Changeset 13822 for trunk/src/bp-templates/bp-legacy/buddypress-functions.php

Timestamp:

04/29/2024 06:50:42 PM (19 months ago)

Author:

imath

Message:

BP Legacy: improve PHP code standards using WPCS

See #7228 (trunk)

File:

• trunk/src/bp-templates/bp-legacy/buddypress-functions.php (modified) (31 diffs)

trunk/src/bp-templates/bp-legacy/buddypress-functions.php

@@ -512 +512 @@
         $class = did_action( 'admin_bar_menu' ) ? 'admin-bar-on' : 'admin-bar-off';
 
-        echo '<div id="sitewide-notice" class="' . $class . '">';
+        echo '<div id="sitewide-notice" class="' . esc_attr( $class ) . '">';
         bp_message_get_notices();
         echo '</div>';
@@ -985 +985 @@
     check_admin_referer( 'post_update', '_wpnonce_post_update' );
 
-    if ( ! is_user_logged_in() )
+    if ( ! is_user_logged_in() ) {
         exit( '-1' );
-
-    if ( empty( $_POST['content'] ) )
-        exit( '-1<div id="message" class="error bp-ajax-message"><p>' . __( 'Please enter some content to post.', 'buddypress' ) . '</p></div>' );
+    }
+
+    if ( empty( $_POST['content'] ) ) {
+        exit( '-1<div id="message" class="error bp-ajax-message"><p>' . esc_html__( 'Please enter some content to post.', 'buddypress' ) . '</p></div>' );
+    }
 
     $activity_id = 0;
@@ -1025 +1027 @@
 
     if ( false === $activity_id ) {
-        exit( '-1<div id="message" class="error bp-ajax-message"><p>' . __( 'There was a problem posting your update. Please try again.', 'buddypress' ) . '</p></div>' );
+        exit( '-1<div id="message" class="error bp-ajax-message"><p>' . esc_html__( 'There was a problem posting your update. Please try again.', 'buddypress' ) . '</p></div>' );
     } elseif ( is_wp_error( $activity_id ) && $activity_id->get_error_code() ) {
-        exit( '-1<div id="message" class="error bp-ajax-message"><p>' . $activity_id->get_error_message() . '</p></div>' );
+        exit( '-1<div id="message" class="error bp-ajax-message"><p>' . esc_html( $activity_id->get_error_message() ) . '</p></div>' );
     }
 
@@ -1146 +1148 @@
     check_admin_referer( 'bp_activity_delete_link' );
 
-    if ( ! is_user_logged_in() )
+    if ( ! is_user_logged_in() ) {
         exit( '-1' );
-
-    if ( empty( $_POST['id'] ) || ! is_numeric( $_POST['id'] ) )
+    }
+
+    if ( empty( $_POST['id'] ) || ! is_numeric( $_POST['id'] ) ) {
         exit( '-1' );
+    }
 
     $activity = new BP_Activity_Activity( (int) $_POST['id'] );
 
     // Check access.
-    if ( ! bp_activity_user_can_delete( $activity ) )
+    if ( ! bp_activity_user_can_delete( $activity ) ) {
         exit( '-1' );
+    }
 
     /** This action is documented in bp-activity/bp-activity-actions.php */
     do_action( 'bp_activity_before_action_delete_activity', $activity->id, $activity->user_id );
 
-    if ( ! bp_activity_delete( array( 'id' => $activity->id, 'user_id' => $activity->user_id ) ) )
-        exit( '-1<div id="message" class="error bp-ajax-message"><p>' . __( 'There was a problem when deleting. Please try again.', 'buddypress' ) . '</p></div>' );
+    if ( ! bp_activity_delete( array( 'id' => $activity->id, 'user_id' => $activity->user_id ) ) ) {
+        exit( '-1<div id="message" class="error bp-ajax-message"><p>' . esc_html__( 'There was a problem when deleting. Please try again.', 'buddypress' ) . '</p></div>' );
+    }
 
     /** This action is documented in bp-activity/bp-activity-actions.php */
@@ -1195 +1201 @@
 
