Skip to:
Content

BuddyPress.org

Changeset 3143


Ignore:
Timestamp:
07/22/2010 10:51:24 AM (14 years ago)
Author:
johnjamesjacoby
Message:

Fixes #2525. Props cnorris23

Location:
branches/1.2
Files:
22 edited

Legend:

Unmodified
Added
Removed
  • branches/1.2/bp-activity/bp-activity-templatetags.php

    r3076 r3143  
    768768                unset($selected);
    769769
    770             $component = attribute_escape( $component );
     770            $component = esc_attr( $component );
    771771
    772772            switch ( $style ) {
     
    796796            $translatable_components = array( __( 'profile', 'buddypress'), __( 'friends', 'buddypress' ), __( 'groups', 'buddypress' ), __( 'status', 'buddypress' ), __( 'blogs', 'buddypress' ) );
    797797
    798             $component_links[] = $before . '<a href="' . attribute_escape( $link ) . '">' . ucwords( __( $component, 'buddypress' ) ) . '</a>' . $after;
     798            $component_links[] = $before . '<a href="' . esc_attr( $link ) . '">' . ucwords( __( $component, 'buddypress' ) ) . '</a>' . $after;
    799799        }
    800800
     
    802802
    803803        if ( isset( $_GET['afilter'] ) )
    804             $component_links[] = '<' . $tag . ' id="afilter-clear"><a href="' . attribute_escape( $link ) . '"">' . __( 'Clear Filter', 'buddypress' ) . '</a></' . $tag . '>';
     804            $component_links[] = '<' . $tag . ' id="afilter-clear"><a href="' . esc_attr( $link ) . '"">' . __( 'Clear Filter', 'buddypress' ) . '</a></' . $tag . '>';
    805805
    806806        return apply_filters( 'bp_get_activity_filter_links', implode( "\n", $component_links ) );
  • branches/1.2/bp-blogs.php

    r3142 r3143  
    346346        bp_blogs_record_activity( array(
    347347            'user_id' => $recorded_blog->user_id,
    348             'action' => apply_filters( 'bp_blogs_activity_created_blog_action', sprintf( __( '%s created the blog %s', 'buddypress'), bp_core_get_userlink( $recorded_blog->user_id ), '<a href="' . get_blog_option( $recorded_blog->blog_id, 'siteurl' ) . '">' . attribute_escape( $name ) . '</a>' ), &$recorded_blog, $name, $description ),
     348            'action' => apply_filters( 'bp_blogs_activity_created_blog_action', sprintf( __( '%s created the blog %s', 'buddypress'), bp_core_get_userlink( $recorded_blog->user_id ), '<a href="' . get_blog_option( $recorded_blog->blog_id, 'siteurl' ) . '">' . esc_attr( $name ) . '</a>' ), &$recorded_blog, $name, $description ),
    349349            'primary_link' => apply_filters( 'bp_blogs_activity_created_blog_primary_link', get_blog_option( $recorded_blog->blog_id, 'siteurl' ), $recorded_blog->blog_id ),
    350350            'type' => 'new_blog',
  • branches/1.2/bp-blogs/bp-blogs-templatetags.php

    r3117 r3143  
    268268function bp_blog_hidden_fields() {
    269269    if ( isset( $_REQUEST['s'] ) ) {
    270         echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['s'] ). '" name="search_terms" />';
     270        echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['s'] ). '" name="search_terms" />';
    271271    }
    272272
    273273    if ( isset( $_REQUEST['letter'] ) ) {
    274         echo '<input type="hidden" id="selected_letter" value="' . attribute_escape( $_REQUEST['letter'] ) . '" name="selected_letter" />';
     274        echo '<input type="hidden" id="selected_letter" value="' . esc_attr( $_REQUEST['letter'] ) . '" name="selected_letter" />';
    275275    }
    276276
    277277    if ( isset( $_REQUEST['blogs_search'] ) ) {
    278         echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['blogs_search'] ) . '" name="search_terms" />';
     278        echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['blogs_search'] ) . '" name="search_terms" />';
    279279    }
    280280}
  • branches/1.2/bp-blogs/bp-blogs-widgets.php

    r3074 r3143  
    7878        ?>
    7979
    80         <p><label for="bp-blogs-widget-posts-max"><?php _e('Max posts to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_posts' ); ?>" name="<?php echo $this->get_field_name( 'max_posts' ); ?>" type="text" value="<?php echo attribute_escape( $max_posts ); ?>" style="width: 30%" /></label></p>
     80        <p><label for="bp-blogs-widget-posts-max"><?php _e('Max posts to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_posts' ); ?>" name="<?php echo $this->get_field_name( 'max_posts' ); ?>" type="text" value="<?php echo esc_attr( $max_posts ); ?>" style="width: 30%" /></label></p>
    8181    <?php
    8282    }
  • branches/1.2/bp-core.php

    r3142 r3143  
    13751375    ?>
    13761376        <div id="message" class="<?php echo $type; ?>">
    1377             <p><?php echo stripslashes( attribute_escape( $bp->template_message ) ); ?></p>
     1377            <p><?php echo stripslashes( esc_attr( $bp->template_message ) ); ?></p>
    13781378        </div>
    13791379    <?php
  • branches/1.2/bp-core/bp-core-classes.php

