_class() ) ); 3144 3153 } 3145 3154 /** … … 3703 3712 3704 3713 if ( ! empty( $args->echo ) ) { 3714 // phpcs:ignore WordPress.Security.EscapeOutput 3705 3715 echo $nav_menu; 3706 3716 } else { … … 3717 3727 */ 3718 3728 function bp_email_the_salutation( $settings = array() ) { 3719 echo bp_email_get_salutation( $settings);3729 echo esc_html( bp_email_get_salutation( $settings ) ); 3720 3730 } 3721 3731 -
trunk/src/bp-core/bp-core-widgets.php
r13481 r13818 12 12 defined( 'ABSPATH' ) || exit; 13 13 14 _deprecated_file( basename( __FILE__ ), '12.0.0', '', __( 'BuddyPress does not include Legacy Widgets anymore, you can restore it using the BP Classic plugin', 'buddypress' ) );14 _deprecated_file( basename( __FILE__ ), '12.0.0', '', esc_html__( 'BuddyPress does not include Legacy Widgets anymore, you can restore it using the BP Classic plugin', 'buddypress' ) ); -
trunk/src/bp-core/classes/class-bp-admin-types.php
r13771 r13818 372 372 _doing_it_wrong( 373 373 __METHOD__, 374 __( 'Type metadata labels need to be set into the labels argument when registering your taxonomy using the meta key as the label’s key.', 'buddypress' )374 esc_html__( 'Type metadata labels need to be set into the labels argument when registering your taxonomy using the meta key as the label’s key.', 'buddypress' ) 375 375 . ' ' . 376 376 sprintf( 377 377 /* translators: %s is the name of the Type meta key */ 378 __( 'As a result, the form elements for the "%s" meta key cannot be displayed', 'buddypress' ), $meta_key),378 esc_html__( 'As a result, the form elements for the "%s" meta key cannot be displayed', 'buddypress' ), esc_html( $meta_key ) ), 379 379 '7.0.0' 380 380 ); … … 439 439 esc_attr( $meta_key ), 440 440 esc_html( $labels->{ $meta_key } ), 441 // phpcs:ignore WordPress.Security.EscapeOutput 441 442 $checked, 442 443 esc_html__( 'Yes', 'buddypress' ), -
trunk/src/bp-core/classes/class-bp-admin.php
r13789 r13818 803 803 /* translators: %s is the placeholder for the BuddyPress version number. */ 804 804 esc_html__( 'BuddyPress %s', 'buddypress' ), 805 $version805 esc_html( $version ) 806 806 ); ?> 807 807 </h1> … … 821 821 /* Translators: %s is a raising hands emoji. */ 822 822 esc_html__( 'You now have complete control over all BuddyPress-generated URLs %s', 'buddypress' ), 823 // phpcs:ignore WordPress.Security.EscapeOutput 823 824 wp_staticize_emoji( '🙌' ) 824 825 ); … … 891 892 /* Translators: %s is a woman supervillain emoji. */ 892 893 esc_html__( 'Here\'s another benefit of the BP Rewrites API: the new "members only" community visibility level %s', 'buddypress' ), 894 // phpcs:ignore WordPress.Security.EscapeOutput 893 895 wp_staticize_emoji( '🦹🏻' ) 894 896 ); … … 930 932 /* Translators: %s is a smiling face with heart-eyes emoji. */ 931 933 esc_html__( 'Many thanks to you for trusting BuddyPress to power your community site %s', 'buddypress' ), 934 // phpcs:ignore WordPress.Security.EscapeOutput 932 935 wp_staticize_emoji( '😍' ) 933 936 ); … … 943 946 <p> 944 947 <?php 945 printf( 946 /* translators: 1: heart dashicons. 2: BP Credits screen url. 3: number of BuddyPress contributors to this version. */ 947 _n( 'Built with %1$s by <a href="%2$s">%3$d volunteer</a>.', 'Built with %1$s by <a href="%2$s">%3$d volunteers</a>.', 49, 'buddypress' ), 948 '<span class="dashicons dashicons-heart"></span>', 949 esc_url( bp_get_admin_url( 'admin.php?page=bp-credits' ) ), 950 number_format_i18n( 49 ) 948 echo wp_kses( 949 sprintf( 950 /* translators: 1: heart dashicons. 2: BP Credits screen url. 3: number of BuddyPress contributors to this version. */ 951 _n( 'Built with %1$s by <a href="%2$s">%3$d volunteer</a>.', 'Built with %1$s by <a href="%2$s">%3$d volunteers</a>.', 49, 'buddypress' ), 952 '<span class="dashicons dashicons-heart"></span>', 953 esc_url( bp_get_admin_url( 'admin.php?page=bp-credits' ) ), 954 esc_html( number_format_i18n( 49 ) ) 955 ), 956 array( 957 'a' => array( 958 'href' => true, 959 ), 960 'span' => array( 961 'class' => true, 962 ) 963 ) 951 964 ); 952 965 ?