Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
02/13/2014 05:07:49 PM (11 years ago)
Author:
imath
Message:

Improve string escaping in wp-admin/Profile

Props DJPaul

Fixes #5396

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-members/bp-members-admin.php

    r7857 r7867  
    413413                $notice = array(
    414414                    'class'   => 'updated',
    415                     'message' => esc_html__( 'Avatar was deleted successfully!', 'buddypress' )
     415                    'message' => __( 'Avatar was deleted successfully!', 'buddypress' )
    416416                );
    417417                break;
     
    419419                $notice = array(
    420420                    'class'   => 'updated',
    421                     'message' => esc_html__( 'User removed as spammer.', 'buddypress' )
     421                    'message' => __( 'User removed as spammer.', 'buddypress' )
    422422                );
    423423                break;
     
    425425                $notice = array(
    426426                    'class'   => 'updated',
    427                     'message' => esc_html__( 'User marked as spammer. Spam users are visible only to site admins.', 'buddypress' )
     427                    'message' => __( 'User marked as spammer. Spam users are visible only to site admins.', 'buddypress' )
    428428                );
    429429                break;
     
    431431                $notice = array(
    432432                    'class'   => 'updated',
    433                     'message' => esc_html__( 'Profile updated.', 'buddypress' )
     433                    'message' => __( 'Profile updated.', 'buddypress' )
    434434                );
    435435                break;
     
    442442                $notice = array(
    443443                    'class'   => 'error',
    444                     'message' => esc_html__( 'There was a problem deleting that avatar, please try again.', 'buddypress' )
     444                    'message' => __( 'There was a problem deleting that avatar, please try again.', 'buddypress' )
    445445                );
    446446                break;
     
    448448                $notice = array(
    449449                    'class'   => 'error',
    450                     'message' => esc_html__( 'User could not be removed as spammer.', 'buddypress' )
     450                    'message' => __( 'User could not be removed as spammer.', 'buddypress' )
    451451                );
    452452                break;
     
    454454                $notice = array(
    455455                    'class'   => 'error',
    456                     'message' => esc_html__( 'User could not be marked as spammer.', 'buddypress' )
     456                    'message' => __( 'User could not be marked as spammer.', 'buddypress' )
    457457                );
    458458                break;
     
    460460                $notice = array(
    461461                    'class'   => 'error',
    462                     'message' => esc_html__( 'An error occured while trying to update the profile.', 'buddypress' )
     462                    'message' => __( 'An error occured while trying to update the profile.', 'buddypress' )
    463463                );
    464464                break;
     
    466466                $notice = array(
    467467                    'class'   => 'error',
    468                     'message' => esc_html__( 'Please make sure you fill in all required fields in this profile field group before saving.', 'buddypress' )
     468                    'message' => __( 'Please make sure you fill in all required fields in this profile field group before saving.', 'buddypress' )
    469469                );
    470470                break;
     
    472472                $notice = array(
    473473                    'class'   => 'error',
    474                     'message' => esc_html__( 'There was a problem updating some of your profile information, please try again.', 'buddypress' )
     474                    'message' => __( 'There was a problem updating some of your profile information, please try again.', 'buddypress' )
    475475                );
    476476                break;
     
    484484                <div class="<?php echo esc_attr( $notice['class'] ); ?>">
    485485            <?php endif; ?>
    486                 <p><?php echo $notice['message']; ?></p>
     486                <p><?php echo esc_html( $notice['message'] ); ?></p>
    487487                <?php if ( !empty( $wp_http_referer ) && ( 'updated' === $notice['class'] ) ) : ?>
    488                     <p><a href="<?php echo esc_url( $wp_http_referer ); ?>"><?php _e( '&larr; Back to Users', 'buddypress' ); ?></a></p>
     488                    <p><a href="<?php echo esc_url( $wp_http_referer ); ?>"><?php esc_html_e( '&larr; Back to Users', 'buddypress' ); ?></a></p>
    489489                <?php endif; ?>
    490490            </div>
     
    570570                <div id="minor-publishing-actions">
    571571                    <div id="preview-action">
    572                         <a class="button preview" href="<?php echo esc_attr( bp_core_get_user_domain( $user->ID ) ); ?>" target="_blank"><?php esc_html_e( 'View Profile', 'buddypress' ); ?></a>
     572                        <a class="button preview" href="<?php echo esc_url( bp_core_get_user_domain( $user->ID ) ); ?>" target="_blank"><?php esc_html_e( 'View Profile', 'buddypress' ); ?></a>
    573573                    </div>
    574574
Note: See TracChangeset for help on using the changeset viewer.