Changeset 3143
- Timestamp:
- 07/22/2010 10:51:24 AM (14 years ago)
- Location:
- branches/1.2
- Files:
-
- 22 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/1.2/bp-activity/bp-activity-templatetags.php
r3076 r3143 768 768 unset($selected); 769 769 770 $component = attribute_escape( $component );770 $component = esc_attr( $component ); 771 771 772 772 switch ( $style ) { … … 796 796 $translatable_components = array( __( 'profile', 'buddypress'), __( 'friends', 'buddypress' ), __( 'groups', 'buddypress' ), __( 'status', 'buddypress' ), __( 'blogs', 'buddypress' ) ); 797 797 798 $component_links[] = $before . '<a href="' . attribute_escape( $link ) . '">' . ucwords( __( $component, 'buddypress' ) ) . '</a>' . $after;798 $component_links[] = $before . '<a href="' . esc_attr( $link ) . '">' . ucwords( __( $component, 'buddypress' ) ) . '</a>' . $after; 799 799 } 800 800 … … 802 802 803 803 if ( isset( $_GET['afilter'] ) ) 804 $component_links[] = '<' . $tag . ' id="afilter-clear"><a href="' . attribute_escape( $link ) . '"">' . __( 'Clear Filter', 'buddypress' ) . '</a></' . $tag . '>';804 $component_links[] = '<' . $tag . ' id="afilter-clear"><a href="' . esc_attr( $link ) . '"">' . __( 'Clear Filter', 'buddypress' ) . '</a></' . $tag . '>'; 805 805 806 806 return apply_filters( 'bp_get_activity_filter_links', implode( "\n", $component_links ) ); -
branches/1.2/bp-blogs.php
r3142 r3143 346 346 bp_blogs_record_activity( array( 347 347 'user_id' => $recorded_blog->user_id, 348 'action' => apply_filters( 'bp_blogs_activity_created_blog_action', sprintf( __( '%s created the blog %s', 'buddypress'), bp_core_get_userlink( $recorded_blog->user_id ), '<a href="' . get_blog_option( $recorded_blog->blog_id, 'siteurl' ) . '">' . attribute_escape( $name ) . '</a>' ), &$recorded_blog, $name, $description ),348 'action' => apply_filters( 'bp_blogs_activity_created_blog_action', sprintf( __( '%s created the blog %s', 'buddypress'), bp_core_get_userlink( $recorded_blog->user_id ), '<a href="' . get_blog_option( $recorded_blog->blog_id, 'siteurl' ) . '">' . esc_attr( $name ) . '</a>' ), &$recorded_blog, $name, $description ), 349 349 'primary_link' => apply_filters( 'bp_blogs_activity_created_blog_primary_link', get_blog_option( $recorded_blog->blog_id, 'siteurl' ), $recorded_blog->blog_id ), 350 350 'type' => 'new_blog', -
branches/1.2/bp-blogs/bp-blogs-templatetags.php
r3117 r3143 268 268 function bp_blog_hidden_fields() { 269 269 if ( isset( $_REQUEST['s'] ) ) { 270 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['s'] ). '" name="search_terms" />';270 echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['s'] ). '" name="search_terms" />'; 271 271 } 272 272 273 273 if ( isset( $_REQUEST['letter'] ) ) { 274 echo '<input type="hidden" id="selected_letter" value="' . attribute_escape( $_REQUEST['letter'] ) . '" name="selected_letter" />';274 echo '<input type="hidden" id="selected_letter" value="' . esc_attr( $_REQUEST['letter'] ) . '" name="selected_letter" />'; 275 275 } 276 276 277 277 if ( isset( $_REQUEST['blogs_search'] ) ) { 278 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['blogs_search'] ) . '" name="search_terms" />';278 echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['blogs_search'] ) . '" name="search_terms" />'; 279 279 } 280 280 } -
branches/1.2/bp-blogs/bp-blogs-widgets.php
r3074 r3143 78 78 ?> 79 79 80 <p><label for="bp-blogs-widget-posts-max"><?php _e('Max posts to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_posts' ); ?>" name="<?php echo $this->get_field_name( 'max_posts' ); ?>" type="text" value="<?php echo attribute_escape( $max_posts ); ?>" style="width: 30%" /></label></p>80 <p><label for="bp-blogs-widget-posts-max"><?php _e('Max posts to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_posts' ); ?>" name="<?php echo $this->get_field_name( 'max_posts' ); ?>" type="text" value="<?php echo esc_attr( $max_posts ); ?>" style="width: 30%" /></label></p> 81 81 <?php 82 82 } -
branches/1.2/bp-core.php
r3142 r3143 1375 1375 ?> 1376 1376 <div id="message" class="<?php echo $type; ?>"> 1377 <p><?php echo stripslashes( attribute_escape( $bp->template_message ) ); ?></p>1377 <p><?php echo stripslashes( esc_attr( $bp->template_message ) ); ?></p> 1378 1378 </div> 1379 1379 <?php -
branches/1.2/bp-core/bp-core-classes.php
r3142 r3143 61 61 if ( $this->profile_data ) { 62 62 $this->user_url = bp_core_get_user_domain( $this->id, $this->profile_data['user_nicename'], $this->profile_data['user_login'] ); 63 $this->fullname = attribute_escape( $this->profile_data[BP_XPROFILE_FULLNAME_FIELD_NAME]['field_data'] );63 $this->fullname = esc_attr( $this->profile_data[BP_XPROFILE_FULLNAME_FIELD_NAME]['field_data'] ); 64 64 $this->user_link = "<a href='{$this->user_url}' title='{$this->fullname}'>{$this->fullname}</a>"; 65 $this->email = attribute_escape( $this->profile_data['user_email'] );65 $this->email = esc_attr( $this->profile_data['user_email'] ); 66 66 } else { 67 67 $this->user_url = bp_core_get_user_domain( $this->id ); 68 68 $this->user_link = bp_core_get_userlink( $this->id ); 69 $this->fullname = attribute_escape( bp_core_get_user_displayname( $this->id ) );70 $this->email = attribute_escape( bp_core_get_user_email( $this->id ) );69 $this->fullname = esc_attr( bp_core_get_user_displayname( $this->id ) ); 70 $this->email = esc_attr( bp_core_get_user_email( $this->id ) ); 71 71 } 72 72 -
