Skip to:
Content

BuddyPress.org

Changeset 3249


Ignore:
Timestamp:
09/10/2010 11:47:01 PM (16 years ago)
Author:
johnjamesjacoby
Message:

Better fix for #2603 props Paul Gibbs.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/1.2/bp-xprofile/bp-xprofile-filters.php

    r3248 r3249  
    2525add_filter( 'xprofile_field_name_before_save',        'wp_filter_kses', 1 );
    2626add_filter( 'xprofile_field_description_before_save', 'wp_filter_kses', 1 );
    27 add_filter( 'xprofile_data_value_before_save',        'wp_filter_kses', 1 );
    2827
    2928add_filter( 'xprofile_get_field_data',                'force_balance_tags' );
    3029add_filter( 'xprofile_field_name_before_save',        'force_balance_tags' );
    3130add_filter( 'xprofile_field_description_before_save', 'force_balance_tags' );
    32 add_filter( 'xprofile_data_value_before_save',        'force_balance_tags' );
    3331
    3432add_filter( 'xprofile_get_field_data',                'stripslashes' );
     
    3937add_filter( 'bp_get_the_site_member_profile_data',    'xprofile_filter_format_field_value', 1, 2 );
    4038add_filter( 'bp_get_the_profile_field_value',         'xprofile_filter_link_profile_data', 50, 2 );
     39
     40add_filter( 'xprofile_data_value_before_save',        'xprofile_sanitize_data_value_before_save', 1, 2 );
     41
     42/**
     43 * xprofile_sanitize_data_value_before_save ( $field_value, $field_id )
     44 *
     45 * Safely runs profile field data through kses and force_balance_tags.
     46 *
     47 * @param string $field_value
     48 * @param int $field_id
     49 * @return string
     50 */
     51function xprofile_sanitize_data_value_before_save ( $field_value, $field_id ) {
     52
     53    // Return if empty
     54    if ( empty( $field_value ) )
     55        return;;
     56
     57    // Filter single value
     58    if ( !is_array( $field_value ) ) {
     59        $kses_field_value     = wp_filter_kses( $field_value );
     60        $filtered_field_value = force_balance_tags( $kses_field_value );
     61
     62    // Filter each array item independently
     63    } else {
     64        foreach ( (array)$field_value as $value ) {
     65            $kses_field_value       = wp_filter_kses( $value );
     66            $filtered_field_value[] = force_balance_tags( $kses_field_value );
     67        }
     68    }
     69
     70    return $filtered_field_value;
     71}
    4172
    4273function xprofile_filter_format_field_value( $field_value, $field_type = '' ) {
Note: See TracChangeset for help on using the changeset viewer.