    r3142 r3143  
    6161        if ( $this->profile_data ) {
    6262            $this->user_url = bp_core_get_user_domain( $this->id, $this->profile_data['user_nicename'], $this->profile_data['user_login'] );
    63             $this->fullname = attribute_escape( $this->profile_data[BP_XPROFILE_FULLNAME_FIELD_NAME]['field_data'] );
     63            $this->fullname = esc_attr( $this->profile_data[BP_XPROFILE_FULLNAME_FIELD_NAME]['field_data'] );
    6464            $this->user_link = "<a href='{$this->user_url}' title='{$this->fullname}'>{$this->fullname}</a>";
    65             $this->email = attribute_escape( $this->profile_data['user_email'] );
     65            $this->email = esc_attr( $this->profile_data['user_email'] );
    6666        } else {
    6767            $this->user_url = bp_core_get_user_domain( $this->id );
    6868            $this->user_link = bp_core_get_userlink( $this->id );
    69             $this->fullname = attribute_escape( bp_core_get_user_displayname( $this->id ) );
    70             $this->email = attribute_escape( bp_core_get_user_email( $this->id ) );
     69            $this->fullname = esc_attr( bp_core_get_user_displayname( $this->id ) );
     70            $this->email = esc_attr( bp_core_get_user_email( $this->id ) );
    7171        }
    7272
  • branches/1.2/bp-core/bp-core-settings.php

    r3001 r3143  
    8888    <form action="<?php echo $bp->loggedin_user->domain . BP_SETTINGS_SLUG . '/general' ?>" method="post" class="standard-form" id="settings-form">
    8989        <label for="email"><?php _e( 'Account Email', 'buddypress' ) ?></label>
    90         <input type="text" name="email" id="email" value="<?php echo attribute_escape( $current_user->user_email ); ?>" class="settings-input" />
     90        <input type="text" name="email" id="email" value="<?php echo esc_attr( $current_user->user_email ); ?>" class="settings-input" />
    9191
    9292        <label for="pass1"><?php _e( 'Change Password <span>(leave blank for no change)</span>', 'buddypress' ) ?></label>
  • branches/1.2/bp-core/bp-core-templatetags.php

    r3142 r3143  
    413413        global $members_template;
    414414
    415         $registered = attribute_escape( bp_core_get_last_activity( $members_template->member->user_registered, __( 'registered %s ago', 'buddypress' ) ) );
     415        $registered = esc_attr( bp_core_get_last_activity( $members_template->member->user_registered, __( 'registered %s ago', 'buddypress' ) ) );
    416416
    417417        return apply_filters( 'bp_member_last_active', $registered );
     
    457457function bp_member_hidden_fields() {
    458458    if ( isset( $_REQUEST['s'] ) ) {
    459         echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['s'] ) . '" name="search_terms" />';
     459        echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['s'] ) . '" name="search_terms" />';
    460460    }
    461461
    462462    if ( isset( $_REQUEST['letter'] ) ) {
    463         echo '<input type="hidden" id="selected_letter" value="' . attribute_escape( $_REQUEST['letter'] ) . '" name="selected_letter" />';
     463        echo '<input type="hidden" id="selected_letter" value="' . esc_attr( $_REQUEST['letter'] ) . '" name="selected_letter" />';
    464464    }
    465465
    466466    if ( isset( $_REQUEST['members_search'] ) ) {
    467         echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['members_search'] ) . '" name="search_terms" />';
     467        echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['members_search'] ) . '" name="search_terms" />';
    468468    }
    469469}
     
    478478    ?>
    479479    <form action="" method="get" id="search-members-form">
    480         <label><input type="text" name="s" id="members_search" value="<?php echo attribute_escape( $search_value ) ?>"  onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
     480        <label><input type="text" name="s" id="members_search" value="<?php echo esc_attr( $search_value ) ?>"  onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
    481481        <input type="submit" id="members_search_submit" name="members_search_submit" value="<?php _e( 'Search', 'buddypress' ) ?>" />
    482482    </form>
     
    626626        $bp->bp_options_title = __( 'Options', 'buddypress' );
    627627
    628     echo apply_filters( 'bp_get_options_title', attribute_escape( $bp->bp_options_title ) );
     628    echo apply_filters( 'bp_get_options_title', esc_attr( $bp->bp_options_title ) );
    629629}
    630630
  • branches/1.2/bp-core/bp-core-widgets.php

    r2794 r3143  
    5353            </ul>
    5454            <?php wp_nonce_field( 'bp_core_widget_members', '_wpnonce-members' ); ?>
    55             <input type="hidden" name="members_widget_max" id="members_widget_max" value="<?php echo attribute_escape( $instance['max_members'] ); ?>" />
     55            <input type="hidden" name="members_widget_max" id="members_widget_max" value="<?php echo esc_attr( $instance['max_members'] ); ?>" />
    5656
    5757        <?php else: ?>
     
    7979        ?>
    8080
    81         <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo attribute_escape( $max_members ); ?>" style="width: 30%" /></label></p>
     81        <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" /></label></p>
    8282    <?php
    8383    }
     
    133133        ?>
    134134
    135         <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo attribute_escape( $max_members ); ?>" style="width: 30%" /></label></p>
     135        <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" /></label></p>
    136136    <?php
    137137    }
     
    187187        ?>
    188188
    189         <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo attribute_escape( $max_members ); ?>" style="width: 30%" /></label></p>
     189        <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" /></label></p>
    190190    <?php
    191191    }
  • branches/1.2/bp-forums/bp-forums-filters.php

    r3072 r3143  
    33/* Apply WordPress defined filters */
    44add_filter( 'bp_forums_bbconfig_location', 'wp_filter_kses', 1 );
    5 add_filter( 'bp_forums_bbconfig_location', 'attribute_escape', 1 );
     5add_filter( 'bp_forums_bbconfig_location', 'esc_attr', 1 );
    66
    77add_filter( 'bp_get_the_topic_title', 'wp_filter_kses', 1 );
  • branches/1.2/bp-forums/bp-forums-templatetags.php

    r3106 r3143  
    257257
    258258        $post = bb_get_first_post( (int)$forum_template->topic->topic_id, false );
    259         return apply_filters( 'bp_get_the_topic_text', attribute_escape( $post->post_text ) );
     259        return apply_filters( 'bp_get_the_topic_text', esc_attr( $post->post_text ) );
    260260    }
    261261
     