branches/1.2/bp-core/bp-core-settings.php
r3001 r3143 88 88 <form action="<?php echo $bp->loggedin_user->domain . BP_SETTINGS_SLUG . '/general' ?>" method="post" class="standard-form" id="settings-form"> 89 89 <label for="email"><?php _e( 'Account Email', 'buddypress' ) ?></label> 90 <input type="text" name="email" id="email" value="<?php echo attribute_escape( $current_user->user_email ); ?>" class="settings-input" />90 <input type="text" name="email" id="email" value="<?php echo esc_attr( $current_user->user_email ); ?>" class="settings-input" /> 91 91 92 92 <label for="pass1"><?php _e( 'Change Password <span>(leave blank for no change)</span>', 'buddypress' ) ?></label> -
branches/1.2/bp-core/bp-core-templatetags.php
r3142 r3143 413 413 global $members_template; 414 414 415 $registered = attribute_escape( bp_core_get_last_activity( $members_template->member->user_registered, __( 'registered %s ago', 'buddypress' ) ) );415 $registered = esc_attr( bp_core_get_last_activity( $members_template->member->user_registered, __( 'registered %s ago', 'buddypress' ) ) ); 416 416 417 417 return apply_filters( 'bp_member_last_active', $registered ); … … 457 457 function bp_member_hidden_fields() { 458 458 if ( isset( $_REQUEST['s'] ) ) { 459 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['s'] ) . '" name="search_terms" />';459 echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['s'] ) . '" name="search_terms" />'; 460 460 } 461 461 462 462 if ( isset( $_REQUEST['letter'] ) ) { 463 echo '<input type="hidden" id="selected_letter" value="' . attribute_escape( $_REQUEST['letter'] ) . '" name="selected_letter" />';463 echo '<input type="hidden" id="selected_letter" value="' . esc_attr( $_REQUEST['letter'] ) . '" name="selected_letter" />'; 464 464 } 465 465 466 466 if ( isset( $_REQUEST['members_search'] ) ) { 467 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['members_search'] ) . '" name="search_terms" />';467 echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['members_search'] ) . '" name="search_terms" />'; 468 468 } 469 469 } … … 478 478 ?> 479 479 <form action="" method="get" id="search-members-form"> 480 <label><input type="text" name="s" id="members_search" value="<?php echo attribute_escape( $search_value ) ?>" onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>480 <label><input type="text" name="s" id="members_search" value="<?php echo esc_attr( $search_value ) ?>" onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label> 481 481 <input type="submit" id="members_search_submit" name="members_search_submit" value="<?php _e( 'Search', 'buddypress' ) ?>" /> 482 482 </form> … … 626 626 $bp->bp_options_title = __( 'Options', 'buddypress' ); 627 627 628 echo apply_filters( 'bp_get_options_title', attribute_escape( $bp->bp_options_title ) );628 echo apply_filters( 'bp_get_options_title', esc_attr( $bp->bp_options_title ) ); 629 629 } 630 630 -
branches/1.2/bp-core/bp-core-widgets.php
r2794 r3143 53 53 </ul> 54 54 <?php wp_nonce_field( 'bp_core_widget_members', '_wpnonce-members' ); ?> 55 <input type="hidden" name="members_widget_max" id="members_widget_max" value="<?php echo attribute_escape( $instance['max_members'] ); ?>" />55 <input type="hidden" name="members_widget_max" id="members_widget_max" value="<?php echo esc_attr( $instance['max_members'] ); ?>" /> 56 56 57 57 <?php else: ?> … … 79 79 ?> 80 80 81 <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo attribute_escape( $max_members ); ?>" style="width: 30%" /></label></p>81 <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" /></label></p> 82 82 <?php 83 83 } … … 133 133 ?> 134 134 135 <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo attribute_escape( $max_members ); ?>" style="width: 30%" /></label></p>135 <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" /></label></p> 136 136 <?php 137 137 } … … 187 187 ?> 188 188 189 <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo attribute_escape( $max_members ); ?>" style="width: 30%" /></label></p>189 <p><label for="bp-core-widget-members-max"><?php _e('Max Members to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_members' ); ?>" name="<?php echo $this->get_field_name( 'max_members' ); ?>" type="text" value="<?php echo esc_attr( $max_members ); ?>" style="width: 30%" /></label></p> 190 190 <?php 191 191 } -
branches/1.2/bp-forums/bp-forums-filters.php
r3072 r3143 3 3 /* Apply WordPress defined filters */ 4 4 add_filter( 'bp_forums_bbconfig_location', 'wp_filter_kses', 1 ); 5 add_filter( 'bp_forums_bbconfig_location', ' attribute_escape', 1 );5 add_filter( 'bp_forums_bbconfig_location', 'esc_attr', 1 ); 6 6 7 7 add_filter( 'bp_get_the_topic_title', 'wp_filter_kses', 1 ); -
branches/1.2/bp-forums/bp-forums-templatetags.php
