Skip to:
Content

BuddyPress.org

Changeset 5860


Ignore:
Timestamp:
02/28/2012 01:08:16 PM (13 years ago)
Author:
boonebgorges
Message:

Use addslashes() and stripslashes() when hooking signup error messages to display hooks.
This helps us to avoid syntax errors related to create_function() when the error message contains quotes.
Fixes #4016. Props j.conti

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-members/bp-members-screens.php

    r5840 r5860  
    148148        // Add any errors to the action for the field in the template for display.
    149149        if ( !empty( $bp->signup->errors ) ) {
    150             foreach ( (array) $bp->signup->errors as $fieldname => $error_message )
    151                 add_action( 'bp_' . $fieldname . '_errors', create_function( '', 'echo apply_filters(\'bp_members_signup_error_message\', "<div class=\"error\">' . $error_message . '</div>" );' ) );
     150            foreach ( (array) $bp->signup->errors as $fieldname => $error_message ) {
     151                // addslashes() and stripslashes() to avoid create_function()
     152                // syntax errors when the $error_message contains quotes
     153                add_action( 'bp_' . $fieldname . '_errors', create_function( '', 'echo apply_filters(\'bp_members_signup_error_message\', "<div class=\"error\">" . stripslashes( \'' . addslashes( $error_message ) . '\' ) . "</div>" );' ) );
     154            }
    152155        } else {
    153156            $bp->signup->step = 'save-details';
Note: See TracChangeset for help on using the changeset viewer.