    971971
    972972        $post = bp_forums_get_post( $bp->action_variables[4] );
    973         return apply_filters( 'bp_get_the_topic_post_edit_text', attribute_escape( $post->post_text ) );
     973        return apply_filters( 'bp_get_the_topic_post_edit_text', esc_attr( $post->post_text ) );
    974974    }
    975975
     
    10151015?>
    10161016    <form action="" method="get" id="search-forums-form">
    1017         <label><input type="text" name="s" id="forums_search" value="<?php echo attribute_escape($search_value) ?>"  onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
     1017        <label><input type="text" name="s" id="forums_search" value="<?php echo esc_attr($search_value) ?>"  onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
    10181018        <input type="submit" id="forums_search_submit" name="forums_search_submit" value="<?php _e( 'Search', 'buddypress' ) ?>" />
    10191019    </form>
     
    10631063        global $topic_template;
    10641064
    1065         return apply_filters( 'bp_get_forum_action', $bp->root_domain . attribute_escape( $_SERVER['REQUEST_URI'] ) );
     1065        return apply_filters( 'bp_get_forum_action', $bp->root_domain . esc_attr( $_SERVER['REQUEST_URI'] ) );
    10661066    }
    10671067
     
    10721072        global $bp;
    10731073
    1074         return apply_filters( 'bp_get_forum_topic_action', $bp->root_domain . attribute_escape( $_SERVER['REQUEST_URI'] ) );
     1074        return apply_filters( 'bp_get_forum_topic_action', $bp->root_domain . esc_attr( $_SERVER['REQUEST_URI'] ) );
    10751075    }
    10761076
  • branches/1.2/bp-friends/bp-friends-templatetags.php

    r2627 r3143  
    109109
    110110        <?php wp_nonce_field( 'friends_search', '_wpnonce_friend_search' ) ?>
    111         <input type="hidden" name="initiator" id="initiator" value="<?php echo attribute_escape( $bp->displayed_user->id ) ?>" />
     111        <input type="hidden" name="initiator" id="initiator" value="<?php echo esc_attr( $bp->displayed_user->id ) ?>" />
    112112
    113113        </form>
  • branches/1.2/bp-groups.php

    r3142 r3143  
    173173
    174174            if ( !$bp->bp_options_avatar = bp_core_fetch_avatar( array( 'item_id' => $bp->groups->current_group->id, 'object' => 'group', 'type' => 'thumb', 'avatar_dir' => 'group-avatars', 'alt' => __( 'Group Avatar', 'buddypress' ) ) ) )
    175                 $bp->bp_options_avatar = '<img src="' . attribute_escape( $group->avatar_full ) . '" class="avatar" alt="' . attribute_escape( $group->name ) . '" />';
     175                $bp->bp_options_avatar = '<img src="' . esc_attr( $group->avatar_full ) . '" class="avatar" alt="' . esc_attr( $group->name ) . '" />';
    176176
    177177            $group_link = $bp->root_domain . '/' . $bp->groups->slug . '/' . $bp->groups->current_group->slug . '/';
     
    299299
    300300            groups_record_activity( array(
    301                 'action' => apply_filters( 'groups_activity_accepted_invite_action', sprintf( __( '%s joined the group %s', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $group ) . '">' . attribute_escape( $group->name ) . '</a>' ), $bp->loggedin_user->id, &$group ),
     301                'action' => apply_filters( 'groups_activity_accepted_invite_action', sprintf( __( '%s joined the group %s', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $group ) . '">' . esc_attr( $group->name ) . '</a>' ), $bp->loggedin_user->id, &$group ),
    302302                'type' => 'joined_group',
    303303                'item_id' => $group->id
     
    11261126            /* Once we compelete all steps, record the group creation in the activity stream. */
    11271127            groups_record_activity( array(
    1128                 'action' => apply_filters( 'groups_activity_created_group_action', sprintf( __( '%s created the group %s', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' ) ),
     1128                'action' => apply_filters( 'groups_activity_created_group_action', sprintf( __( '%s created the group %s', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ) ),
    11291129                'type' => 'created_group',
    11301130                'item_id' => $bp->groups->new_group_id
     
    17381738    /* Record this in activity streams */
    17391739    groups_record_activity( array(
    1740         'action' => apply_filters( 'groups_activity_joined_group', sprintf( __( '%s joined the group %s', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' ) ),
     1740        'action' => apply_filters( 'groups_activity_joined_group', sprintf( __( '%s joined the group %s', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ) ),
    17411741        'type' => 'joined_group',
    17421742        'item_id' => $group_id
     
    19141914
    19151915    /* Record this in activity streams */
    1916     $activity_action = sprintf( __( '%s posted an update in the group %s:', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );
     1916    $activity_action = sprintf( __( '%s posted an update in the group %s:', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' );
    19171917    $activity_content = $content;
    19181918
     
    19851985        $topic = bp_forums_get_topic_details( $topic_id );
    19861986
    1987         $activity_action = sprintf( __( '%s posted on the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );
     1987        $activity_action = sprintf( __( '%s posted on the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . esc_attr( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' );
    19881988        $activity_content = bp_create_excerpt( $post_text );
    19891989        $primary_link = bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug . '/';
     
    20242024        $topic = bp_forums_get_topic_details( $topic_id );
    20252025
    2026         $activity_action = sprintf( __( '%s started the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );
     2026        $activity_action = sprintf( __( '%s started the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . esc_attr( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' );
    20272027        $activity_content = bp_create_excerpt( $topic_text );
    20282028
     
    20562056            bp_activity_delete_by_item_id( array( 'item_id' => $bp->groups->current_group->id, 'secondary_item_id' => $topic_id, 'component' => $bp->groups->id, 'type' => 'new_forum_topic' ) );
    20572057
    2058         $activity_action = sprintf( __( '%s started the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $topic->topic_poster ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );
     2058        $activity_action = sprintf( __( '%s started the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $topic->topic_poster ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . esc_attr( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' );
    20592059        $activity_content = bp_create_excerpt( $topic_text );
    20602060
     