r3106 r3143 257 257 258 258 $post = bb_get_first_post( (int)$forum_template->topic->topic_id, false ); 259 return apply_filters( 'bp_get_the_topic_text', attribute_escape( $post->post_text ) );259 return apply_filters( 'bp_get_the_topic_text', esc_attr( $post->post_text ) ); 260 260 } 261 261 … … 971 971 972 972 $post = bp_forums_get_post( $bp->action_variables[4] ); 973 return apply_filters( 'bp_get_the_topic_post_edit_text', attribute_escape( $post->post_text ) );973 return apply_filters( 'bp_get_the_topic_post_edit_text', esc_attr( $post->post_text ) ); 974 974 } 975 975 … … 1015 1015 ?> 1016 1016 <form action="" method="get" id="search-forums-form"> 1017 <label><input type="text" name="s" id="forums_search" value="<?php echo attribute_escape($search_value) ?>" onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>1017 <label><input type="text" name="s" id="forums_search" value="<?php echo esc_attr($search_value) ?>" onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label> 1018 1018 <input type="submit" id="forums_search_submit" name="forums_search_submit" value="<?php _e( 'Search', 'buddypress' ) ?>" /> 1019 1019 </form> … … 1063 1063 global $topic_template; 1064 1064 1065 return apply_filters( 'bp_get_forum_action', $bp->root_domain . attribute_escape( $_SERVER['REQUEST_URI'] ) );1065 return apply_filters( 'bp_get_forum_action', $bp->root_domain . esc_attr( $_SERVER['REQUEST_URI'] ) ); 1066 1066 } 1067 1067 … … 1072 1072 global $bp; 1073 1073 1074 return apply_filters( 'bp_get_forum_topic_action', $bp->root_domain . attribute_escape( $_SERVER['REQUEST_URI'] ) );1074 return apply_filters( 'bp_get_forum_topic_action', $bp->root_domain . esc_attr( $_SERVER['REQUEST_URI'] ) ); 1075 1075 } 1076 1076 -
branches/1.2/bp-friends/bp-friends-templatetags.php
r2627 r3143 109 109 110 110 <?php wp_nonce_field( 'friends_search', '_wpnonce_friend_search' ) ?> 111 <input type="hidden" name="initiator" id="initiator" value="<?php echo attribute_escape( $bp->displayed_user->id ) ?>" />111 <input type="hidden" name="initiator" id="initiator" value="<?php echo esc_attr( $bp->displayed_user->id ) ?>" /> 112 112 113 113 </form> -
branches/1.2/bp-groups.php
r3142 r3143 173 173 174 174 if ( !$bp->bp_options_avatar = bp_core_fetch_avatar( array( 'item_id' => $bp->groups->current_group->id, 'object' => 'group', 'type' => 'thumb', 'avatar_dir' => 'group-avatars', 'alt' => __( 'Group Avatar', 'buddypress' ) ) ) ) 175 $bp->bp_options_avatar = '<img src="' . attribute_escape( $group->avatar_full ) . '" class="avatar" alt="' . attribute_escape( $group->name ) . '" />';175 $bp->bp_options_avatar = '<img src="' . esc_attr( $group->avatar_full ) . '" class="avatar" alt="' . esc_attr( $group->name ) . '" />'; 176 176 177 177 $group_link = $bp->root_domain . '/' . $bp->groups->slug . '/' . $bp->groups->current_group->slug . '/'; … … 299 299 300 300 groups_record_activity( array( 301 'action' => apply_filters( 'groups_activity_accepted_invite_action', sprintf( __( '%s joined the group %s', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $group ) . '">' . attribute_escape( $group->name ) . '</a>' ), $bp->loggedin_user->id, &$group ),301 'action' => apply_filters( 'groups_activity_accepted_invite_action', sprintf( __( '%s joined the group %s', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $group ) . '">' . esc_attr( $group->name ) . '</a>' ), $bp->loggedin_user->id, &$group ), 302 302 'type' => 'joined_group', 303 303 'item_id' => $group->id … … 1126 1126 /* Once we compelete all steps, record the group creation in the activity stream. */ 1127 1127 groups_record_activity( array( 1128 'action' => apply_filters( 'groups_activity_created_group_action', sprintf( __( '%s created the group %s', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' ) ),1128 'action' => apply_filters( 'groups_activity_created_group_action', sprintf( __( '%s created the group %s', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ) ), 1129 1129 'type' => 'created_group', 1130 1130 'item_id' => $bp->groups->new_group_id … … 1738 1738 /* Record this in activity streams */ 1739 1739 groups_record_activity( array( 1740 'action' => apply_filters( 'groups_activity_joined_group', sprintf( __( '%s joined the group %s', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' ) ),1740 'action' => apply_filters( 'groups_activity_joined_group', sprintf( __( '%s joined the group %s', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ) ), 1741 1741 'type' => 'joined_group', 1742 1742 'item_id' => $group_id … … 1914 1914 1915 1915 /* Record this in activity streams */ 1916 $activity_action = sprintf( __( '%s posted an update in the group %s:', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );1916 $activity_action = sprintf( __( '%s posted an update in the group %s:', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ); 1917 1917 $activity_content = $content; 1918 1918 … … 1985 1985 $topic = bp_forums_get_topic_details( $topic_id ); 1986 1986 1987 $activity_action = sprintf( __( '%s posted on the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );1987 $activity_action = sprintf( __( '%s posted on the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . esc_attr( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ); 1988 1988 $activity_content = bp_create_excerpt( $post_text ); 1989 1989 $primary_link = bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug . '/'; … … 2024 2024 $topic = bp_forums_get_topic_details( $topic_id ); 2025 2025 2026 $activity_action = sprintf( __( '%s started the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );2026 $activity_action = sprintf( __( '%s started the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . esc_attr( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ); 2027 2027 $activity_content = bp_create_excerpt( $topic_text ); 2028 2028 … … 2056 2056 bp_activity_delete_by_item_id( array( 'item_id' => $bp->groups->current_group->id, 'secondary_item_id' => $topic_id, 'component' => $bp->groups->id, 'type' => 'new_forum_topic' ) ); 2057 2057 2058 $activity_action = sprintf( __( '%s started the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $topic->topic_poster ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );2058 $activity_action = sprintf( __( '%s started the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $topic->topic_poster ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . esc_attr( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ); 2059 2059 $activity_content = bp_create_excerpt( $topic_text ); 2060 2060 … … 2090 2090 $topic = bp_forums_get_topic_details( $topic_id ); 2091 2091 2092 $activity_action = sprintf( __( '%s posted on the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $post->poster_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );2092 $activity_action = sprintf( __( '%s posted on the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $post->poster_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'">' . esc_attr( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' ); 2093 2093 $activity_content = bp_create_excerpt( $post_text ); 2094 2094 $primary_link = bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug . '/'; … … 2419 2419 2420 2420 groups_record_activity( array( 2421 'action' => apply_filters( 'groups_activity_membership_accepted_action', sprintf( __( '%s joined the group %s', 'buddypress'), bp_core_get_userlink( $membership->user_id ), '<a href="' . bp_get_group_permalink( $group ) . '">' . attribute_escape( $group->name ) . '</a>' ), $membership->user_id, &$group ),2421 'action' => apply_filters( 'groups_activity_membership_accepted_action', sprintf( __( '%s joined the group %s', 'buddypress'), bp_core_get_userlink( $membership->user_id ), '<a href="' . bp_get_group_permalink( $group ) . '">' . esc_attr( $group->name ) . '</a>' ), $membership->user_id, &$group ), 2422 2422 'type' => 'joined_group', 2423 2423 'item_id' => $membership->group_id, -
branches/1.2/bp-groups/bp-groups-classes.php
r3142 r3143 1137 1137 /* Construct the admin edit tab for the new group extension */ 1138 1138 if ( $this->enable_edit_item ) { 1139 add_action( 'groups_admin_tabs', create_function( '$current, $group_slug', 'if ( "' . attribute_escape( $this->slug ) . '" == $current ) $selected = " class=\"current\""; echo "<li{$selected}><a href=\"' . $bp->root_domain . '/' . $bp->groups->slug . '/{$group_slug}/admin/' . attribute_escape( $this->slug ) . '\">' . attribute_escape( $this->name ) . '</a></li>";' ), 10, 2 );1139 add_action( 'groups_admin_tabs', create_function( '$current, $group_slug', 'if ( "' . esc_attr( $this->slug ) . '" == $current ) $selected = " class=\"current\""; echo "<li{$selected}><a href=\"' . $bp->root_domain . '/' . $bp->groups->slug . '/{$group_slug}/admin/' . esc_attr( $this->slug ) . '\">' . esc_attr( $this->name ) . '</a></li>";' ), 10, 2 ); 1140 1140 1141 1141 /* Catch the edit screen and forward it to the plugin template */ … … 1162 1162 /* When we are viewing the extension display page, set the title and options title */ 1163 1163 if ( $bp->current_component == $bp->groups->slug && $bp->is_single_item && $bp->current_action == $this->slug ) { 1164 add_action( 'bp_template_content_header', create_function( '', 'echo "' . attribute_escape( $this->name ) . '";' ) );1165 add_action( 'bp_template_title', create_function( '', 'echo "' . attribute_escape( $this->name ) . '";' ) );1164 add_action( 'bp_template_content_header', create_function( '', 'echo "' . esc_attr( $this->name ) . '";' ) ); 1165 add_action( 'bp_template_title', create_function( '', 'echo "' . esc_attr( $this->name ) . '";' ) ); 1166 1166 } 1167 1167 } -
branches/1.2/bp-groups/bp-groups-templatetags.php
