Changeset 2288

Timestamp:

01/10/2010 09:55:51 PM (16 years ago)

Author:

apeatling

Message:

Fixing escaped allowed HTML in forum posts. Adding mention filters to blog comments and forum posts.

Location:

trunk

Files:

• bp-activity/bp-activity-filters.php (modified) (2 diffs)
• bp-activity/bp-activity-templatetags.php (modified) (1 diff)
• bp-forums.php (modified) (2 diffs)
• bp-forums/bp-forums-filters.php (modified) (2 diffs)
• bp-groups.php (modified) (6 diffs)

trunk/bp-activity/bp-activity-filters.php

@@ -59 +59 @@
     $activity_allowedtags['img']['class'] = array();
     $activity_allowedtags['img']['id'] = array();
+    $activity_allowedtags['code'] = array();
 
+    $activity_allowedtags = apply_filters( 'bp_activity_allowed_tags', $activity_allowedtags );
     return wp_kses( $content, $activity_allowedtags );
 }
@@ -88 +90 @@
 add_filter( 'bp_activity_new_update_content', 'bp_activity_at_name_filter' );
 add_filter( 'groups_activity_new_update_content', 'bp_activity_at_name_filter' );
-add_filter( 'bp_activity_comment_content', 'bp_activity_at_name_filter' );
-add_filter( 'bp_get_activity_feed_item_description', 'bp_activity_at_name_filter' );
+add_filter( 'pre_comment_content', 'bp_activity_at_name_filter' );
+add_filter( 'group_forum_topic_text_before_save', 'bp_activity_at_name_filter' );
+add_filter( 'group_forum_post_text_before_save', 'bp_activity_at_name_filter' );
 
 ?>

trunk/bp-activity/bp-activity-templatetags.php

@@ -351 +351 @@
 
     /* Add the permalink */
-    $meta = ' &middot; <a href="' . bp_activity_get_permalink( $activities_template->activity->id, $activities_template->activity ) . '" class="view" title="' . __( 'View Thread / Permalink', 'buddypress' ) . '">#</a>';
+    $meta = ' &middot; <a href="' . bp_activity_get_permalink( $activities_template->activity->id, $activities_template->activity ) . '" class="view" title="' . __( 'View Thread / Permalink', 'buddypress' ) . '">' . __( 'View', 'buddypress' ) . '</a>';
 
     /* Add the delete link if the user has permission on this item */

trunk/bp-forums.php

@@ -195 +195 @@
         'topic_title' => '',
         'topic_slug' => '',
+        'topic_text' => '',
         'topic_poster' => $bp->loggedin_user->id, // accepts ids
         'topic_poster_name' => $bp->loggedin_user->fullname, // accept names
@@ -243 +244 @@
 
     /* Update the first post */
-    if ( !$post = bb_insert_post( array( 'post_id' => $post->post_id, 'topic_id' => $topic_id, 'post_text' => $topic_text, 'post_time' => $post->post_time, 'poster_id' => $post->poster_id, 'poster_ip' => $post->poster_ip, 'post_status' => $post->post_status, 'post_position' => $post->post_position ) ) )
+    if ( !$post = bp_forums_insert_post( array( 'post_id' => $post->post_id, 'topic_id' => $topic_id, 'post_text' => $topic_text, 'post_time' => $post->post_time, 'poster_id' => $post->poster_id, 'poster_ip' => $post->poster_ip, 'post_status' => $post->post_status, 'post_position' => $post->post_position ) ) )
         return false;
 

trunk/bp-forums/bp-forums-filters.php

@@ -5 +5 @@
 add_filter( 'bp_forums_bbconfig_location', 'attribute_escape', 1 );
 
-add_filter( 'bp_get_the_topic_title', 'wp_filter_kses', 1 );
-add_filter( 'bp_get_the_topic_latest_post_excerpt', 'wp_filter_kses', 1 );
-add_filter( 'bp_get_the_topic_post_content', 'wp_filter_kses', 1 );
-
-add_filter( 'bp_get_the_topic_title', 'attribute_escape' );
-add_filter( 'bp_get_the_topic_post_content', 'attribute_escape' );
+add_filter( 'bp_get_the_topic_title', 'bp_forums_filter_kses', 1 );
+add_filter( 'bp_get_the_topic_latest_post_excerpt', 'bp_forums_filter_kses', 1 );
+add_filter( 'bp_get_the_topic_post_content', 'bp_forums_filter_kses', 1 );
 
 add_filter( 'bp_get_the_topic_title', 'wptexturize' );
@@ -38 +35 @@
 add_filter( 'bp_get_forum_topic_count', 'number_format' );
 
-function bp_forums_add_allowed_tags( $allowedtags ) {
-    $allowedtags['p'] = array();
-    $allowedtags['br'] = array();
+function bp_forums_filter_kses( $content ) {
+    global $allowedtags;
 
