Skip to:
Content

BuddyPress.org

Changeset 8156


Ignore:
Timestamp:
03/25/2014 06:15:09 PM (6 years ago)
Author:
boonebgorges
Message:

Run stripslashes filter on activity strings earlier than priority 10

Running stripslashes() on priority 10 caused race conditions with other filters
on the same content. This, in turn, causes conflicts with wptexturize(), which
cannot properly parse certain character combinations due to the incorrect
presence of escaping slashes. This problem exhibited itself most obviously
with the use of guillemet-style quotation marks (the slashes fooled
wptexturize() into thinking that the opening quote was actually the closing
one), but could also occur with other formatting rules.

Because the requirement to stripslashes() is due to BuddyPress's incorrect
escaping of much input content, we work around the race condition by running
stripslashes_deep() earlier than priority 10. This ensures that plugins hooking
to these filters with the default priority can expect properly formatted and
sanitized content. See #2776.

Props chouf1, imath, needle

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-activity/bp-activity-filters.php

    r7952 r8156  
    6868add_filter( 'bp_get_activity_feed_item_description', 'make_clickable', 9 );
    6969
    70 add_filter( 'bp_acomment_name',                      'stripslashes_deep' );
    71 add_filter( 'bp_get_activity_action',                'stripslashes_deep' );
    72 add_filter( 'bp_get_activity_content',               'stripslashes_deep' );
    73 add_filter( 'bp_get_activity_content_body',          'stripslashes_deep' );
    74 add_filter( 'bp_get_activity_parent_content',        'stripslashes_deep' );
    75 add_filter( 'bp_get_activity_latest_update',         'stripslashes_deep' );
    76 add_filter( 'bp_get_activity_latest_update_excerpt', 'stripslashes_deep' );
    77 add_filter( 'bp_get_activity_feed_item_description', 'stripslashes_deep' );
     70add_filter( 'bp_acomment_name',                      'stripslashes_deep', 5 );
     71add_filter( 'bp_get_activity_action',                'stripslashes_deep', 5 );
     72add_filter( 'bp_get_activity_content',               'stripslashes_deep', 5 );
     73add_filter( 'bp_get_activity_content_body',          'stripslashes_deep', 5 );
     74add_filter( 'bp_get_activity_parent_content',        'stripslashes_deep', 5 );
     75add_filter( 'bp_get_activity_latest_update',         'stripslashes_deep', 5 );
     76add_filter( 'bp_get_activity_latest_update_excerpt', 'stripslashes_deep', 5 );
     77add_filter( 'bp_get_activity_feed_item_description', 'stripslashes_deep', 5 );
    7878
    7979add_filter( 'bp_activity_primary_link_before_save',  'esc_url_raw' );
Note: See TracChangeset for help on using the changeset viewer.