Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
01/12/2015 11:04:35 PM (10 years ago)
Author:
johnjamesjacoby
Message:

Improvements to bp_message_search_form():

  • Escape gettext output in form field elements.
  • Add filter to allow output to be manipulated.
  • Bring surrounding code up to current coding standards.

Props hlna. Fixes #6113.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-messages/bp-messages-template.php

    r9335 r9349  
    10931093 * Output the Private Message search form.
    10941094 *
     1095 * @todo  Move markup to template part in: /members/single/messages/search.php
    10951096 * @since BuddyPress (1.6.0)
    10961097 */
    10971098function bp_message_search_form() {
    10981099
     1100    // Get the default search text
    10991101    $default_search_value = bp_get_search_default_text( 'messages' );
    1100     $search_value         = !empty( $_REQUEST['s'] ) ? stripslashes( $_REQUEST['s'] ) : $default_search_value; ?>
     1102
     1103    // Setup a few values based on what's being searched for
     1104    $search_submitted     = ! empty( $_REQUEST['s'] ) ? stripslashes( $_REQUEST['s'] ) : $default_search_value;
     1105    $search_placeholder   = ( $search_submitted === $default_search_value ) ? ' placeholder="' .  esc_attr( $search_submitted ) . '"' : '';
     1106    $search_value         = ( $search_submitted !== $default_search_value ) ? ' value="'       .  esc_attr( $search_submitted ) . '"' : '';
     1107
     1108    // Start the output buffer, so form can be filtered
     1109    ob_start(); ?>
    11011110
    11021111    <form action="" method="get" id="search-message-form">
    1103         <label for="messages_search" class="bp-screen-reader-text"><?php _e( 'Search Messages', 'buddypress' ); ?></label>
    1104         <input type="text" name="s" id="messages_search" <?php if ( $search_value === $default_search_value ) : ?>placeholder="<?php echo esc_html( $search_value ); ?>"<?php endif; ?> <?php if ( $search_value !== $default_search_value ) : ?>value="<?php echo esc_html( $search_value ); ?>"<?php endif; ?> />
    1105         <input type="submit" id="messages_search_submit" name="messages_search_submit" value="<?php esc_attr_e( 'Search', 'buddypress' ) ?>" />
     1112        <label for="messages_search" class="bp-screen-reader-text"><?php esc_html_e( 'Search Messages', 'buddypress' ); ?></label>
     1113        <input type="text" name="s" id="messages_search"<?php echo $search_placeholder . $search_value; ?> />
     1114        <input type="submit" class="button" id="messages_search_submit" name="messages_search_submit" value="<?php esc_html_e( 'Search', 'buddypress' ); ?>" />
    11061115    </form>
    11071116
    1108 <?php
     1117    <?php
     1118
     1119    // Get the search form from the above output buffer
     1120    $search_form_html = ob_get_clean();
     1121
     1122    /**
     1123     * Filters the private message component search form.
     1124     *
     1125     * @since BuddyPress (2.2.0)
     1126     *
     1127     * @param string $search_form_html HTML markup for the message search form.
     1128     */
     1129    echo apply_filters( 'bp_message_search_form', $search_form_html );
    11091130}
    11101131
Note: See TracChangeset for help on using the changeset viewer.