-    return $allowedtags;
+    $forums_allowedtags = $allowedtags;
+    $forums_allowedtags['span'] = array();
+    $forums_allowedtags['span']['class'] = array();
+    $forums_allowedtags['div'] = array();
+    $forums_allowedtags['div']['class'] = array();
+    $forums_allowedtags['div']['id'] = array();
+    $forums_allowedtags['a']['class'] = array();
+    $forums_allowedtags['img'] = array();
+    $forums_allowedtags['br'] = array();
+    $forums_allowedtags['p'] = array();
+    $forums_allowedtags['img']['src'] = array();
+    $forums_allowedtags['img']['alt'] = array();
+    $forums_allowedtags['img']['class'] = array();
+    $forums_allowedtags['img']['width'] = array();
+    $forums_allowedtags['img']['height'] = array();
+    $forums_allowedtags['img']['class'] = array();
+    $forums_allowedtags['img']['id'] = array();
+    $forums_allowedtags['code'] = array();
+    $forums_allowedtags['blockquote'] = array();
+
+    $forums_allowedtags = apply_filters( 'bp_forums_allowed_tags', $forums_allowedtags );
+    return wp_kses( $content, $forums_allowedtags );
 }
-add_filter( 'edit_allowedtags', 'bp_forums_add_allowed_tags' );
 
 function bp_forums_filter_tag_link( $link, $tag, $page, $context ) {

trunk/bp-groups.php

@@ -2082 +2082 @@
         return false;
 
+    $post_text = apply_filters( 'group_forum_post_text_before_save', $post_text );
+    $topic_id = apply_filters( 'group_forum_post_topic_id_before_save', $topic_id );
+
     if ( $forum_post = bp_forums_insert_post( array( 'post_text' => $post_text, 'topic_id' => $topic_id ) ) ) {
         $topic = bp_forums_get_topic_details( $topic_id );
 
         $activity_content = sprintf( __( '%s posted on the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );
-        $activity_content .= '<blockquote>' . bp_create_excerpt( attribute_escape( $post_text ) ) . '</blockquote>';
+        $activity_content .= '<blockquote>' . bp_create_excerpt( $post_text ) . '</blockquote>';
 
         /* Record this in activity streams */
@@ -2111 +2114 @@
         return false;
 
+    $topic_title = apply_filters( 'group_forum_topic_title_before_save', $topic_title );
+    $topic_text = apply_filters( 'group_forum_topic_text_before_save', $topic_text );
+    $topic_tags = apply_filters( 'group_forum_topic_tags_before_save', $topic_tags );
+    $forum_id = apply_filters( 'group_forum_topic_forum_id_before_save', $forum_id );
+
     if ( $topic_id = bp_forums_new_topic( array( 'topic_title' => $topic_title, 'topic_text' => $topic_text, 'topic_tags' => $topic_tags, 'forum_id' => $forum_id ) ) ) {
         $topic = bp_forums_get_topic_details( $topic_id );
 
         $activity_content = sprintf( __( '%s started the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );
-        $activity_content .= '<blockquote>' . bp_create_excerpt( attribute_escape( $topic_text ) ) . '</blockquote>';
+        $activity_content .= '<blockquote>' . bp_create_excerpt( $topic_text ) . '</blockquote>';
 
         /* Record this in activity streams */
@@ -2137 +2145 @@
     global $bp;
 
+    $topic_title = apply_filters( 'group_forum_topic_title_before_save', $topic_title );
+    $topic_text = apply_filters( 'group_forum_topic_text_before_save', $topic_text );
+
     if ( $topic = bp_forums_update_topic( array( 'topic_title' => $topic_title, 'topic_text' => $topic_text, 'topic_id' => $topic_id ) ) ) {
         /* Update the activity stream item */
@@ -2143 +2154 @@
 
         $activity_content = sprintf( __( '%s started the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $topic->topic_poster ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );
-        $activity_content .= '<blockquote>' . bp_create_excerpt( attribute_escape( $topic_text ) ) . '</blockquote>';
+        $activity_content .= '<blockquote>' . bp_create_excerpt( $topic_text ) . '</blockquote>';
 
         /* Record this in activity streams */
@@ -2167 +2178 @@
     global $bp;
 
+    $post_text = apply_filters( 'group_forum_post_text_before_save', $post_text );
+    $topic_id = apply_filters( 'group_forum_post_topic_id_before_save', $topic_id );
+
     $post = bp_forums_get_post( $post_id );
 
@@ -2177 +2191 @@
 
         $activity_content = sprintf( __( '%s posted on the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $post->poster_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );
-        $activity_content .= '<blockquote>' . bp_create_excerpt( attribute_escape( $post_text ) ) . '</blockquote>';
+        $activity_content .= '<blockquote>' . bp_create_excerpt( $post_text ) . '</blockquote>';
 
         /* Record this in activity streams */