Changeset 13819 for branches/12.0/src/bp-core/bp-core-template.php

Timestamp:

04/28/2024 12:35:08 PM (12 months ago)

Author:

imath

Message:

Core: improve PHP code standards using WPCS

See #7228 (branch 12.0)

File:

• branches/12.0/src/bp-core/bp-core-template.php (modified) (16 diffs)

branches/12.0/src/bp-core/bp-core-template.php

@@ -92 +92 @@
         $list_type = bp_is_group() ? 'groups' : 'personal';
 
-        /**
-         * Filters the "options nav", the secondary-level single item navigation menu.
-         *
-         * This is a dynamic filter that is dependent on the provided css_id value.
-         *
-         * @since 1.1.0
-         *
-         * @param string $value         HTML list item for the submenu item.
-         * @param array  $subnav_item   Submenu array item being displayed.
-         * @param string $selected_item Current action.
-         */
-        echo apply_filters( 'bp_get_options_nav_' . $subnav_item->css_id, '<li id="' . esc_attr( $subnav_item->css_id . '-' . $list_type . '-li' ) . '" ' . $selected . '><a id="' . esc_attr( $subnav_item->css_id ) . '" href="' . esc_url( $subnav_item->link ) . '">' . $subnav_item->name . '</a></li>', $subnav_item, $selected_item );
+        // phpcs:ignore WordPress.Security.EscapeOutput
+        echo apply_filters(
+            /**
+             * Filters the "options nav", the secondary-level single item navigation menu.
+             *
+             * This is a dynamic filter that is dependent on the provided css_id value.
+             *
+             * @since 1.1.0
+             *
+             * @param string $value         HTML list item for the submenu item.
+             * @param array  $subnav_item   Submenu array item being displayed.
+             * @param string $selected_item Current action.
+             */
+            'bp_get_options_nav_' . $subnav_item->css_id,
+            '<li id="' . esc_attr( $subnav_item->css_id . '-' . $list_type . '-li' ) . '" ' . $selected . '><a id="' . esc_attr( $subnav_item->css_id ) . '" href="' . esc_url( $subnav_item->link ) . '">' . wp_kses( $subnav_item->name, array( 'span' => array( 'class' => true ) ) ) . '</a></li>',
+            $subnav_item,
+            $selected_item
+        );
     }
 }
@@ -150 +156 @@
  */
 function bp_avatar_admin_step() {
-    echo bp_get_avatar_admin_step();
+    echo esc_html( bp_get_avatar_admin_step() );
 }
     /**
@@ -182 +188 @@
  */
 function bp_avatar_to_crop() {
-    echo bp_get_avatar_to_crop();
+    echo esc_url( bp_get_avatar_to_crop() );
 }
     /**
@@ -213 +219 @@
  */
 function bp_avatar_to_crop_src() {
-    echo bp_get_avatar_to_crop_src();
+    echo esc_attr( bp_get_avatar_to_crop_src() );
 }
     /**
@@ -244 +250 @@
  */
 function bp_site_name() {
-    echo bp_get_site_name();
+    echo esc_html( bp_get_site_name() );
 }
     /**
@@ -381 +387 @@
              * @param string $youtext Context-determined string to display.
              */
-            echo apply_filters( 'bp_word_or_name', $youtext );
+            echo esc_html( apply_filters( 'bp_word_or_name', $youtext ) );
         } else {
 
@@ -394 +400 @@
 
             /** This filter is documented in bp-core/bp-core-template.php */
-            echo apply_filters( 'bp_word_or_name', $nametext );
+            echo esc_html( apply_filters( 'bp_word_or_name', $nametext ) );
         } else {
 
@@ -558 +564 @@
  */
 function bp_search_default_text( $component = '' ) {
-    echo bp_get_search_default_text( $component );
+    echo esc_attr( bp_get_search_default_text( $component ) );
 }
     /**
@@ -614 +620 @@
  */
 function bp_form_field_attributes( $name = '', $attributes = array() ) {
+    // phpcs:ignore WordPress.Security.EscapeOutput
     echo bp_get_form_field_attributes( $name, $attributes );
 }
@@ -696 +703 @@
  */
 function bp_button( $args = '' ) {
+    // Escaping is done in `BP_Core_HTML_Element()`.
+    // phpcs:ignore WordPress.Security.EscapeOutput
     echo bp_get_button( $args );
 }
@@ -970 +979 @@
  */
 function bp_total_member_count() {
-    echo bp_get_total_member_count();
+    echo esc_html( bp_get_total_member_count() );
 }
     /**
@@ -1325 +1334 @@
  */
 function bp_root_slug( $component = '' ) {
-    echo bp_get_root_slug( $component );
+    echo esc_url( bp_get_root_slug( $component ) );
 }
     /**
@@ -1455 +1464 @@
  */
 function bp_search_slug() {
-    echo bp_get_search_slug();
+    echo esc_url( bp_get_search_slug() );
 }
     /**
@@ -3141 +3150 @@
  */
 function bp_the_body_class() {
-    echo bp_get_the_body_class();
+    echo implode( ' ', array_map( 'sanitize_html_class', bp_get_the_body_class() ) );
 }
     /**
@@ -3703 +3712 @@
 
     if ( ! empty( $args->echo ) ) {
+        // phpcs:ignore WordPress.Security.EscapeOutput
         echo $nav_menu;
     } else {
@@ -3717 +3727 @@
  */
 function bp_email_the_salutation( $settings = array() ) {
-    echo bp_email_get_salutation( $settings );
+    echo esc_html( bp_email_get_salutation( $settings ) );
 }