    20902090        $topic = bp_forums_get_topic_details( $topic_id );
    20912091
    2092         $activity_action = sprintf( __( '%s posted on the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $post->poster_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );
     2092        $activity_action = sprintf( __( '%s posted on the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $post->poster_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'">' . esc_attr( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' );
    20932093        $activity_content = bp_create_excerpt( $post_text );
    20942094        $primary_link = bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug . '/';
     
    24192419
    24202420    groups_record_activity( array(
    2421         'action'    => apply_filters( 'groups_activity_membership_accepted_action', sprintf( __( '%s joined the group %s', 'buddypress'), bp_core_get_userlink( $membership->user_id ), '<a href="' . bp_get_group_permalink( $group ) . '">' . attribute_escape( $group->name ) . '</a>' ), $membership->user_id, &$group ),
     2421        'action'    => apply_filters( 'groups_activity_membership_accepted_action', sprintf( __( '%s joined the group %s', 'buddypress'), bp_core_get_userlink( $membership->user_id ), '<a href="' . bp_get_group_permalink( $group ) . '">' . esc_attr( $group->name ) . '</a>' ), $membership->user_id, &$group ),
    24222422        'type'      => 'joined_group',
    24232423        'item_id'   => $membership->group_id,
  • branches/1.2/bp-groups/bp-groups-classes.php

    r3142 r3143  
    11371137        /* Construct the admin edit tab for the new group extension */
    11381138        if ( $this->enable_edit_item ) {
    1139             add_action( 'groups_admin_tabs', create_function( '$current, $group_slug', 'if ( "' . attribute_escape( $this->slug ) . '" == $current ) $selected = " class=\"current\""; echo "<li{$selected}><a href=\"' . $bp->root_domain . '/' . $bp->groups->slug . '/{$group_slug}/admin/' . attribute_escape( $this->slug ) . '\">' . attribute_escape( $this->name ) . '</a></li>";' ), 10, 2 );
     1139            add_action( 'groups_admin_tabs', create_function( '$current, $group_slug', 'if ( "' . esc_attr( $this->slug ) . '" == $current ) $selected = " class=\"current\""; echo "<li{$selected}><a href=\"' . $bp->root_domain . '/' . $bp->groups->slug . '/{$group_slug}/admin/' . esc_attr( $this->slug ) . '\">' . esc_attr( $this->name ) . '</a></li>";' ), 10, 2 );
    11401140
    11411141            /* Catch the edit screen and forward it to the plugin template */
     
    11621162                /* When we are viewing the extension display page, set the title and options title */
    11631163                if ( $bp->current_component == $bp->groups->slug && $bp->is_single_item && $bp->current_action == $this->slug ) {
    1164                     add_action( 'bp_template_content_header', create_function( '', 'echo "' . attribute_escape( $this->name ) . '";' ) );
    1165                     add_action( 'bp_template_title', create_function( '', 'echo "' . attribute_escape( $this->name ) . '";' ) );
     1164                    add_action( 'bp_template_content_header', create_function( '', 'echo "' . esc_attr( $this->name ) . '";' ) );
     1165                    add_action( 'bp_template_title', create_function( '', 'echo "' . esc_attr( $this->name ) . '";' ) );
    11661166                }
    11671167            }
  • branches/1.2/bp-groups/bp-groups-templatetags.php

    r2995 r3143  
    288288        /* Fetch the avatar from the folder, if not provide backwards compat. */
    289289        if ( !$avatar = bp_core_fetch_avatar( array( 'item_id' => $groups_template->group->id, 'object' => 'group', 'type' => $type, 'avatar_dir' => 'group-avatars', 'alt' => $alt, 'css_id' => $id, 'class' => $class, 'width' => $width, 'height' => $height ) ) )
    290             $avatar = '<img src="' . attribute_escape( $groups_template->group->avatar_thumb ) . '" class="avatar" alt="' . attribute_escape( $groups_template->group->name ) . '" />';
     290            $avatar = '<img src="' . esc_attr( $groups_template->group->avatar_thumb ) . '" class="avatar" alt="' . esc_attr( $groups_template->group->name ) . '" />';
    291291
    292292        return apply_filters( 'bp_get_group_avatar', $avatar );
     
    11331133function bp_group_hidden_fields() {
    11341134    if ( isset( $_REQUEST['s'] ) ) {
    1135         echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['s'] ) . '" name="search_terms" />';
     1135        echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['s'] ) . '" name="search_terms" />';
    11361136    }
    11371137
    11381138    if ( isset( $_REQUEST['letter'] ) ) {
    1139         echo '<input type="hidden" id="selected_letter" value="' . attribute_escape( $_REQUEST['letter'] ) . '" name="selected_letter" />';
     1139        echo '<input type="hidden" id="selected_letter" value="' . esc_attr( $_REQUEST['letter'] ) . '" name="selected_letter" />';
    11401140    }
    11411141
    11421142    if ( isset( $_REQUEST['groups_search'] ) ) {
    1143         echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['groups_search'] ) . '" name="search_terms" />';
     1143        echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['groups_search'] ) . '" name="search_terms" />';
    11441144    }
    11451145}
     
    16891689                }
    16901690
    1691                 $items[] = '<' . $separator . '><input' . $checked . ' type="checkbox" name="friends[]" id="f-' . $friends[$i]['id'] . '" value="' . attribute_escape( $friends[$i]['id'] ) . '" /> ' . $friends[$i]['full_name'] . '</' . $separator . '>';
     1691                $items[] = '<' . $separator . '><input' . $checked . ' type="checkbox" name="friends[]" id="f-' . $friends[$i]['id'] . '" value="' . esc_attr( $friends[$i]['id'] ) . '" /> ' . $friends[$i]['full_name'] . '</' . $separator . '>';
    16921692            }
    16931693        }
     