     // Check access.
-    if ( ! bp_current_user_can( 'bp_moderate' ) && $comment->user_id != bp_loggedin_user_id() )
+    if ( ! bp_current_user_can( 'bp_moderate' ) && $comment->user_id != bp_loggedin_user_id() ) {
         exit( '-1' );
+    }
 
     /** This action is documented in bp-activity/bp-activity-actions.php */
     do_action( 'bp_activity_before_action_delete_activity', $_POST['id'], $comment->user_id );
 
-    if ( ! bp_activity_delete_comment( $comment->item_id, $comment->id ) )
-        exit( '-1<div id="message" class="error bp-ajax-message"><p>' . __( 'There was a problem when deleting. Please try again.', 'buddypress' ) . '</p></div>' );
+    if ( ! bp_activity_delete_comment( $comment->item_id, $comment->id ) ) {
+        exit( '-1<div id="message" class="error bp-ajax-message"><p>' . esc_html__( 'There was a problem when deleting. Please try again.', 'buddypress' ) . '</p></div>' );
+    }
 
     /** This action is documented in bp-activity/bp-activity-actions.php */
@@ -1224 +1232 @@
 
     // Check that user is logged in, Activity Streams are enabled, and Akismet is present.
-    if ( ! is_user_logged_in() || ! bp_is_active( 'activity' ) || empty( $bp->activity->akismet ) )
+    if ( ! is_user_logged_in() || ! bp_is_active( 'activity' ) || empty( $bp->activity->akismet ) ) {
         exit( '-1' );
+    }
 
     // Check an item ID was passed.
-    if ( empty( $_POST['id'] ) || ! is_numeric( $_POST['id'] ) )
+    if ( empty( $_POST['id'] ) || ! is_numeric( $_POST['id'] ) ) {
         exit( '-1' );
+    }
 
     // Is the current user allowed to spam items?
-    if ( ! bp_activity_user_can_mark_spam() )
+    if ( ! bp_activity_user_can_mark_spam() ) {
         exit( '-1' );
+    }
 
     // Load up the activity item.
     $activity = new BP_Activity_Activity( (int) $_POST['id'] );
-    if ( empty( $activity->component ) )
+    if ( empty( $activity->component ) ) {
         exit( '-1' );
+    }
 
     // Check nonce.
@@ -1346 +1358 @@
     $activity = ! empty( $activity_array['activities'][0] ) ? $activity_array['activities'][0] : false;
 
-    if ( empty( $activity ) )
+    if ( empty( $activity ) ) {
         exit; // @todo: error?
+    }
 
     /**
@@ -1364 +1377 @@
     $content = apply_filters_ref_array( 'bp_get_activity_content_body', array( $activity->content, &$activity ) );
 
+    // phpcs:ignore WordPress.Security.EscapeOutput
     exit( $content );
 }
@@ -1381 +1395 @@
     check_ajax_referer( 'groups_invite_uninvite_user' );
 
-    if ( ! $_POST['friend_id'] || ! $_POST['friend_action'] || ! $_POST['group_id'] )
-        return;
-
-    if ( ! bp_groups_user_can_send_invites( $_POST['group_id'] ) )
-        return;
+    if ( ! $_POST['friend_id'] || ! $_POST['friend_action'] || ! $_POST['group_id'] ) {
+        return;
+    }
+
+    if ( ! bp_groups_user_can_send_invites( $_POST['group_id'] ) ) {
+        return;
+    }
 
