Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
02/05/2014 06:53:33 PM (11 years ago)
Author:
johnjamesjacoby
Message:

After creating a new Group and switching back to the "Details" tab, ensure Group ID, name, and description field output is properly sanitized. Props Pietro Oliva. (trunk)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-groups/bp-groups-filters.php

    r6342 r7790  
    5252add_filter( 'groups_group_description_before_save', 'force_balance_tags' );
    5353
     54// Trim trailing spaces from name and description when saving
     55add_filter( 'groups_group_name_before_save',        'trim' );
     56add_filter( 'groups_group_description_before_save', 'trim' );
     57
     58// Escape output of new group creation details
     59add_filter( 'bp_get_new_group_id',          'esc_attr'     );
     60add_filter( 'bp_get_new_group_name',        'esc_attr'     );
     61add_filter( 'bp_get_new_group_description', 'esc_textarea' );
     62
     63// Format numberical output
    5464add_filter( 'bp_get_total_group_count',      'bp_core_number_format' );
    5565add_filter( 'bp_get_group_total_for_member', 'bp_core_number_format' );
Note: See TracChangeset for help on using the changeset viewer.