> … … 1099 1112 /* translators: %s: BuddyPress version number */ 1100 1113 esc_html__( 'Noteworthy Contributors to %s', 'buddypress' ), 1101 self::display_version()1114 esc_html( self::display_version() ) 1102 1115 ); 1103 1116 ?> … … 1123 1136 /* translators: %s: BuddyPress version number */ 1124 1137 esc_html__( 'All Contributors to BuddyPress %s', 'buddypress' ), 1125 self::display_version()1138 esc_html( self::display_version() ) 1126 1139 ); 1127 1140 ?> … … 1266 1279 1267 1280 if ( is_wp_error( $terms ) || ! $terms ) { 1268 printf( '<span aria-hidden="true">—</span><span class="screen-reader-text">%s</span>', $taxonomy_object->labels->no_terms);1281 printf( '<span aria-hidden="true">—</span><span class="screen-reader-text">%s</span>', esc_html( $taxonomy_object->labels->no_terms ) ); 1269 1282 } else { 1270 1283 $situations = wp_list_pluck( $terms, 'description' ); … … 1272 1285 // Output each situation as a list item. 1273 1286 echo '<ul><li>'; 1274 echo implode( '</li><li>', $situations);1287 echo implode( '</li><li>', array_map( 'esc_html', $situations ) ); 1275 1288 echo '</li></ul>'; 1276 1289 } -
trunk/src/bp-core/classes/class-bp-button.php
r13372 r13818 332 332 _doing_it_wrong( 333 333 __CLASS__, 334 __( 'The `href` attribute is not available inside the `<button>` tag. Please use a `data-*` attribute to transport a link into this tag.', 'buddypress' ),334 esc_html__( 'The `href` attribute is not available inside the `<button>` tag. Please use a `data-*` attribute to transport a link into this tag.', 'buddypress' ), 335 335 '9.0.0' 336 336 ); … … 444 444 */ 445 445 public function display() { 446 if ( !empty( $this->contents ) ) 446 if ( ! empty( $this->contents ) ) { 447 // phpcs:ignore WordPress.Security.EscapeOutput 447 448 echo $this->contents; 449 } 448 450 } 449 451 } -
trunk/src/bp-core/classes/class-bp-core-bp-nav-backcompat.php
r13507 r13818 68 68 _doing_it_wrong( 69 69 'bp_nav', 70 __( 'The bp_nav and bp_options_nav globals should not be used directly and are deprecated. Please use the BuddyPress nav functions instead.', 'buddypress' ),70 esc_html__( 'The bp_nav and bp_options_nav globals should not be used directly and are deprecated. Please use the BuddyPress nav functions instead.', 'buddypress' ), 71 71 '2.6.0' 72 72 ); … … 87 87 _doing_it_wrong( 88 88 'bp_nav', 89 __( 'The bp_nav and bp_options_nav globals should not be used directly and are deprecated. Please use the BuddyPress nav functions instead.', 'buddypress' ),89 esc_html__( 'The bp_nav and bp_options_nav globals should not be used directly and are deprecated. Please use the BuddyPress nav functions instead.', 'buddypress' ), 90 90 '2.6.0' 91 91 ); … … 106 106 _doing_it_wrong( 107 107 'bp_nav', 108 __( 'The bp_nav and bp_options_nav globals should not be used directly and are deprecated. Please use the BuddyPress nav functions instead.', 'buddypress' ),108 esc_html__( 'The bp_nav and bp_options_nav globals should not be used directly and are deprecated. Please use the BuddyPress nav functions instead.', 'buddypress' ), 109 109 '2.6.0' 110 110 ); … … 124 124 _doing_it_wrong( 125 125 'bp_nav', 126 __( 'The bp_nav and bp_options_nav globals should not be used directly and are deprecated. Please use the BuddyPress nav functions instead.', 'buddypress' ),126 esc_html__( 'The bp_nav and bp_options_nav globals should not be used directly and are deprecated. Please use the BuddyPress nav functions instead.', 'buddypress' ), 127 127 '2.6.0' 128 128 ); -
