Changeset 13818 for trunk/src/bp-core/admin/bp-core-admin-functions.php

Timestamp:

04/28/2024 12:23:47 PM (2 years ago)

Author:

imath

Message:

Core: improve PHP code standards using WPCS

See #7228 (trunk)

File:

• trunk/src/bp-core/admin/bp-core-admin-functions.php (modified) (10 diffs)

trunk/src/bp-core/admin/bp-core-admin-functions.php

@@ -116 +116 @@
             printf(
                 // Translators: 1: is the url to the BP Components settings screen. 2: is the url to the xProfile administration screen.
-                __( 'Components, Pages, Settings, and Forums, have been moved to <a href="%1$s">Settings &gt; BuddyPress</a>. Profile Fields has been moved into the <a href="%2$s">Users</a> menu.', 'buddypress' ),
+                esc_html__( 'Components, Pages, Settings, and Forums, have been moved to <a href="%1$s">Settings &gt; BuddyPress</a>. Profile Fields has been moved into the <a href="%2$s">Users</a> menu.', 'buddypress' ),
                 esc_url( $settings_url ),
-                bp_get_admin_url( 'users.php?page=bp-profile-setup' )
+                esc_url( bp_get_admin_url( 'users.php?page=bp-profile-setup' ) )
             );
             ?>
@@ -161 +161 @@
 
         foreach ( $notices as $notice ) {
-            printf( '<p>%s</p>', $notice['message'] );
+            printf(
+                '<p>%s</p>',
+                wp_kses(
+                    $notice['message'],
+                    array(
+                        'strong' => true,
+                        'code'   => true,
+                        'a'      => array(
+                            'href' => true,
+                        ),
+                    )
+                )
+            );
         }
 
@@ -423 +435 @@
                 <?php foreach ( $bp->admin->nav_tabs as $nav_tab ) : ?>
 
-                    <?php echo $nav_tab; ?>
+                    <?php
+                        echo wp_kses(
+                            $nav_tab,
+                            array(
+                                'a' => array(
+                                    'href'  => true,
+                                    'class' => true
+                                ),
+                            )
+                        );
+                    ?>
 
                 <?php endforeach; ?>
@@ -472 +494 @@
     }
 
+    // phpcs:ignore WordPress.Security.EscapeOutput
     echo implode( "\n", $tabs_html );
+
     /**
      * Fires after the output of tabs for the admin area.
@@ -651 +675 @@
         _doing_it_wrong(
             'bp_core_admin_tabs()',
-            __( 'BuddyPress Settings and Tools Screens are now using a new tabbed header. Please use `bp_core_admin_tabbed_screen_header()` instead of bp_core_admin_tabs() to output tabs.', 'buddypress' ),
+            esc_html__( 'BuddyPress Settings and Tools Screens are now using a new tabbed header. Please use `bp_core_admin_tabbed_screen_header()` instead of bp_core_admin_tabs() to output tabs.', 'buddypress' ),
             '10.0.0'
         );
@@ -1194 +1218 @@
     }
 
+    // phpcs:ignore WordPress.Security.EscapeOutput
     echo preg_replace( '/\<div(\sclass=\".*\"\s|\s)id=\"tabs-panel-posttype-bp_nav_menu_item-search\"[^>]*>(.*?)\<\/div\>/s', $all_bp_tabs, $output );
 }
@@ -1275 +1300 @@
 
     $tax_name = esc_attr( $r['taxonomy'] );
+
+    // phpcs:disable WordPress.Security.EscapeOutput
     ?>
     <div id="taxonomy-<?php echo $tax_name; ?>" class="categorydiv">
@@ -1298 +1325 @@
     </div>
     <?php
+    // phpcs:enable
 }
 
@@ -1327 +1355 @@
     <?php
         /* translators: accessibility text */
-        _e( 'Plain text email content', 'buddypress' );
+        esc_html_e( 'Plain text email content', 'buddypress' );
     ?>
-    </label><textarea rows="5" cols="40" name="excerpt" id="excerpt"><?php echo $post->post_excerpt; // textarea_escaped ?></textarea>
-
-    <p><?php _e( 'Most email clients support HTML email. However, some people prefer to receive plain text email. Enter a plain text alternative version of your email here.', 'buddypress' ); ?></p>
+    </label>
+        <textarea rows="5" cols="40" name="excerpt" id="excerpt"><?php
+            // phpcs:ignore WordPress.Security.EscapeOutput
+            echo $post->post_excerpt; ?>
+        </textarea>
+
+    <p><?php esc_html_e( 'Most email clients support HTML email. However, some people prefer to receive plain text email. Enter a plain text alternative version of your email here.', 'buddypress' ); ?></p>
 
     <?php
@@ -1608 +1640 @@
         <a class="bp-welcome-panel-close bp-is-dismissible" href="#" data-notice_id="<?php echo esc_attr( $notification->id ); ?>" aria-label="<?php esc_attr_e( 'Dismiss the notification', 'buddypress' ); ?>"><?php esc_html_e( 'Dismiss', 'buddypress' ); ?></a>
         <div class="bp-welcome-panel-content">
-            <h2><span class="bp-version"><?php echo number_format_i18n( $notification->version, 1 ); ?></span> <?php echo esc_html( $notification->title ); ?></h2>
+            <h2><span class="bp-version"><?php echo esc_html( number_format_i18n( $notification->version, 1 ) ); ?></span> <?php echo esc_html( $notification->title ); ?></h2>
             <p class="about-description">
                 <?php echo wp_kses( $notification->content, array( 'a' => array( 'href' => true ), 'br' => array(), 'strong' => array() ) ); ?>