    17051705?>
    17061706    <form action="" method="get" id="search-groups-form">
    1707         <label><input type="text" name="s" id="groups_search" value="<?php echo attribute_escape($search_value) ?>"  onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
     1707        <label><input type="text" name="s" id="groups_search" value="<?php echo esc_attr($search_value) ?>"  onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>
    17081708        <input type="submit" id="groups_search_submit" name="groups_search_submit" value="<?php _e( 'Search', 'buddypress' ) ?>" />
    17091709    </form>
     
    17721772
    17731773    if ( $bp->groups->current_group->avatar_full ) { ?>
    1774         <img src="<?php echo attribute_escape( $bp->groups->current_group->avatar_full ) ?>" alt="<?php _e( 'Group Avatar', 'buddypress' ) ?>" class="avatar" />
     1774        <img src="<?php echo esc_attr( $bp->groups->current_group->avatar_full ) ?>" alt="<?php _e( 'Group Avatar', 'buddypress' ) ?>" class="avatar" />
    17751775    <?php } else { ?>
    17761776        <img src="<?php echo $bp->groups->image_base . '/none.gif' ?>" alt="<?php _e( 'No Group Avatar', 'buddypress' ) ?>" class="avatar" />
  • branches/1.2/bp-groups/bp-groups-widgets.php

    r2794 r3143  
    5151            </ul>
    5252            <?php wp_nonce_field( 'groups_widget_groups_list', '_wpnonce-groups' ); ?>
    53             <input type="hidden" name="groups_widget_max" id="groups_widget_max" value="<?php echo attribute_escape( $instance['max_groups'] ); ?>" />
     53            <input type="hidden" name="groups_widget_max" id="groups_widget_max" value="<?php echo esc_attr( $instance['max_groups'] ); ?>" />
    5454
    5555        <?php else: ?>
     
    7777        ?>
    7878
    79         <p><label for="bp-groups-widget-groups-max"><?php _e('Max groups to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_groups' ); ?>" name="<?php echo $this->get_field_name( 'max_groups' ); ?>" type="text" value="<?php echo attribute_escape( $max_groups ); ?>" style="width: 30%" /></label></p>
     79        <p><label for="bp-groups-widget-groups-max"><?php _e('Max groups to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_groups' ); ?>" name="<?php echo $this->get_field_name( 'max_groups' ); ?>" type="text" value="<?php echo esc_attr( $max_groups ); ?>" style="width: 30%" /></label></p>
    8080    <?php
    8181    }
     
    130130        </ul>
    131131        <?php wp_nonce_field( 'groups_widget_groups_list', '_wpnonce-groups' ); ?>
    132         <input type="hidden" name="groups_widget_max" id="groups_widget_max" value="<?php echo attribute_escape( $_POST['max_groups'] ); ?>" />
     132        <input type="hidden" name="groups_widget_max" id="groups_widget_max" value="<?php echo esc_attr( $_POST['max_groups'] ); ?>" />
    133133
    134134    <?php else: ?>
  • branches/1.2/bp-themes/bp-default/_inc/ajax.php

    r3142 r3143  
    189189                <div class="acomment-meta">
    190190                    <?php echo bp_core_get_userlink( bp_get_activity_user_id() ) ?> &middot; <?php printf( __( '%s ago', 'buddypress' ), bp_core_time_since( bp_core_current_time() ) ) ?> &middot;
    191                     <a class="acomment-reply" href="#acomment-<?php bp_activity_id() ?>" id="acomment-reply-<?php echo attribute_escape( $_POST['form_id'] ) ?>"><?php _e( 'Reply', 'buddypress' ) ?></a>
     191                    <a class="acomment-reply" href="#acomment-<?php bp_activity_id() ?>" id="acomment-reply-<?php echo esc_attr( $_POST['form_id'] ) ?>"><?php _e( 'Reply', 'buddypress' ) ?></a>
    192192                     &middot; <a href="<?php echo wp_nonce_url( $bp->root_domain . '/' . $bp->activity->slug . '/delete/' . bp_get_activity_id() . '?cid=' . $comment_id, 'bp_activity_delete_link' ) ?>" class="delete acomment-delete confirm"><?php _e( 'Delete', 'buddypress' ) ?></a>
    193193                </div>
     
    313313        echo '<span class="activity">' . esc_attr( $user->last_active ) . '</span>';
    314314        echo '<div class="action">
    315                 <a class="remove" href="' . wp_nonce_url( $bp->loggedin_user->domain . $bp->groups->slug . '/' . $_POST['group_id'] . '/invites/remove/' . $user->id, 'groups_invite_uninvite_user' ) . '" id="uid-' . attribute_escape( $user->id ) . '">' . __( 'Remove Invite', 'buddypress' ) . '</a>
     315                <a class="remove" href="' . wp_nonce_url( $bp->loggedin_user->domain . $bp->groups->slug . '/' . $_POST['group_id'] . '/invites/remove/' . $user->id, 'groups_invite_uninvite_user' ) . '" id="uid-' . esc_attr( $user->id ) . '">' . __( 'Remove Invite', 'buddypress' ) . '</a>
    316316              </div>';
    317317        echo '</li>';
     
    405405                _e( 'Error joining group', 'buddypress' );
    406406            } else {
    407                 echo '<a id="group-' . attribute_escape( $group->id ) . '" class="leave-group" rel="leave" title="' . __( 'Leave Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'leave-group', 'groups_leave_group' ) . '">' . __( 'Leave Group', 'buddypress' ) . '</a>';
     407                echo '<a id="group-' . esc_attr( $group->id ) . '" class="leave-group" rel="leave" title="' . __( 'Leave Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'leave-group', 'groups_leave_group' ) . '">' . __( 'Leave Group', 'buddypress' ) . '</a>';
    408408            }
    409409
     
