Changeset 3560 for trunk/bp-xprofile/bp-xprofile-filters.php

Timestamp:

12/22/2010 01:48:36 PM (14 years ago)

Author:

boonebgorges

Message:

Adds rel=nofollow to xprofile data links. Fixes #2696. Fixes a handful of WP_DEBUG errors throughout xprofile.

File:

• trunk/bp-xprofile/bp-xprofile-filters.php (modified) (4 diffs)

trunk/bp-xprofile/bp-xprofile-filters.php

@@ -3 +3 @@
 /* Apply WordPress defined filters */
 
-add_filter( 'bp_get_the_profile_field_value',         'wp_filter_kses', 1 );
 add_filter( 'bp_get_the_profile_field_name',          'wp_filter_kses', 1 );
 add_filter( 'bp_get_the_profile_field_edit_value',    'wp_filter_kses', 1 );
@@ -32 +31 @@
 /* Custom BuddyPress filters */
 
+add_filter( 'bp_get_the_profile_field_value',         'xprofile_filter_kses', 1 );
+
 add_filter( 'bp_get_the_profile_field_value',         'xprofile_filter_format_field_value', 1, 2 );
 add_filter( 'bp_get_the_site_member_profile_data',    'xprofile_filter_format_field_value', 1, 2 );
 add_filter( 'bp_get_the_profile_field_value',         'xprofile_filter_link_profile_data', 50, 2 );
 
-add_filter( 'xprofile_data_value_before_save',        'xprofile_sanitize_data_value_before_save', 1, 2 );
+add_filter( 'xprofile_data_value_before_save',        'xprofile_sanitize_data_value_before_save', 1, 2 );       
+
+/**
+ * xprofile_filter_kses ( $content )
+ *
+ * Run profile field values through kses with filterable allowed tags.
+ *
+ * @param string $content
+ * @return string $content
+ */
+function xprofile_filter_kses( $content ) {
+    global $allowedtags;
+
+    $xprofile_allowedtags = $allowedtags;
+    $xprofile_allowedtags['a']['rel']      = array();
+
+    $xprofile_allowedtags = apply_filters( 'xprofile_allowed_tags', $xprofile_allowedtags );
+    return wp_kses( $content, $xprofile_allowedtags );
+}
 
 /**
@@ -58 +77 @@
     // Filter single value
     if ( !is_array( $field_value ) ) {
-        $kses_field_value     = wp_filter_kses( $field_value );
-        $filtered_field_value = force_balance_tags( $kses_field_value );
+        $kses_field_value     = xprofile_filter_kses( $field_value );
+        $filtered_field_value = wp_rel_nofollow( force_balance_tags( $kses_field_value ) );
+        $filtered_field_value = apply_filters( 'xprofile_filtered_data_value_before_save', $filtered_field_value, $field_value );
 
     // Filter each array item independently
     } else {
+        $filtered_values = array();
         foreach ( (array)$field_value as $value ) {
-            $kses_field_value       = wp_filter_kses( $value );
-            $filtered_values[] = force_balance_tags( $kses_field_value );
+            $kses_field_value       = xprofile_filter_kses( $value );
+            $filtered_value     = wp_rel_nofollow( force_balance_tags( $kses_field_value ) );
+            $filtered_values[] = apply_filters( 'xprofile_filtered_data_value_before_save', $filtered_value, $value );
+            
         }
 
@@ -106 +129 @@
                     $new_values[] = $value;
                 } else {
-                    $new_values[] = '<a href="' . site_url( BP_MEMBERS_SLUG ) . '/?s=' . strip_tags( $value ) . '">' . $value . '</a>';
+                    $new_values[] = '<a href="' . site_url( BP_MEMBERS_SLUG ) . '/?s=' . strip_tags( $value ) . '" rel="nofollow">' . $value . '</a>';
                 }
             }