     $group_id = (int) $_POST['group_id'];
@@ -1424 +1440 @@
         }
 
+        // phpcs:disable WordPress.Security.EscapeOutput
         echo '<li id="uid-' . esc_attr( $user->id ) . '">';
         echo $user->avatar_thumb;
@@ -1429 +1446 @@
         echo '<span class="activity">' . esc_attr( $user->last_active ) . '</span>';
         echo '<div class="action">
-                <a class="button remove" href="' . wp_nonce_url( $uninvite_url, 'groups_invite_uninvite_user' ) . '" id="uid-' . esc_attr( $user->id ) . '">' . __( 'Remove Invite', 'buddypress' ) . '</a>
+                <a class="button remove" href="' . esc_url( wp_nonce_url( $uninvite_url, 'groups_invite_uninvite_user' ) ) . '" id="uid-' . esc_attr( $user->id ) . '">' . esc_html__( 'Remove Invite', 'buddypress' ) . '</a>
               </div>';
 
         if ( 'is_pending' == $user_status ) {
             /* translators: %s: user link */
-            echo '<p class="description">' . sprintf( __( '%s has previously requested to join this group. Sending an invitation will automatically add the member to the group.', 'buddypress' ), $user->user_link ) . '</p>';
+            echo '<p class="description">' . sprintf( esc_html__( '%s has previously requested to join this group. Sending an invitation will automatically add the member to the group.', 'buddypress' ), $user->user_link ) . '</p>';
         }
 
         echo '</li>';
+        // phpcs:enable
         exit;
 
@@ -1476 +1494 @@
     $user = get_user_by( 'id', $friend_id );
     if ( ! $user ) {
-        die( __( 'No member found by that ID.', 'buddypress' ) );
+        die( esc_html__( 'No member found by that ID.', 'buddypress' ) );
     }
 
@@ -1484 +1502 @@
 
         if ( ! friends_remove_friend( bp_loggedin_user_id(), $friend_id ) ) {
-            echo __( 'Friendship could not be canceled.', 'buddypress' );
+            esc_html_e( 'Friendship could not be canceled.', 'buddypress' );
         } else {
             $url = bp_loggedin_user_url( bp_members_get_path_chunks( array( bp_get_friends_slug(), 'add-friend', array( $friend_id ) ) ) );
-            echo '<a id="friend-' . esc_attr( $friend_id ) . '" class="friendship-button not_friends add" rel="add" href="' . wp_nonce_url( $url, 'friends_add_friend' ) . '">' . __( 'Add Friend', 'buddypress' ) . '</a>';
+            echo '<a id="friend-' . esc_attr( $friend_id ) . '" class="friendship-button not_friends add" rel="add" href="' . esc_url( wp_nonce_url( $url, 'friends_add_friend' ) ) . '">' . esc_html__( 'Add Friend', 'buddypress' ) . '</a>';
         }
 
@@ -1495 +1513 @@
 
         if ( ! friends_add_friend( bp_loggedin_user_id(), $friend_id ) ) {
-            echo __(' Friendship could not be requested.', 'buddypress' );
+            esc_html_e(' Friendship could not be requested.', 'buddypress' );
         } else {
             $url = bp_loggedin_user_url( bp_members_get_path_chunks( array( bp_get_friends_slug(), 'requests', array( 'cancel', $friend_id ) ) ) );
-            echo '<a id="friend-' . esc_attr( $friend_id ) . '" class="remove friendship-button pending_friend requested" rel="remove" href="' . wp_nonce_url( $url, 'friends_withdraw_friendship' ) . '" class="requested">' . __( 'Cancel Friendship Request', 'buddypress' ) . '</a>';
+            echo '<a id="friend-' . esc_attr( $friend_id ) . '" class="remove friendship-button pending_friend requested" rel="remove" href="' . esc_url( wp_nonce_url( $url, 'friends_withdraw_friendship' ) ) . '" class="requested">' . esc_html__( 'Cancel Friendship Request', 'buddypress' ) . '</a>';
         }
 
@@ -1507 +1525 @@
         if ( friends_withdraw_friendship( bp_loggedin_user_id(), $friend_id ) ) {
             $url = bp_loggedin_user_url( bp_members_get_path_chunks( array( bp_get_friends_slug(), 'add-friend', array( $friend_id ) ) ) );
-            echo '<a id="friend-' . esc_attr( $friend_id ) . '" class="friendship-button not_friends add" rel="add" href="' . wp_nonce_url( $url, 'friends_add_friend' ) . '">' . __( 'Add Friend', 'buddypress' ) . '</a>';
+            echo '<a id="friend-' . esc_attr( $friend_id ) . '" class="friendship-button not_friends add" rel="add" href="' . esc_url( wp_nonce_url( $url, 'friends_add_friend' ) ) . '">' . esc_html__( 'Add Friend', 'buddypress' ) . '</a>';
         } else {
-            echo __("Friendship request could not be cancelled.", 'buddypress');
+            esc_html_e("Friendship request could not be cancelled.", 'buddypress');
         }
 