    415415                _e( 'Error requesting membership', 'buddypress' );
    416416            } else {
    417                 echo '<a id="group-' . attribute_escape( $group->id ) . '" class="membership-requested" rel="membership-requested" title="' . __( 'Membership Requested', 'buddypress' ) . '" href="' . bp_get_group_permalink( $group ) . '">' . __( 'Membership Requested', 'buddypress' ) . '</a>';
     417                echo '<a id="group-' . esc_attr( $group->id ) . '" class="membership-requested" rel="membership-requested" title="' . __( 'Membership Requested', 'buddypress' ) . '" href="' . bp_get_group_permalink( $group ) . '">' . __( 'Membership Requested', 'buddypress' ) . '</a>';
    418418            }
    419419        }
     
    427427        } else {
    428428            if ( 'public' == $group->status ) {
    429                 echo '<a id="group-' . attribute_escape( $group->id ) . '" class="join-group" rel="join" title="' . __( 'Join Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'join', 'groups_join_group' ) . '">' . __( 'Join Group', 'buddypress' ) . '</a>';
     429                echo '<a id="group-' . esc_attr( $group->id ) . '" class="join-group" rel="join" title="' . __( 'Join Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'join', 'groups_join_group' ) . '">' . __( 'Join Group', 'buddypress' ) . '</a>';
    430430            } else if ( 'private' == $group->status ) {
    431                 echo '<a id="group-' . attribute_escape( $group->id ) . '" class="request-membership" rel="join" title="' . __( 'Request Membership', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'request-membership', 'groups_send_membership_request' ) . '">' . __( 'Request Membership', 'buddypress' ) . '</a>';
     431                echo '<a id="group-' . esc_attr( $group->id ) . '" class="request-membership" rel="join" title="' . __( 'Request Membership', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'request-membership', 'groups_send_membership_request' ) . '">' . __( 'Request Membership', 'buddypress' ) . '</a>';
    432432            }
    433433        }
  • branches/1.2/bp-themes/bp-default/sidebar.php

    r2879 r3143  
    4040        <form name="login-form" id="sidebar-login-form" class="standard-form" action="<?php echo site_url( 'wp-login.php', 'login_post' ) ?>" method="post">
    4141            <label><?php _e( 'Username', 'buddypress' ) ?><br />
    42             <input type="text" name="log" id="sidebar-user-login" class="input" value="<?php echo attribute_escape(stripslashes($user_login)); ?>" /></label>
     42            <input type="text" name="log" id="sidebar-user-login" class="input" value="<?php echo esc_attr(stripslashes($user_login)); ?>" /></label>
    4343
    4444            <label><?php _e( 'Password', 'buddypress' ) ?><br />
  • branches/1.2/bp-xprofile.php

    r3142 r3143  
    213213
    214214        <ul>
    215             <li><a href="<?php echo $bp->displayed_user->domain . $bp->profile->slug ?>/edit/"><?php printf( __( "Edit %s's Profile", 'buddypress' ), attribute_escape( $bp->displayed_user->fullname ) ) ?></a></li>
    216             <li><a href="<?php echo $bp->displayed_user->domain . $bp->profile->slug ?>/change-avatar/"><?php printf( __( "Edit %s's Avatar", 'buddypress' ), attribute_escape( $bp->displayed_user->fullname ) ) ?></a></li>
     215            <li><a href="<?php echo $bp->displayed_user->domain . $bp->profile->slug ?>/edit/"><?php printf( __( "Edit %s's Profile", 'buddypress' ), esc_attr( $bp->displayed_user->fullname ) ) ?></a></li>
     216            <li><a href="<?php echo $bp->displayed_user->domain . $bp->profile->slug ?>/change-avatar/"><?php printf( __( "Edit %s's Avatar", 'buddypress' ), esc_attr( $bp->displayed_user->fullname ) ) ?></a></li>
    217217
    218218            <?php if ( !bp_core_is_user_spammer( $bp->displayed_user->id ) ) : ?>
     
    222222            <?php endif; ?>
    223223
    224             <li><a href="<?php echo wp_nonce_url( $bp->displayed_user->domain . 'admin/delete-user/', 'delete-user' ) ?>" class="confirm"><?php printf( __( "Delete %s", 'buddypress' ), attribute_escape( $bp->displayed_user->fullname ) ) ?></a></li>
     224            <li><a href="<?php echo wp_nonce_url( $bp->displayed_user->domain . 'admin/delete-user/', 'delete-user' ) ?>" class="confirm"><?php printf( __( "Delete %s", 'buddypress' ), esc_attr( $bp->displayed_user->fullname ) ) ?></a></li>
    225225
    226226            <?php do_action( 'xprofile_adminbar_menu_items' ) ?>
  • branches/1.2/bp-xprofile/bp-xprofile-admin.php

    r2625 r3143  
    5050            ?>
    5151                <div id="message" class="<?php echo $type; ?> fade">
    52                     <p><?php echo wp_specialchars( attribute_escape( $message ) ); ?></p>
     52                    <p><?php echo wp_specialchars( esc_attr( $message ) ); ?></p>
    5353                </div>
    5454            <?php }
     