r2995 r3143 288 288 /* Fetch the avatar from the folder, if not provide backwards compat. */ 289 289 if ( !$avatar = bp_core_fetch_avatar( array( 'item_id' => $groups_template->group->id, 'object' => 'group', 'type' => $type, 'avatar_dir' => 'group-avatars', 'alt' => $alt, 'css_id' => $id, 'class' => $class, 'width' => $width, 'height' => $height ) ) ) 290 $avatar = '<img src="' . attribute_escape( $groups_template->group->avatar_thumb ) . '" class="avatar" alt="' . attribute_escape( $groups_template->group->name ) . '" />';290 $avatar = '<img src="' . esc_attr( $groups_template->group->avatar_thumb ) . '" class="avatar" alt="' . esc_attr( $groups_template->group->name ) . '" />'; 291 291 292 292 return apply_filters( 'bp_get_group_avatar', $avatar ); … … 1133 1133 function bp_group_hidden_fields() { 1134 1134 if ( isset( $_REQUEST['s'] ) ) { 1135 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['s'] ) . '" name="search_terms" />';1135 echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['s'] ) . '" name="search_terms" />'; 1136 1136 } 1137 1137 1138 1138 if ( isset( $_REQUEST['letter'] ) ) { 1139 echo '<input type="hidden" id="selected_letter" value="' . attribute_escape( $_REQUEST['letter'] ) . '" name="selected_letter" />';1139 echo '<input type="hidden" id="selected_letter" value="' . esc_attr( $_REQUEST['letter'] ) . '" name="selected_letter" />'; 1140 1140 } 1141 1141 1142 1142 if ( isset( $_REQUEST['groups_search'] ) ) { 1143 echo '<input type="hidden" id="search_terms" value="' . attribute_escape( $_REQUEST['groups_search'] ) . '" name="search_terms" />';1143 echo '<input type="hidden" id="search_terms" value="' . esc_attr( $_REQUEST['groups_search'] ) . '" name="search_terms" />'; 1144 1144 } 1145 1145 } … … 1689 1689 } 1690 1690 1691 $items[] = '<' . $separator . '><input' . $checked . ' type="checkbox" name="friends[]" id="f-' . $friends[$i]['id'] . '" value="' . attribute_escape( $friends[$i]['id'] ) . '" /> ' . $friends[$i]['full_name'] . '</' . $separator . '>';1691 $items[] = '<' . $separator . '><input' . $checked . ' type="checkbox" name="friends[]" id="f-' . $friends[$i]['id'] . '" value="' . esc_attr( $friends[$i]['id'] ) . '" /> ' . $friends[$i]['full_name'] . '</' . $separator . '>'; 1692 1692 } 1693 1693 } … … 1705 1705 ?> 1706 1706 <form action="" method="get" id="search-groups-form"> 1707 <label><input type="text" name="s" id="groups_search" value="<?php echo attribute_escape($search_value) ?>" onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label>1707 <label><input type="text" name="s" id="groups_search" value="<?php echo esc_attr($search_value) ?>" onfocus="if (this.value == '<?php _e( 'Search anything...', 'buddypress' ) ?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e( 'Search anything...', 'buddypress' ) ?>';}" /></label> 1708 1708 <input type="submit" id="groups_search_submit" name="groups_search_submit" value="<?php _e( 'Search', 'buddypress' ) ?>" /> 1709 1709 </form> … … 1772 1772 1773 1773 if ( $bp->groups->current_group->avatar_full ) { ?> 1774 <img src="<?php echo attribute_escape( $bp->groups->current_group->avatar_full ) ?>" alt="<?php _e( 'Group Avatar', 'buddypress' ) ?>" class="avatar" />1774 <img src="<?php echo esc_attr( $bp->groups->current_group->avatar_full ) ?>" alt="<?php _e( 'Group Avatar', 'buddypress' ) ?>" class="avatar" /> 1775 1775 <?php } else { ?> 1776 1776 <img src="<?php echo $bp->groups->image_base . '/none.gif' ?>" alt="<?php _e( 'No Group Avatar', 'buddypress' ) ?>" class="avatar" /> -
branches/1.2/bp-groups/bp-groups-widgets.php
r2794 r3143 51 51 </ul> 52 52 <?php wp_nonce_field( 'groups_widget_groups_list', '_wpnonce-groups' ); ?> 53 <input type="hidden" name="groups_widget_max" id="groups_widget_max" value="<?php echo attribute_escape( $instance['max_groups'] ); ?>" />53 <input type="hidden" name="groups_widget_max" id="groups_widget_max" value="<?php echo esc_attr( $instance['max_groups'] ); ?>" /> 54 54 55 55 <?php else: ?> … … 77 77 ?> 78 78 79 <p><label for="bp-groups-widget-groups-max"><?php _e('Max groups to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_groups' ); ?>" name="<?php echo $this->get_field_name( 'max_groups' ); ?>" type="text" value="<?php echo attribute_escape( $max_groups ); ?>" style="width: 30%" /></label></p>79 <p><label for="bp-groups-widget-groups-max"><?php _e('Max groups to show:', 'buddypress'); ?> <input class="widefat" id="<?php echo $this->get_field_id( 'max_groups' ); ?>" name="<?php echo $this->get_field_name( 'max_groups' ); ?>" type="text" value="<?php echo esc_attr( $max_groups ); ?>" style="width: 30%" /></label></p> 80 80 <?php 81 81 } … … 130 130 </ul> 131 131 <?php wp_nonce_field( 'groups_widget_groups_list', '_wpnonce-groups' ); ?> 132 <input type="hidden" name="groups_widget_max" id="groups_widget_max" value="<?php echo attribute_escape( $_POST['max_groups'] ); ?>" />132 <input type="hidden" name="groups_widget_max" id="groups_widget_max" value="<?php echo esc_attr( $_POST['max_groups'] ); ?>" /> 133 133 134 134 <?php else: ?> -
branches/1.2/bp-themes/bp-default/_inc/ajax.php
r3142 r3143 189 189 <div class="acomment-meta"> 190 190 <?php echo bp_core_get_userlink( bp_get_activity_user_id() ) ?> · <?php printf( __( '%s ago', 'buddypress' ), bp_core_time_since( bp_core_current_time() ) ) ?> · 191 <a class="acomment-reply" href="#acomment-<?php bp_activity_id() ?>" id="acomment-reply-<?php echo attribute_escape( $_POST['form_id'] ) ?>"><?php _e( 'Reply', 'buddypress' ) ?></a>191 <a class="acomment-reply" href="#acomment-<?php bp_activity_id() ?>" id="acomment-reply-<?php echo esc_attr( $_POST['form_id'] ) ?>"><?php _e( 'Reply', 'buddypress' ) ?></a> 192 192 · <a href="<?php echo wp_nonce_url( $bp->root_domain . '/' . $bp->activity->slug . '/delete/' . bp_get_activity_id() . '?cid=' . $comment_id, 'bp_activity_delete_link' ) ?>" class="delete acomment-delete confirm"><?php _e( 'Delete', 'buddypress' ) ?