Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
02/22/2014 03:50:03 PM (10 years ago)
Author:
djpaul
Message:

Improve string and textarea output escaping throughout BuddyPress.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-messages/bp-messages-template.php

    r7924 r7965  
    430430    <form action="" method="get" id="search-message-form">
    431431        <label><input type="text" name="s" id="messages_search" <?php if ( $search_value === $default_search_value ) : ?>placeholder="<?php echo esc_html( $search_value ); ?>"<?php endif; ?> <?php if ( $search_value !== $default_search_value ) : ?>value="<?php echo esc_html( $search_value ); ?>"<?php endif; ?> /></label>
    432         <input type="submit" id="messages_search_submit" name="messages_search_submit" value="<?php _e( 'Search', 'buddypress' ) ?>" />
     432        <input type="submit" id="messages_search_submit" name="messages_search_submit" value="<?php esc_attr_e( 'Search', 'buddypress' ) ?>" />
    433433    </form>
    434434
Note: See TracChangeset for help on using the changeset viewer.