Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
02/22/2014 03:50:03 PM (11 years ago)
Author:
djpaul
Message:

Improve string and textarea output escaping throughout BuddyPress.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-themes/bp-default/members/single/profile/change-avatar.php

    r5737 r7965  
    1616            <p id="avatar-upload">
    1717                <input type="file" name="file" id="file" />
    18                 <input type="submit" name="upload" id="upload" value="<?php _e( 'Upload Image', 'buddypress' ); ?>" />
     18                <input type="submit" name="upload" id="upload" value="<?php esc_attr_e( 'Upload Image', 'buddypress' ); ?>" />
    1919                <input type="hidden" name="action" id="action" value="bp_avatar_upload" />
    2020            </p>
     
    2222            <?php if ( bp_get_user_has_avatar() ) : ?>
    2323                <p><?php _e( "If you'd like to delete your current avatar but not upload a new one, please use the delete avatar button.", 'buddypress' ); ?></p>
    24                 <p><a class="button edit" href="<?php bp_avatar_delete_link(); ?>" title="<?php _e( 'Delete Avatar', 'buddypress' ); ?>"><?php _e( 'Delete My Avatar', 'buddypress' ); ?></a></p>
     24                <p><a class="button edit" href="<?php bp_avatar_delete_link(); ?>" title="<?php esc_attr_e( 'Delete Avatar', 'buddypress' ); ?>"><?php _e( 'Delete My Avatar', 'buddypress' ); ?></a></p>
    2525            <?php endif; ?>
    2626
     
    3131            <h5><?php _e( 'Crop Your New Avatar', 'buddypress' ); ?></h5>
    3232
    33             <img src="<?php bp_avatar_to_crop(); ?>" id="avatar-to-crop" class="avatar" alt="<?php _e( 'Avatar to crop', 'buddypress' ); ?>" />
     33            <img src="<?php bp_avatar_to_crop(); ?>" id="avatar-to-crop" class="avatar" alt="<?php esc_attr_e( 'Avatar to crop', 'buddypress' ); ?>" />
    3434
    3535            <div id="avatar-crop-pane">
    36                 <img src="<?php bp_avatar_to_crop(); ?>" id="avatar-crop-preview" class="avatar" alt="<?php _e( 'Avatar preview', 'buddypress' ); ?>" />
     36                <img src="<?php bp_avatar_to_crop(); ?>" id="avatar-crop-preview" class="avatar" alt="<?php esc_attr_e( 'Avatar preview', 'buddypress' ); ?>" />
    3737            </div>
    3838
    39             <input type="submit" name="avatar-crop-submit" id="avatar-crop-submit" value="<?php _e( 'Crop Image', 'buddypress' ); ?>" />
     39            <input type="submit" name="avatar-crop-submit" id="avatar-crop-submit" value="<?php esc_attr_e( 'Crop Image', 'buddypress' ); ?>" />
    4040
    4141            <input type="hidden" name="image_src" id="image_src" value="<?php bp_avatar_to_crop_src(); ?>" />
Note: See TracChangeset for help on using the changeset viewer.