Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3370

Timestamp:

11/07/2010 12:24:39 AM (14 years ago)

Author:

djpaul

Message:

Use esc_html() instead of deprecated wp_specialchars()

Location:

trunk

Files:

: 5 edited

bp-blogs/bp-blogs-templatetags.php (modified) (1 diff)
bp-core/bp-core-filters.php (modified) (2 diffs)
bp-core/bp-core-settings.php (modified) (1 diff)
bp-core/bp-core-signup.php (modified) (1 diff)
bp-xprofile/bp-xprofile-admin.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/bp-blogs/bp-blogs-templatetags.php

r3300	r3370
397	397	<p class="error"><?php echo $errmsg ?></p>
398	398	<?php }
399		echo '<input name="blog_title" type="text" id="blog_title" value="'.~~wp_specialchars~~($blog_title, 1).'" /></p>';
	399	echo '<input name="blog_title" type="text" id="blog_title" value="'.esc_html($blog_title, 1).'" /></p>';
400	400	?>
401	401

trunk/bp-core/bp-core-filters.php

-                      r3369
+                      r3370
         $admin_email = 'support@' . $_SERVER['SERVER_NAME'];
     $from_name = ( '' == get_site_option( "site_name" ) ) ? 'WordPress' : wp_specialchars( get_site_option( "site_name" ) );
+    $from_name = ( '' == get_site_option( "site_name" ) ) ? 'WordPress' : esc_html( get_site_option( "site_name" ) );
     $message_headers = "MIME-Version: 1.0\n" . "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n";
     $message = sprintf(__("Thanks for registering! To complete the activation of your account and blog, please click the following link:\n\n%1$s\n\n\n\nAfter you activate, you can visit your blog here:\n\n%2$s", 'buddypress' ), $activate_url, esc_url("http://{$domain}{$path}" ) );
 …
         $email = '&e=1';
     $from_name = ( '' == get_site_option( "site_name" ) ) ? 'WordPress' : wp_specialchars( get_site_option( "site_name" ) );
+    $from_name = ( '' == get_site_option( "site_name" ) ) ? 'WordPress' : esc_html( get_site_option( "site_name" ) );
     $message_headers = "MIME-Version: 1.0\n" . "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n";
     $message = sprintf( __( "Thanks for registering! To complete the activation of your account please click the following link:\n\n%s\n\n", 'buddypress' ), $activate_url . $email, esc_url( "http://{$domain}{$path}" ) );

trunk/bp-core/bp-core-settings.php

r3369	r3370
43	43
44	44	if ( $_POST['email'] != '' )
45		$current_user->user_email = ~~wp_specialchars~~( trim( $_POST['email'] ) );
	45	$current_user->user_email = esc_html( trim( $_POST['email'] ) );
46	46
47	47	if ( $_POST['pass1'] != '' && $_POST['pass2'] != '' ) {

trunk/bp-core/bp-core-signup.php

r3369	r3370
610	610	$admin_email = 'noreply@' . $_SERVER['SERVER_NAME'];
611	611
612		$from_name = ( '' == get_option( 'blogname' ) ) ? 'BuddyPress' : ~~wp_specialchars~~( get_option( 'blogname' ) );
	612	$from_name = ( '' == get_option( 'blogname' ) ) ? 'BuddyPress' : esc_html( get_option( 'blogname' ) );
613	613	$message_headers = "MIME-Version: 1.0\n" . "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option( 'blog_charset' ) . "\"\n";
614	614	$message = sprintf( __( "Thanks for registering! To complete the activation of your account please click the following link:\n\n%s\n\n", 'buddypress' ), $activate_url );

trunk/bp-xprofile/bp-xprofile-admin.php

r3369	r3370
59	59
60	60	<div id="message" class="<?php echo $type; ?> fade">
61		<p><?php echo ~~wp_specialchars~~( esc_attr( $message ) ); ?></p>
	61	<p><?php echo esc_html( esc_attr( $message ) ); ?></p>
62	62	</div>
63	63	<?php endif; ?>

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

BuddyPress.org