trunk/src/bp-core/classes/class-bp-core-bp-options-nav-backcompat.php
r13507 r13818 41 41 _doing_it_wrong( 42 42 'bp_nav', 43 __( 'These globals should not be used directly and are deprecated. Please use the BuddyPress nav functions instead.', 'buddypress' ),43 esc_html__( 'These globals should not be used directly and are deprecated. Please use the BuddyPress nav functions instead.', 'buddypress' ), 44 44 '2.6.0' 45 45 ); … … 58 58 _doing_it_wrong( 59 59 'bp_nav', 60 __( 'These globals should not be used directly and are deprecated. Please use the BuddyPress nav functions instead.', 'buddypress' ),60 esc_html__( 'These globals should not be used directly and are deprecated. Please use the BuddyPress nav functions instead.', 'buddypress' ), 61 61 '2.6.0' 62 62 ); -
trunk/src/bp-core/classes/class-bp-core-login-widget.php
r13481 r13818 12 12 defined( 'ABSPATH' ) || exit; 13 13 14 _deprecated_file( basename( __FILE__ ), '12.0.0', '', __( 'BuddyPress does not include Legacy Widgets anymore, you can restore it using the BP Classic plugin', 'buddypress' ) );14 _deprecated_file( basename( __FILE__ ), '12.0.0', '', esc_html__( 'BuddyPress does not include Legacy Widgets anymore, you can restore it using the BP Classic plugin', 'buddypress' ) ); 15 15 16 16 /** -
trunk/src/bp-core/classes/class-bp-core-oembed-extension.php
r13157 r13818 494 494 if ( ! class_exists( 'SimpleXMLElement' ) ) { 495 495 status_header( 501 ); 496 die( get_status_header_desc( 501) );496 die( esc_html( get_status_header_desc( 501 ) ) ); 497 497 } 498 498 … … 509 509 } 510 510 511 // phpcs:ignore WordPress.Security.EscapeOutput 511 512 echo $result; 512 513 -
trunk/src/bp-core/classes/class-bp-optouts-list-table.php
r13469 r13818 129 129 * @since 8.0.0 130 130 * 131 * @param string $url_base Current URL base for view. 132 * @param array $active_filters Current filters being requested. 131 * @param string $url_base Current URL base for view. 133 132 */ 134 do_action( 'bp_optouts_list_table_get_views', $url_base , $this->active_filters); ?>133 do_action( 'bp_optouts_list_table_get_views', $url_base ); ?> 135 134 </ul> 136 135 <?php … … 225 224 $style = ''; 226 225 foreach ( $this->items as $optout ) { 227 $style = ( ' class="alternate"' == $style ) ? '' : ' class="alternate"'; 226 $style = 'alt' == $style ? '' : 'alt'; 227 228 // Escapes are made into `self::single_row()`. 229 // phpcs:ignore WordPress.Security.EscapeOutput 228 230 echo "\n\t" . $this->single_row( $optout, $style ); 229 231 } … … 244 246 */ 245 247 public function single_row( $optout = null, $style = '', $role = '', $numposts = 0 ) { 246 echo '<tr' . $style . ' id="optout-' . intval( $optout->id ) . '">'; 248 if ( '' === $style ) { 249 echo '<tr id="optout-' . intval( $optout->id ) . '">'; 250 } else { 251 echo '<tr class="alternate" id="optout-' . intval( $optout->id ) . '">'; 252 } 253 254 // BuddyPress relies on WordPress's `WP_Users_List_Table::single_row_columns()`. 255 // phpcs:ignore WordPress.Security.EscapeOutput 247 256 echo $this->single_row_columns( $optout ); 248 257 echo '</tr>'; … … 307 316 $actions = apply_filters( 'bp_optouts_management_row_actions', $actions, $optout ); 308 317 318 // BuddyPress relies on WordPress's `WP_Users_List_Table::row_actions()`. 