Changeset 3560

Timestamp:

12/22/2010 01:48:36 PM (14 years ago)

Author:

boonebgorges

Message:

Adds rel=nofollow to xprofile data links. Fixes #2696. Fixes a handful of WP_DEBUG errors throughout xprofile.

Location:

trunk

Files:

• bp-xprofile.php (modified) (1 diff)
• bp-xprofile/bp-xprofile-admin.php (modified) (1 diff)
• bp-xprofile/bp-xprofile-filters.php (modified) (4 diffs)
• bp-xprofile/bp-xprofile-templatetags.php (modified) (2 diffs)

trunk/bp-xprofile.php

@@ -840 +840 @@
     global $bp, $wpdb;
 
-    if ( (int)$bp->site_options['bp-disable-profile-sync'] )
+    if ( !empty( $bp->site_options['bp-disable-profile-sync'] ) && (int)$bp->site_options['bp-disable-profile-sync'] )
         return true;
 

trunk/bp-xprofile/bp-xprofile-admin.php

@@ -218 +218 @@
             $field->is_required = wp_filter_kses( $_POST['required'] );
             $field->type = wp_filter_kses( $_POST['fieldtype'] );
-            $field->order_by = wp_filter_kses( $_POST["sort_order_{$field->type}"] );
+            if ( !empty( $_POST["sort_order_{$field->type}"] ) )
+                $field->order_by = wp_filter_kses( $_POST["sort_order_{$field->type}"] );
 
             $field->field_order = $wpdb->get_var( $wpdb->prepare( "SELECT field_order FROM {$bp->profile->table_name_fields} WHERE id = %d", $field_id ) );

trunk/bp-xprofile/bp-xprofile-filters.php

@@ -3 +3 @@
 /* Apply WordPress defined filters */
 
-add_filter( 'bp_get_the_profile_field_value',         'wp_filter_kses', 1 );
 add_filter( 'bp_get_the_profile_field_name',          'wp_filter_kses', 1 );
 add_filter( 'bp_get_the_profile_field_edit_value',    'wp_filter_kses', 1 );
@@ -32 +31 @@
 /* Custom BuddyPress filters */
 
+add_filter( 'bp_get_the_profile_field_value',         'xprofile_filter_kses', 1 );
+
 add_filter( 'bp_get_the_profile_field_value',         'xprofile_filter_format_field_value', 1, 2 );
 add_filter( 'bp_get_the_site_member_profile_data',    'xprofile_filter_format_field_value', 1, 2 );
 add_filter( 'bp_get_the_profile_field_value',         'xprofile_filter_link_profile_data', 50, 2 );
 
-add_filter( 'xprofile_data_value_before_save',        'xprofile_sanitize_data_value_before_save', 1, 2 );
+add_filter( 'xprofile_data_value_before_save',        'xprofile_sanitize_data_value_before_save', 1, 2 );       
+
+/**
+ * xprofile_filter_kses ( $content )
+ *
+ * Run profile field values through kses with filterable allowed tags.
+ *
+ * @param string $content
+ * @return string $content
+ */
+function xprofile_filter_kses( $content ) {
+    global $allowedtags;
+
+    $xprofile_allowedtags = $allowedtags;
+    $xprofile_allowedtags['a']['rel']      = array();
+
+    $xprofile_allowedtags = apply_filters( 'xprofile_allowed_tags', $xprofile_allowedtags );
+    return wp_kses( $content, $xprofile_allowedtags );
+}
 
 /**
@@ -58 +77 @@
     // Filter single value
     if ( !is_array( $field_value ) ) {
-        $kses_field_value     = wp_filter_kses( $field_value );
-        $filtered_field_value = force_balance_tags( $kses_field_value );
+        $kses_field_value     = xprofile_filter_kses( $field_value );
+        $filtered_field_value = wp_rel_nofollow( force_balance_tags( $kses_field_value ) );
+        $filtered_field_value = apply_filters( 'xprofile_filtered_data_value_before_save', $filtered_field_value, $field_value );
 
     // Filter each array item independently
     } else {
+        $filtered_values = array();
         foreach ( (array)$field_value as $value ) {
-            $kses_field_value       = wp_filter_kses( $value );
-            $filtered_values[] = force_balance_tags( $kses_field_value );
+            $kses_field_value       = xprofile_filter_kses( $value );
+            $filtered_value     = wp_rel_nofollow( force_balance_tags( $kses_field_value ) );
+            $filtered_values[] = apply_filters( 'xprofile_filtered_data_value_before_save', $filtered_value, $value );
+            
         }
 
@@ -106 +129 @@
                     $new_values[] = $value;
                 } else {
-                    $new_values[] = '<a href="' . site_url( BP_MEMBERS_SLUG ) . '/?s=' . strip_tags( $value ) . '">' . $value . '</a>';
+                    $new_values[] = '<a href="' . site_url( BP_MEMBERS_SLUG ) . '/?s=' . strip_tags( $value ) . '" rel="nofollow">' . $value . '</a>';
                 }
             }

trunk/bp-xprofile/bp-xprofile-templatetags.php

@@ -102 +102 @@
             $field = &$this->group->fields[$i];
 
-            if ( $field->data->value != null ) {
+            if ( !empty( $field->data ) && $field->data->value != null ) {
                 $has_data = true;
             }
@@ -441 +441 @@
                 $option_values = maybe_unserialize($option_values);
 
+                $html = '';
                 for ( $k = 0; $k < count($options); $k++ ) {
+                    $selected = '';
                     for ( $j = 0; $j < count($option_values); $j++ ) {
                         if ( $option_values[$j] == $options[$k]->name || @in_array( $options[$k]->name, $value ) || $options[$k]->is_default_option ) {