Changeset 7965 for trunk/bp-xprofile/bp-xprofile-classes.php

Timestamp:

02/22/2014 03:50:03 PM (11 years ago)

Author:

djpaul

Message:

Improve string and textarea output escaping throughout BuddyPress.

File:

• trunk/bp-xprofile/bp-xprofile-classes.php (modified) (3 diffs)

trunk/bp-xprofile/bp-xprofile-classes.php

@@ -958 +958 @@
                                 <h3><?php _e( 'Field Description', 'buddypress' ); ?></h3>
                                 <div class="inside">
-                                    <textarea name="description" id="description" rows="8" cols="60"><?php echo esc_attr( $this->description ); ?></textarea>
+                                    <textarea name="description" id="description" rows="8" cols="60"><?php echo esc_textarea( $this->description ); ?></textarea>
                                 </div>
                             </div>
@@ -971 +971 @@
                                             <input type="hidden" name="field_order" id="field_order" value="<?php echo esc_attr( $this->field_order ); ?>" />
                                             <div id="publishing-action">
-                                                <input type="submit" value="<?php _e( 'Save', 'buddypress' ); ?>" name="saveField" id="saveField" style="font-weight: bold" class="button-primary" />
+                                                <input type="submit" value="<?php esc_attr_e( 'Save', 'buddypress' ); ?>" name="saveField" id="saveField" style="font-weight: bold" class="button-primary" />
                                             </div>
                                             <div id="delete-action">
@@ -1042 +1042 @@
                                     <div class="inside">
                                         <select name="fieldtype" id="fieldtype" onchange="show_options(this.value)" style="width: 30%">
-                                            <optgroup label="<?php _e( 'Single Fields', 'buddypress' ); ?>">
+                                            <optgroup label="<?php esc_attr_e( 'Single Fields', 'buddypress' ); ?>">
                                                 <option value="textbox"        <?php selected( $this->type, 'textbox'        ); ?>><?php _e( 'Text Box',             'buddypress' ); ?></option>
                                                 <option value="textarea"       <?php selected( $this->type, 'textarea'       ); ?>><?php _e( 'Multi-line Text Area', 'buddypress' ); ?></option>
                                                 <option value="datebox"        <?php selected( $this->type, 'datebox'        ); ?>><?php _e( 'Date Selector',        'buddypress' ); ?></option>
                                             </optgroup>
-                                            <optgroup label="<?php _e( 'Multi Fields', 'buddypress' ); ?>">
+                                            <optgroup label="<?php esc_attr_e( 'Multi Fields', 'buddypress' ); ?>">
                                                 <option value="radio"          <?php selected( $this->type, 'radio'          ); ?>><?php _e( 'Radio Buttons',        'buddypress' ); ?></option>
                                                 <option value="selectbox"      <?php selected( $this->type, 'selectbox'      ); ?>><?php _e( 'Drop Down Select Box', 'buddypress' ); ?></option>