319 // phpcs:ignore WordPress.Security.EscapeOutput 309 320 echo $this->row_actions( $actions ); 310 321 } … … 318 329 */ 319 330 public function column_username( $optout = null ) { 320 $avatar = get_avatar( $optout->user_id, 32 );331 $avatar = get_avatar( $optout->user_id, 32 ); 321 332 $inviter = get_user_by( 'id', $optout->user_id ); 333 322 334 if ( ! $inviter ) { 323 335 return; 324 336 } 337 325 338 $user_link = bp_members_get_user_url( $optout->user_id ); 326 echo $avatar . sprintf( '<strong><a href="%1$s" class="edit">%2$s</a></strong><br/>', esc_url( $user_link ), esc_html( $inviter->user_login ) ); 339 340 echo wp_kses( 341 $avatar, 342 array( 343 'img' => array( 344 'alt' => true, 345 'src' => true, 346 'srcset' => true, 347 'class' => true, 348 'height' => true, 349 'width' => true, 350 ) 351 ) 352 ); 353 printf( '<strong><a href="%1$s" class="edit">%2$s</a></strong><br/>', esc_url( $user_link ), esc_html( $inviter->user_login ) ); 327 354 } 328 355 … … 336 363 public function column_user_registered( $optout = null ) { 337 364 $inviter = get_user_by( 'id', $optout->user_id ); 365 338 366 if ( ! $inviter ) { 339 367 return; 340 368 } 369 341 370 echo esc_html( mysql2date( 'Y/m/d g:i:s a', $inviter->user_registered ) ); 342 371 } … … 362 391 public function column_email_type_description( $optout = null ) { 363 392 $type_term = get_term_by( 'slug', $optout->email_type, 'bp-email-type' ); 393 364 394 if ( $type_term ) { 365 395 echo esc_html( $type_term->description ); -
trunk/src/bp-loader.php
r13718 r13818 65 65 <p><strong><?php esc_html_e( 'Your site does not support BuddyPress.', 'buddypress' ); ?></strong></p> 66 66 <?php /* translators: 1: current PHP version, 2: required PHP version */ ?> 67 <p><?php printf( esc_html__( 'Your site is currently running PHP version %1$s, while BuddyPress requires version %2$s or greater.', 'buddypress' ), esc_html( phpversion() ), esc_html( BP_REQUIRED_PHP_VERSION ) ); ?> <?php printf( __( 'See <a href="%s">the Codex guide</a> for more information.', 'buddypress' ), 'https://codex.buddypress.org/getting-started/buddypress-2-8-will-require-php-5-3/' ); ?></p>67 <p><?php printf( esc_html__( 'Your site is currently running PHP version %1$s, while BuddyPress requires version %2$s or greater.', 'buddypress' ), esc_html( phpversion() ), esc_html( BP_REQUIRED_PHP_VERSION ) ); ?> <?php printf( esc_html__( 'See <a href="%s">the Codex guide</a> for more information.', 'buddypress' ), 'https://codex.buddypress.org/getting-started/buddypress-2-8-will-require-php-5-3/' ); ?></p> 68 68 <p><?php esc_html_e( 'Please update your server or deactivate BuddyPress.', 'buddypress' ); ?></p> 69 69 </div> -
trunk/src/class-buddypress.php
r13705 r13818 280 280 */ 281 281 public function __clone() { 282 _doing_it_wrong( __FUNCTION__, __( 'Cheatin’ huh?', 'buddypress' ), '1.7' );282 _doing_it_wrong( __FUNCTION__, esc_html__( 'Cheatin’ huh?', 'buddypress' ), '1.7' ); 283 283 } 284 284 … … 289 289 */ 290 290 public function __wakeup() { 291 _doing_it_wrong( __FUNCTION__, __( 'Cheatin’ huh?', 'buddypress' ), '1.7' );291 _doing_it_wrong( __FUNCTION__, esc_html__( 'Cheatin’ huh?', 'buddypress' ), '1.7' ); 292 292 } 293 293 … … 317 317 $valid_key = $key; 318 318 if ( 'root_domain' === $key ) { 319 _doing_it_wrong( 'root_domain', __( 'The root_domain BuddyPress main class property is deprecated since 12.0.0, please use the root_url property instead.', 'buddypress' ), 'BuddyPress 12.0.0' );319 _doing_it_wrong( 'root_domain', esc_html__( 'The root_domain BuddyPress main class property is deprecated since 12.0.0, please use the root_url property instead.', 'buddypress' ), 'BuddyPress 12.0.0' ); 320 320 $valid_key = 'root_url'; 321 321 } … … 335 335 $valid_key = $key; 336 336 if ( 'root_domain' === $key ) { 337 _doing_it_wrong( 'root_domain', __( 'The root_domain BuddyPress main class property is deprecated since 12.0.0, please use the root_url property instead.', 'buddypress' ), 'BuddyPress 12.0.0' );337 _doing_it_wrong( 'root_domain', esc_html__( 'The root_domain BuddyPress main class property is deprecated since 12.0.0, please use the root_url property instead.', 'buddypress' ), 'BuddyPress 12.0.0' ); 338 338 $valid_key = 'root_url'; 339 339 }
Note: See TracChangeset
for help on using the changeset viewer.