Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
04/06/2015 03:25:24 PM (5 years ago)
Author:
boonebgorges
Message:

Improved attribute escaping when outputting subnav link items.

Props pareshradadiya.
Fixes #6353.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-core/bp-core-template.php

    r9698 r9702  
    7373
    7474        // echo out the final list item
    75         echo apply_filters( 'bp_get_options_nav_' . $subnav_item['css_id'], '<li id="' . $subnav_item['css_id'] . '-' . $list_type . '-li" ' . $selected . '><a id="' . $subnav_item['css_id'] . '" href="' . $subnav_item['link'] . '">' . $subnav_item['name'] . '</a></li>', $subnav_item, $selected_item );
     75        echo apply_filters( 'bp_get_options_nav_' . $subnav_item['css_id'], '<li id="' . esc_attr( $subnav_item['css_id'] . '-' . $list_type . '-li' ) . '" ' . $selected . '><a id="' . esc_attr( $subnav_item['css_id'] ) . '" href="' . esc_url( $subnav_item['link'] ) . '">' . $subnav_item['name'] . '</a></li>', $subnav_item, $selected_item );
    7676    }
    7777}
Note: See TracChangeset for help on using the changeset viewer.