     // Request already pending.
     } else {
-        echo __( 'Request Pending', 'buddypress' );
+        esc_html_e( 'Request Pending', 'buddypress' );
     }
 
@@ -1535 +1553 @@
 
     if ( ! friends_accept_friendship( (int) $_POST['id'] ) )
-        echo "-1<div id='message' class='error'><p>" . __( 'There was a problem accepting that request. Please try again.', 'buddypress' ) . '</p></div>';
+        echo "-1<div id='message' class='error'><p>" . esc_html__( 'There was a problem accepting that request. Please try again.', 'buddypress' ) . '</p></div>';
 
     exit;
@@ -1555 +1573 @@
 
     if ( ! friends_reject_friendship( (int) $_POST['id'] ) )
-        echo "-1<div id='message' class='error'><p>" . __( 'There was a problem rejecting that request. Please try again.', 'buddypress' ) . '</p></div>';
+        echo "-1<div id='message' class='error'><p>" . esc_html__( 'There was a problem rejecting that request. Please try again.', 'buddypress' ) . '</p></div>';
 
     exit;
@@ -1610 +1628 @@
 
             if ( ! groups_join_group( $group->id ) ) {
-                _e( 'Error joining group', 'buddypress' );
+                esc_html_e( 'Error joining group', 'buddypress' );
             } else {
                 $leave_url = wp_nonce_url(
@@ -1619 +1637 @@
                     'groups_leave_group'
                 );
-                echo '<a id="group-' . esc_attr( $group->id ) . '" class="group-button leave-group" rel="leave" href="' . esc_url( $leave_url ) . '">' . __( 'Leave Group', 'buddypress' ) . '</a>';
+                echo '<a id="group-' . esc_attr( $group->id ) . '" class="group-button leave-group" rel="leave" href="' . esc_url( $leave_url ) . '">' . esc_html__( 'Leave Group', 'buddypress' ) . '</a>';
             }
         break;
@@ -1631 +1649 @@
 
             if ( ! groups_accept_invite( bp_loggedin_user_id(), $group->id ) ) {
-                _e( 'Error requesting membership', 'buddypress' );
+                esc_html_e( 'Error requesting membership', 'buddypress' );
             } else {
                 $leave_url = wp_nonce_url(
@@ -1640 +1658 @@
                     'groups_leave_group'
                 );
-                echo '<a id="group-' . esc_attr( $group->id ) . '" class="group-button leave-group" rel="leave" href="' . esc_url( $leave_url ) . '">' . __( 'Leave Group', 'buddypress' ) . '</a>';
+                echo '<a id="group-' . esc_attr( $group->id ) . '" class="group-button leave-group" rel="leave" href="' . esc_url( $leave_url ) . '">' . esc_html__( 'Leave Group', 'buddypress' ) . '</a>';
             }
         break;
@@ -1648 +1666 @@
 
             if ( ! groups_send_membership_request( [ 'user_id' => bp_loggedin_user_id(), 'group_id' => $group->id ] ) ) {
-                _e( 'Error requesting membership', 'buddypress' );
+                esc_html_e( 'Error requesting membership', 'buddypress' );
             } else {
-                echo '<a id="group-' . esc_attr( $group->id ) . '" class="group-button disabled pending membership-requested" rel="membership-requested" href="' . esc_url( bp_get_group_url( $group ) ) . '">' . __( 'Request Sent', 'buddypress' ) . '</a>';
+                echo '<a id="group-' . esc_attr( $group->id ) . '" class="group-button disabled pending membership-requested" rel="membership-requested" href="' . esc_url( bp_get_group_url( $group ) ) . '">' . esc_html__( 'Request Sent', 'buddypress' ) . '</a>';
             }
         break;
@@ -1658 +1676 @@
 