></a> 193 193 </div> … … 313 313 echo '<span class="activity">' . esc_attr( $user->last_active ) . '</span>'; 314 314 echo '<div class="action"> 315 <a class="remove" href="' . wp_nonce_url( $bp->loggedin_user->domain . $bp->groups->slug . '/' . $_POST['group_id'] . '/invites/remove/' . $user->id, 'groups_invite_uninvite_user' ) . '" id="uid-' . attribute_escape( $user->id ) . '">' . __( 'Remove Invite', 'buddypress' ) . '</a>315 <a class="remove" href="' . wp_nonce_url( $bp->loggedin_user->domain . $bp->groups->slug . '/' . $_POST['group_id'] . '/invites/remove/' . $user->id, 'groups_invite_uninvite_user' ) . '" id="uid-' . esc_attr( $user->id ) . '">' . __( 'Remove Invite', 'buddypress' ) . '</a> 316 316 </div>'; 317 317 echo '</li>'; … … 405 405 _e( 'Error joining group', 'buddypress' ); 406 406 } else { 407 echo '<a id="group-' . attribute_escape( $group->id ) . '" class="leave-group" rel="leave" title="' . __( 'Leave Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'leave-group', 'groups_leave_group' ) . '">' . __( 'Leave Group', 'buddypress' ) . '</a>';407 echo '<a id="group-' . esc_attr( $group->id ) . '" class="leave-group" rel="leave" title="' . __( 'Leave Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'leave-group', 'groups_leave_group' ) . '">' . __( 'Leave Group', 'buddypress' ) . '</a>'; 408 408 } 409 409 … … 415 415 _e( 'Error requesting membership', 'buddypress' ); 416 416 } else { 417 echo '<a id="group-' . attribute_escape( $group->id ) . '" class="membership-requested" rel="membership-requested" title="' . __( 'Membership Requested', 'buddypress' ) . '" href="' . bp_get_group_permalink( $group ) . '">' . __( 'Membership Requested', 'buddypress' ) . '</a>';417 echo '<a id="group-' . esc_attr( $group->id ) . '" class="membership-requested" rel="membership-requested" title="' . __( 'Membership Requested', 'buddypress' ) . '" href="' . bp_get_group_permalink( $group ) . '">' . __( 'Membership Requested', 'buddypress' ) . '</a>'; 418 418 } 419 419 } … … 427 427 } else { 428 428 if ( 'public' == $group->status ) { 429 echo '<a id="group-' . attribute_escape( $group->id ) . '" class="join-group" rel="join" title="' . __( 'Join Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'join', 'groups_join_group' ) . '">' . __( 'Join Group', 'buddypress' ) . '</a>';429 echo '<a id="group-' . esc_attr( $group->id ) . '" class="join-group" rel="join" title="' . __( 'Join Group', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'join', 'groups_join_group' ) . '">' . __( 'Join Group', 'buddypress' ) . '</a>'; 430 430 } else if ( 'private' == $group->status ) { 431 echo '<a id="group-' . attribute_escape( $group->id ) . '" class="request-membership" rel="join" title="' . __( 'Request Membership', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'request-membership', 'groups_send_membership_request' ) . '">' . __( 'Request Membership', 'buddypress' ) . '</a>';431 echo '<a id="group-' . esc_attr( $group->id ) . '" class="request-membership" rel="join" title="' . __( 'Request Membership', 'buddypress' ) . '" href="' . wp_nonce_url( bp_get_group_permalink( $group ) . 'request-membership', 'groups_send_membership_request' ) . '">' . __( 'Request Membership', 'buddypress' ) . '</a>'; 432 432 } 433 433 } -
branches/1.2/bp-themes/bp-default/sidebar.php
r2879 r3143 40 40 <form name="login-form" id="sidebar-login-form" class="standard-form" action="<?php echo site_url( 'wp-login.php', 'login_post' ) ?>" method="post"> 41 41 <label><?php _e( 'Username', 'buddypress' ) ?><br /> 42 <input type="text" name="log" id="sidebar-user-login" class="input" value="<?php echo attribute_escape(stripslashes($user_login)); ?>" /></label>42 <input type="text" name="log" id="sidebar-user-login" class="input" value="<?php echo esc_attr(stripslashes($user_login)); ?>" /></label> 43 43 44 44 <label><?php _e( 'Password', 'buddypress' ) ?><br /> -
branches/1.2/bp-xprofile.php
r3142 r3143 213 213 214 214 <ul> 215 <li><a href="<?php echo $bp->displayed_user->domain . $bp->profile->slug ?>/edit/"><?php printf( __( "Edit %s's Profile", 'buddypress' ), attribute_escape( $bp->displayed_user->fullname ) ) ?></a></li>216 <li><a href="<?php echo $bp->displayed_user->domain . $bp->profile->slug ?>/change-avatar/"><?php printf( __( "Edit %s's Avatar", 'buddypress' ), attribute_escape( $bp->displayed_user->fullname ) ) ?></a></li>215 <li><a href="<?php echo $bp->displayed_user->domain . $bp->profile->slug ?>/edit/"><?php printf( __( "Edit %s's Profile", 'buddypress' ), esc_attr( $bp->displayed_user->fullname ) ) ?></a></li> 216 <li><a href="<?php echo $bp->displayed_user->domain . $bp->profile->slug ?>/change-avatar/"><?php printf( __( "Edit %s's Avatar", 'buddypress' ), esc_attr( $bp->displayed_user->fullname ) ) ?></a></li> 217 217 218 218 <?php if ( !bp_core_is_user_spammer( $bp->displayed_user->id ) ) : ?> … … 222 222 <?php endif; ?> 223 223 224 <li><a href="<?php echo wp_nonce_url( $bp->displayed_user->domain . 'admin/delete-user/', 'delete-user' ) ?>" class="confirm"><?php printf( __( "Delete %s", 'buddypress' ), attribute_escape( $bp->displayed_user->fullname ) ) ?></a></li>224 <li><a href="<?php echo wp_nonce_url( $bp->displayed_user->domain . 'admin/delete-user/', 'delete-user' ) ?>" class="confirm"><?php printf( __( "Delete %s", 'buddypress' ), esc_attr( $bp->displayed_user->fullname ) ) ?></a></li> 225 225 226 226 <?php do_action( 'xprofile_adminbar_menu_items' ) ?> -