    6363                            <tr>
    6464                                <th scope="col" width="10">&nbsp;</th>
    65                                 <th scope="col" colspan="<?php if ( $groups[$i]->can_delete ) { ?>3<?php } else { ?>5<?php } ?>"><?php echo attribute_escape( $groups[$i]->name ); ?></th>
     65                                <th scope="col" colspan="<?php if ( $groups[$i]->can_delete ) { ?>3<?php } else { ?>5<?php } ?>"><?php echo esc_attr( $groups[$i]->name ); ?></th>
    6666                                <?php if ( $groups[$i]->can_delete ) { ?>
    67                                     <th scope="col"><a class="edit" href="admin.php?page=bp-profile-setup&amp;mode=edit_group&amp;group_id=<?php echo attribute_escape( $groups[$i]->id ); ?>"><?php _e( 'Edit', 'buddypress' ) ?></a></th>
    68                                     <th scope="col"><a class="delete" href="admin.php?page=bp-profile-setup&amp;mode=delete_group&amp;group_id=<?php echo attribute_escape( $groups[$i]->id ); ?>"><?php _e( 'Delete', 'buddypress' ) ?></a></th>
     67                                    <th scope="col"><a class="edit" href="admin.php?page=bp-profile-setup&amp;mode=edit_group&amp;group_id=<?php echo esc_attr( $groups[$i]->id ); ?>"><?php _e( 'Edit', 'buddypress' ) ?></a></th>
     68                                    <th scope="col"><a class="delete" href="admin.php?page=bp-profile-setup&amp;mode=delete_group&amp;group_id=<?php echo esc_attr( $groups[$i]->id ); ?>"><?php _e( 'Delete', 'buddypress' ) ?></a></th>
    6969                                <?php } ?>
    7070                            </tr>
     
    8787                                    <?php if ( !$field->can_delete ) { $class .= ' core'; } ?>
    8888
    89                                     <tr id="field_<?php echo attribute_escape( $field->id ); ?>" class="sortable<?php if ( $class ) { echo ' ' . $class; } ?>">
     89                                    <tr id="field_<?php echo esc_attr( $field->id ); ?>" class="sortable<?php if ( $class ) { echo ' ' . $class; } ?>">
    9090                                        <td width="10"><img src="<?php echo BP_PLUGIN_URL ?>/bp-xprofile/admin/images/move.gif" alt="<?php _e( 'Drag', 'buddypress' ) ?>" /></td>
    91                                         <td><span title="<?php echo $field->description; ?>"><?php echo attribute_escape( $field->name ); ?> <?php if(!$field->can_delete) { ?> <?php _e( '(Core Field)', 'buddypress' ) ?><?php } ?></span></td>
    92                                         <td><?php echo attribute_escape( $field->type ); ?></td>
     91                                        <td><span title="<?php echo $field->description; ?>"><?php echo esc_attr( $field->name ); ?> <?php if(!$field->can_delete) { ?> <?php _e( '(Core Field)', 'buddypress' ) ?><?php } ?></span></td>
     92                                        <td><?php echo esc_attr( $field->type ); ?></td>
    9393                                        <td style="text-align:center;"><?php if ( $field->is_required ) { echo '<img src="' . BP_PLUGIN_URL . '/bp-xprofile/admin/images/tick.gif" alt="' . __( 'Yes', 'buddypress' ) . '" />'; } else { ?>--<?php } ?></td>
    94                                         <td style="text-align:center;"><?php if ( !$field->can_delete ) { ?><strike><?php _e( 'Edit', 'buddypress' ) ?></strike><?php } else { ?><a class="edit" href="admin.php?page=bp-profile-setup&amp;group_id=<?php echo attribute_escape( $groups[$i]->id ); ?>&amp;field_id=<?php echo attribute_escape( $field->id ); ?>&amp;mode=edit_field"><?php _e( 'Edit', 'buddypress' ) ?></a><?php } ?></td>
    95                                         <td style="text-align:center;"><?php if ( !$field->can_delete ) { ?><strike><?php _e( 'Delete', 'buddypress' ) ?></strike><?php } else { ?><a class="delete" href="admin.php?page=bp-profile-setup&amp;field_id=<?php echo attribute_escape( $field->id ); ?>&amp;mode=delete_field"><?php _e( 'Delete', 'buddypress' ) ?></a><?php } ?></td>
     94                                        <td style="text-align:center;"><?php if ( !$field->can_delete ) { ?><strike><?php _e( 'Edit', 'buddypress' ) ?></strike><?php } else { ?><a class="edit" href="admin.php?page=bp-profile-setup&amp;group_id=<?php echo esc_attr( $groups[$i]->id ); ?>&amp;field_id=<?php echo esc_attr( $field->id ); ?>&amp;mode=edit_field"><?php _e( 'Edit', 'buddypress' ) ?></a><?php } ?></td>
     95                                        <td style="text-align:center;"><?php if ( !$field->can_delete ) { ?><strike><?php _e( 'Delete', 'buddypress' ) ?></strike><?php } else { ?><a class="delete" href="admin.php?page=bp-profile-setup&amp;field_id=<?php echo esc_attr( $field->id ); ?>&amp;mode=delete_field"><?php _e( 'Delete', 'buddypress' ) ?></a><?php } ?></td>
    9696                                    </tr>
    9797
     
    111111
    112112                                <tr class="nodrag">
    113                                     <td colspan="6"><a href="admin.php?page=bp-profile-setup&amp;group_id=<?php echo attribute_escape( $groups[$i]->id ); ?>&amp;mode=add_field"><?php _e( 'Add New Field', 'buddypress' ) ?></a></td>
     113                                    <td colspan="6"><a href="admin.php?page=bp-profile-setup&amp;group_id=<?php echo esc_attr( $groups[$i]->id ); ?>&amp;mode=add_field"><?php _e( 'Add New Field', 'buddypress' ) ?></a></td>
    114114                                </tr>
    115115
  • branches/1.2/bp-xprofile/bp-xprofile-classes.php

    r3064 r3143  
    190190            <?php } ?>
    191191
    192             <form action="<?php echo attribute_escape( $action ); ?>" method="post">
     192            <form action="<?php echo esc_attr( $action ); ?>" method="post">
    193193
    194194                <div id="titlediv">
    195195                    <label for="group_name"><?php _e( "Field Group Name", 'buddypress') ?></label>
    196196                    <div>
    197                         <input type="text" name="group_name" id="group_name" value="<?php echo attribute_escape( $this->name ) ?>" style="width:50%" />
     197                        <input type="text" name="group_name" id="group_name" value="<?php echo esc_attr( $this->name ) ?>" style="width:50%" />
    198198                    </div>
    199199                </div>
    200200
    201201                <p class="submit" style="text-align: left">
    202                     <input type="submit" name="saveGroup" value="<?php echo attribute_escape( $title ); ?> &rarr;" />
     202                    <input type="submit" name="saveGroup" value="<?php echo esc_attr( $title ); ?> &rarr;" />
    203203                </p>
    204204
     