             if ( ! groups_leave_group( $group->id ) ) {
-                _e( 'Error leaving group', 'buddypress' );
+                esc_html_e( 'Error leaving group', 'buddypress' );
             } elseif ( 'public' === $group->status ) {
                 $join_url = wp_nonce_url(
@@ -1667 +1685 @@
                     'groups_join_group'
                 );
-                echo '<a id="group-' . esc_attr( $group->id ) . '" class="group-button join-group" rel="join" href="' . esc_url( $join_url ) . '">' . __( 'Join Group', 'buddypress' ) . '</a>';
+                echo '<a id="group-' . esc_attr( $group->id ) . '" class="group-button join-group" rel="join" href="' . esc_url( $join_url ) . '">' . esc_html__( 'Join Group', 'buddypress' ) . '</a>';
             } else {
                 $request_url = wp_nonce_url(
@@ -1676 +1694 @@
                     'groups_request_membership'
                 );
-                echo '<a id="group-' . esc_attr( $group->id ) . '" class="group-button request-membership" rel="join" href="' . esc_url( $request_url ) . '">' . __( 'Request Membership', 'buddypress' ) . '</a>';
+                echo '<a id="group-' . esc_attr( $group->id ) . '" class="group-button request-membership" rel="join" href="' . esc_url( $request_url ) . '">' . esc_html__( 'Request Membership', 'buddypress' ) . '</a>';
             }
         break;
@@ -1699 +1717 @@
 
     if ( ! $nonce_check || ! isset( $_POST['notice_id'] ) ) {
-        echo "-1<div id='message' class='error'><p>" . __( 'There was a problem closing the notice.', 'buddypress' ) . '</p></div>';
+        echo "-1<div id='message' class='error'><p>" . esc_html__( 'There was a problem closing the notice.', 'buddypress' ) . '</p></div>';
 
     } else {
@@ -1726 +1744 @@
     // Cannot respond to a thread you're not already a recipient on.
     if ( ! bp_current_user_can( 'bp_moderate' ) && ( ! messages_is_valid_thread( $thread_id ) || ! messages_check_thread_access( $thread_id ) ) ) {
-        echo "-1<div id='message' class='error'><p>" . __( 'There was a problem sending that reply. Please try again.', 'buddypress' ) . '</p></div>';
+        echo "-1<div id='message' class='error'><p>" . esc_html__( 'There was a problem sending that reply. Please try again.', 'buddypress' ) . '</p></div>';
         die;
     }
@@ -1732 +1750 @@
     $result = messages_new_message( array( 'thread_id' => $thread_id, 'content' => $_REQUEST['content'] ) );
 
-    if ( !empty( $result ) ) {
+    if ( ! empty( $result ) ) {
 
         // Pretend we're in the message loop.
@@ -1766 +1784 @@
 
     } else {
-        echo "-1<div id='message' class='error'><p>" . __( 'There was a problem sending that reply. Please try again.', 'buddypress' ) . '</p></div>';
+        echo "-1<div id='message' class='error'><p>" . esc_html__( 'There was a problem sending that reply. Please try again.', 'buddypress' ) . '</p></div>';
     }
 
@@ -2097 +2115 @@
     if ( $message ) {
         // Surround the message with `<p>` tags.
-        echo wpautop( $message );
+        $message = wpautop( $message );
+
+        echo wp_kses(
+            $message,
+            array(
+                'p' => true,
+                'a' => array(
+                    'href' => true,
+                ),
+            )
+        );
     }
 }
@@ -2114 +2142 @@
     if ( $message ) {
         // Surround the message with `<p>` tags.
-        echo wpautop( $message );
+        $message = wpautop( $message );
+
+        echo wp_kses(
+            $message,
+            array(
+                'p' => true,
+                'a' => array(
+                    'href' => true,
+                ),
+            )
+        );
     }
 }