branches/1.2/bp-xprofile/bp-xprofile-admin.php
r2625 r3143 50 50 ?> 51 51 <div id="message" class="<?php echo $type; ?> fade"> 52 <p><?php echo wp_specialchars( attribute_escape( $message ) ); ?></p>52 <p><?php echo wp_specialchars( esc_attr( $message ) ); ?></p> 53 53 </div> 54 54 <?php } … … 63 63 <tr> 64 64 <th scope="col" width="10"> </th> 65 <th scope="col" colspan="<?php if ( $groups[$i]->can_delete ) { ?>3<?php } else { ?>5<?php } ?>"><?php echo attribute_escape( $groups[$i]->name ); ?></th>65 <th scope="col" colspan="<?php if ( $groups[$i]->can_delete ) { ?>3<?php } else { ?>5<?php } ?>"><?php echo esc_attr( $groups[$i]->name ); ?></th> 66 66 <?php if ( $groups[$i]->can_delete ) { ?> 67 <th scope="col"><a class="edit" href="admin.php?page=bp-profile-setup&mode=edit_group&group_id=<?php echo attribute_escape( $groups[$i]->id ); ?>"><?php _e( 'Edit', 'buddypress' ) ?></a></th>68 <th scope="col"><a class="delete" href="admin.php?page=bp-profile-setup&mode=delete_group&group_id=<?php echo attribute_escape( $groups[$i]->id ); ?>"><?php _e( 'Delete', 'buddypress' ) ?></a></th>67 <th scope="col"><a class="edit" href="admin.php?page=bp-profile-setup&mode=edit_group&group_id=<?php echo esc_attr( $groups[$i]->id ); ?>"><?php _e( 'Edit', 'buddypress' ) ?></a></th> 68 <th scope="col"><a class="delete" href="admin.php?page=bp-profile-setup&mode=delete_group&group_id=<?php echo esc_attr( $groups[$i]->id ); ?>"><?php _e( 'Delete', 'buddypress' ) ?></a></th> 69 69 <?php } ?> 70 70 </tr> … … 87 87 <?php if ( !$field->can_delete ) { $class .= ' core'; } ?> 88 88 89 <tr id="field_<?php echo attribute_escape( $field->id ); ?>" class="sortable<?php if ( $class ) { echo ' ' . $class; } ?>">89 <tr id="field_<?php echo esc_attr( $field->id ); ?>" class="sortable<?php if ( $class ) { echo ' ' . $class; } ?>"> 90 90 <td width="10"><img src="<?php echo BP_PLUGIN_URL ?>/bp-xprofile/admin/images/move.gif" alt="<?php _e( 'Drag', 'buddypress' ) ?>" /></td> 91 <td><span title="<?php echo $field->description; ?>"><?php echo attribute_escape( $field->name ); ?> <?php if(!$field->can_delete) { ?> <?php _e( '(Core Field)', 'buddypress' ) ?><?php } ?></span></td>92 <td><?php echo attribute_escape( $field->type ); ?></td>91 <td><span title="<?php echo $field->description; ?>"><?php echo esc_attr( $field->name ); ?> <?php if(!$field->can_delete) { ?> <?php _e( '(Core Field)', 'buddypress' ) ?><?php } ?></span></td> 92 <td><?php echo esc_attr( $field->type ); ?></td> 93 93 <td style="text-align:center;"><?php if ( $field->is_required ) { echo '<img src="' . BP_PLUGIN_URL . '/bp-xprofile/admin/images/tick.gif" alt="' . __( 'Yes', 'buddypress' ) . '" />'; } else { ?>--<?php } ?></td> 94 <td style="text-align:center;"><?php if ( !$field->can_delete ) { ?><strike><?php _e( 'Edit', 'buddypress' ) ?></strike><?php } else { ?><a class="edit" href="admin.php?page=bp-profile-setup&group_id=<?php echo attribute_escape( $groups[$i]->id ); ?>&field_id=<?php echo attribute_escape( $field->id ); ?>&mode=edit_field"><?php _e( 'Edit', 'buddypress' ) ?></a><?php } ?></td>95 <td style="text-align:center;"><?php if ( !$field->can_delete ) { ?><strike><?php _e( 'Delete', 'buddypress' ) ?></strike><?php } else { ?><a class="delete" href="admin.php?page=bp-profile-setup&field_id=<?php echo attribute_escape( $field->id ); ?>&mode=delete_field"><?php _e( 'Delete', 'buddypress' ) ?></a><?php } ?></td>94 <td style="text-align:center;"><?php if ( !$field->can_delete ) { ?><strike><?php _e( 'Edit', 'buddypress' ) ?></strike><?php } else { ?><a class="edit" href="admin.php?page=bp-profile-setup&group_id=<?php echo esc_attr( $groups[$i]->id ); ?>&field_id=<?php echo esc_attr( $field->id ); ?>&mode=edit_field"><?php _e( 'Edit', 'buddypress' ) ?></a><?php } ?></td> 95 <td style="text-align:center;"><?php if ( !$field->can_delete ) { ?><strike><?php _e( 'Delete', 'buddypress' ) ?></strike><?php } else { ?><a class="delete" href="admin.php?page=bp-profile-setup&field_id=<?php echo esc_attr( $field->id ); ?>&mode=delete_field"><?php _e( 'Delete', 'buddypress' ) ?></a><?php } ?></td> 96 96 </tr> 97 97 … … 111 111 112 112 <tr class="nodrag"> 113 <td colspan="6"><a href="admin.php?page=bp-profile-setup&group_id=<?php echo attribute_escape( $groups[$i]->id ); ?>&mode=add_field"><?php _e( 'Add New Field', 'buddypress' ) ?></a></td>113 <td colspan="6"><a href="admin.php?page=bp-profile-setup&group_id=<?php echo esc_attr( $groups[$i]->id ); ?>&mode=add_field"><?php _e( 'Add New Field', 'buddypress' ) ?></a></td> 114 114 </tr> 115 115 -
branches/1.2/bp-xprofile/bp-xprofile-classes.php