    528528                    ?>
    529529                        <p><?php _e('Option', 'buddypress') ?> <?php echo $j ?>:
    530                            <input type="text" name="<?php echo $type ?>_option[<?php echo $j ?>]" id="<?php echo $type ?>_option<?php echo $j ?>" value="<?php echo attribute_escape( $options[$i]->name ) ?>" />
     530                           <input type="text" name="<?php echo $type ?>_option[<?php echo $j ?>]" id="<?php echo $type ?>_option<?php echo $j ?>" value="<?php echo esc_attr( $options[$i]->name ) ?>" />
    531531                           <input type="<?php echo $default_input ?>" name="isDefault_<?php echo $type ?>_option<?php echo $default_name ?>" <?php if ( (int) $options[$i]->is_default_option ) {?> checked="checked"<?php } ?> " value="<?php echo $j ?>" /> <?php _e( 'Default Value', 'buddypress' ) ?>
    532532                            <?php if ( $j != 1 &&
     
    588588                    <h3><label for="title"><?php _e("Field Title", 'buddypress') ?> *</label></h3>
    589589                    <div id="titlewrap">
    590                         <input type="text" name="title" id="title" value="<?php echo attribute_escape( $this->name ) ?>" style="width:50%" />
     590                        <input type="text" name="title" id="title" value="<?php echo esc_attr( $this->name ) ?>" style="width:50%" />
    591591                    </div>
    592592                </div>
  • branches/1.2/bp-xprofile/bp-xprofile-templatetags.php

    r3106 r3143  
    180180
    181181        if ( $class )
    182             $css_classes[] = sanitize_title( attribute_escape( $class ) );
     182            $css_classes[] = sanitize_title( esc_attr( $class ) );
    183183
    184184        /* Set a class with the field ID */
     
    394394                    }
    395395
    396                     $html .= apply_filters( 'bp_get_the_profile_field_options_select', '<option' . $selected . ' value="' . attribute_escape( $options[$k]->name ) . '">' . attribute_escape( $options[$k]->name ) . '</option>', $options[$k] );
     396                    $html .= apply_filters( 'bp_get_the_profile_field_options_select', '<option' . $selected . ' value="' . esc_attr( $options[$k]->name ) . '">' . esc_attr( $options[$k]->name ) . '</option>', $options[$k] );
    397397                }
    398398                break;
     
    416416                    }
    417417
    418                     $html .= apply_filters( 'bp_get_the_profile_field_options_radio', '<label><input' . $selected . ' type="radio" name="field_' . $field->id . '" id="option_' . $options[$k]->id . '" value="' . attribute_escape( $options[$k]->name ) . '"> ' . attribute_escape( $options[$k]->name ) . '</label>', $options[$k] );
     418                    $html .= apply_filters( 'bp_get_the_profile_field_options_radio', '<label><input' . $selected . ' type="radio" name="field_' . $field->id . '" id="option_' . $options[$k]->id . '" value="' . esc_attr( $options[$k]->name ) . '"> ' . esc_attr( $options[$k]->name ) . '</label>', $options[$k] );
    419419                }
    420420
     
    441441                    }
    442442
    443                     $html .= apply_filters( 'bp_get_the_profile_field_options_checkbox', '<label><input' . $selected . ' type="checkbox" name="field_' . $field->id . '[]" id="field_' . $options[$k]->id . '_' . $k . '" value="' . attribute_escape( $options[$k]->name ) . '"> ' . attribute_escape( $options[$k]->name ) . '</label>', $options[$k] );
     443                    $html .= apply_filters( 'bp_get_the_profile_field_options_checkbox', '<label><input' . $selected . ' type="checkbox" name="field_' . $field->id . '[]" id="field_' . $options[$k]->id . '_' . $k . '" value="' . esc_attr( $options[$k]->name ) . '"> ' . esc_attr( $options[$k]->name ) . '</label>', $options[$k] );
    444444                    $selected = '';
    445445                }
     
    473473                switch ( $type ) {
    474474                    case 'day':
    475                         $html .= '<option value=""' . attribute_escape( $default_select ) . '>--</option>';
     475                        $html .= '<option value=""' . esc_attr( $default_select ) . '>--</option>';
    476476
    477477                        for ( $i = 1; $i < 32; $i++ ) {
     
    494494                                );
    495495
    496                         $html .= '<option value=""' . attribute_escape( $default_select ) . '>------</option>';
     496                        $html .= '<option value=""' . esc_attr( $default_select ) . '>------</option>';
    497497
    498498                        for ( $i = 0; $i < 12; $i++ ) {
     
    508508
    509509                    case 'year':
    510                         $html .= '<option value=""' . attribute_escape( $default_select ) . '>----</option>';
     510                        $html .= '<option value=""' . esc_attr( $default_select ) . '>----</option>';
    511511
    512512                        for ( $i = date( 'Y', time() ); $i > 1899; $i-- ) {
     
    583583
    584584        if ( $groups[$i]->fields )
    585             echo '<li' . $selected . '><a href="' . $bp->displayed_user->domain . $bp->profile->slug . '/edit/group/' . $groups[$i]->id . '">' . attribute_escape( $groups[$i]->name ) . '</a></li>';
     585            echo '<li' . $selected . '><a href="' . $bp->displayed_user->domain . $bp->profile->slug . '/edit/group/' . $groups[$i]->id . '">' . esc_attr( $groups[$i]->name ) . '</a></li>';
    586586    }
    587587
Note: See TracChangeset for help on using the changeset viewer.