Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
04/20/2015 03:38:54 PM (9 years ago)
Author:
johnjamesjacoby
Message:

All: make sure URL variables are escaped (trunk)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-activity/bp-activity-functions.php

    r9650 r9772  
    13621362
    13631363    if ( is_multisite() ) {
    1364         $blog_link = '<a href="' . $blog_url . '">' . get_blog_option( $activity->item_id, 'blogname' ) . '</a>';
     1364        $blog_link = '<a href="' . esc_url( $blog_url ) . '">' . get_blog_option( $activity->item_id, 'blogname' ) . '</a>';
    13651365
    13661366        if ( ! empty( $bp->activity->track[ $activity->type ]->new_post_type_action_ms ) ) {
    13671367            $action = sprintf( $bp->activity->track[ $activity->type ]->new_post_type_action_ms, $user_link, $post_url, $blog_link );
    13681368        } else {
    1369             $action = sprintf( _x( '%1$s wrote a new <a href="%2$s">item</a>, on the site %3$s', 'Activity Custom Post Type post action', 'buddypress' ), $user_link, $post_url, $blog_link );
     1369            $action = sprintf( _x( '%1$s wrote a new <a href="%2$s">item</a>, on the site %3$s', 'Activity Custom Post Type post action', 'buddypress' ), $user_link, esc_url( $post_url ), $blog_link );
    13701370        }
    13711371    } else {
     
    13731373            $action = sprintf( $bp->activity->track[ $activity->type ]->new_post_type_action, $user_link, $post_url );
    13741374        } else {
    1375             $action = sprintf( _x( '%1$s wrote a new <a href="%2$s">item</a>', 'Activity Custom Post Type post action', 'buddypress' ), $user_link, $post_url );
     1375            $action = sprintf( _x( '%1$s wrote a new <a href="%2$s">item</a>', 'Activity Custom Post Type post action', 'buddypress' ), $user_link, esc_url( $post_url ) );
    13761376        }
    13771377    }
Note: See TracChangeset for help on using the changeset viewer.