r3064 r3143 190 190 <?php } ?> 191 191 192 <form action="<?php echo attribute_escape( $action ); ?>" method="post">192 <form action="<?php echo esc_attr( $action ); ?>" method="post"> 193 193 194 194 <div id="titlediv"> 195 195 <label for="group_name"><?php _e( "Field Group Name", 'buddypress') ?></label> 196 196 <div> 197 <input type="text" name="group_name" id="group_name" value="<?php echo attribute_escape( $this->name ) ?>" style="width:50%" />197 <input type="text" name="group_name" id="group_name" value="<?php echo esc_attr( $this->name ) ?>" style="width:50%" /> 198 198 </div> 199 199 </div> 200 200 201 201 <p class="submit" style="text-align: left"> 202 <input type="submit" name="saveGroup" value="<?php echo attribute_escape( $title ); ?> →" />202 <input type="submit" name="saveGroup" value="<?php echo esc_attr( $title ); ?> →" /> 203 203 </p> 204 204 … … 528 528 ?> 529 529 <p><?php _e('Option', 'buddypress') ?> <?php echo $j ?>: 530 <input type="text" name="<?php echo $type ?>_option[<?php echo $j ?>]" id="<?php echo $type ?>_option<?php echo $j ?>" value="<?php echo attribute_escape( $options[$i]->name ) ?>" />530 <input type="text" name="<?php echo $type ?>_option[<?php echo $j ?>]" id="<?php echo $type ?>_option<?php echo $j ?>" value="<?php echo esc_attr( $options[$i]->name ) ?>" /> 531 531 <input type="<?php echo $default_input ?>" name="isDefault_<?php echo $type ?>_option<?php echo $default_name ?>" <?php if ( (int) $options[$i]->is_default_option ) {?> checked="checked"<?php } ?> " value="<?php echo $j ?>" /> <?php _e( 'Default Value', 'buddypress' ) ?> 532 532 <?php if ( $j != 1 && … … 588 588 <h3><label for="title"><?php _e("Field Title", 'buddypress') ?> *</label></h3> 589 589 <div id="titlewrap"> 590 <input type="text" name="title" id="title" value="<?php echo attribute_escape( $this->name ) ?>" style="width:50%" />590 <input type="text" name="title" id="title" value="<?php echo esc_attr( $this->name ) ?>" style="width:50%" /> 591 591 </div> 592 592 </div> -
branches/1.2/bp-xprofile/bp-xprofile-templatetags.php
r3106 r3143 180 180 181 181 if ( $class ) 182 $css_classes[] = sanitize_title( attribute_escape( $class ) );182 $css_classes[] = sanitize_title( esc_attr( $class ) ); 183 183 184 184 /* Set a class with the field ID */ … … 394 394 } 395 395 396 $html .= apply_filters( 'bp_get_the_profile_field_options_select', '<option' . $selected . ' value="' . attribute_escape( $options[$k]->name ) . '">' . attribute_escape( $options[$k]->name ) . '</option>', $options[$k] );396 $html .= apply_filters( 'bp_get_the_profile_field_options_select', '<option' . $selected . ' value="' . esc_attr( $options[$k]->name ) . '">' . esc_attr( $options[$k]->name ) . '</option>', $options[$k] ); 397 397 } 398 398 break; … … 416 416 } 417 417 418 $html .= apply_filters( 'bp_get_the_profile_field_options_radio', '<label><input' . $selected . ' type="radio" name="field_' . $field->id . '" id="option_' . $options[$k]->id . '" value="' . attribute_escape( $options[$k]->name ) . '"> ' . attribute_escape( $options[$k]->name ) . '</label>', $options[$k] );418 $html .= apply_filters( 'bp_get_the_profile_field_options_radio', '<label><input' . $selected . ' type="radio" name="field_' . $field->id . '" id="option_' . $options[$k]->id . '" value="' . esc_attr( $options[$k]->name ) . '"> ' . esc_attr( $options[$k]->name ) . '</label>', $options[$k] ); 419 419 } 420 420 … … 441 441 } 442 442 443 $html .= apply_filters( 'bp_get_the_profile_field_options_checkbox', '<label><input' . $selected . ' type="checkbox" name="field_' . $field->id . '[]" id="field_' . $options[$k]->id . '_' . $k . '" value="' . attribute_escape( $options[$k]->name ) . '"> ' . attribute_escape( $options[$k]->name ) . '</label>', $options[$k] );443 $html .= apply_filters( 'bp_get_the_profile_field_options_checkbox', '<label><input' . $selected . ' type="checkbox" name="field_' . $field->id . '[]" id="field_' . $options[$k]->id . '_' . $k . '" value="' . esc_attr( $options[$k]->name ) . '"> ' . esc_attr( $options[$k]->name ) . '</label>', $options[$k] ); 444 444 $selected = ''; 445 445 } … … 473 473 switch ( $type ) { 474 474 case 'day': 475 $html .= '<option value=""' . attribute_escape( $default_select ) . '>--</option>';475 $html .= '<option value=""' . esc_attr( $default_select ) . '>--</option>'; 476 476 477 477 for ( $i = 1; $i < 32; $i++ ) { … … 494 494 ); 495 495 496 $html .= '<option value=""' . attribute_escape( $default_select ) . '>------</option>';496 $html .= '<option value=""' . esc_attr( $default_select ) . '>------</option>'; 497 497 498 498 for ( $i = 0; $i < 12; $i++ ) { … … 508 508 509 509 case 'year': 510 $html .= '<option value=""' . attribute_escape( $default_select ) . '>----</option>';510 $html .= '<option value=""' . esc_attr( $default_select ) . '>----</option>'; 511 511 512 512 for ( $i = date( 'Y', time() ); $i > 1899; $i-- ) { … … 583 583 584 584 if ( $groups[$i]->fields ) 585 echo '<li' . $selected . '><a href="' . $bp->displayed_user->domain . $bp->profile->slug . '/edit/group/' . $groups[$i]->id . '">' . attribute_escape( $groups[$i]->name ) . '</a></li>';585 echo '<li' . $selected . '><a href="' . $bp->displayed_user->domain . $bp->profile->slug . '/edit/group/' . $groups[$i]->id . '">' . esc_attr( $groups[$i]->name ) . '</a></li>'; 586 586 } 587 587
Note: See TracChangeset
for help on using the changeset viewer.