Skip to:
Content

BuddyPress.org

Changeset 5861


Ignore:
Timestamp:
02/28/2012 01:09:30 PM (13 years ago)
Author:
boonebgorges
Message:

Use addslashes() and stripslashes() when hooking signup error messages to display hooks.
This helps us to avoid syntax errors related to create_function() when the error message contains quotes.
Fixes #4016. Props j.conti

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/1.5/bp-members/bp-members-signup.php

    r5841 r5861  
    113113        // Add any errors to the action for the field in the template for display.
    114114        if ( !empty( $bp->signup->errors ) ) {
    115             foreach ( (array)$bp->signup->errors as $fieldname => $error_message )
    116                 add_action( 'bp_' . $fieldname . '_errors', create_function( '', 'echo apply_filters(\'bp_members_signup_error_message\', "<div class=\"error\">' . $error_message . '</div>" );' ) );
     115            foreach ( (array) $bp->signup->errors as $fieldname => $error_message ) {
     116                // addslashes() and stripslashes() to avoid create_function()
     117                // syntax errors when the $error_message contains quotes
     118                add_action( 'bp_' . $fieldname . '_errors', create_function( '', 'echo apply_filters(\'bp_members_signup_error_message\', "<div class=\"error\">" . stripslashes( \'' . addslashes( $error_message ) . '\' ) . "</div>" );' ) );
     119            }
    117120        } else {
    118121            $bp->signup->step = 'save-details';
Note: See TracChangeset for help on using the changeset viewer.