Changeset 9772 for trunk/src/bp-activity/bp-activity-template.php

Timestamp:

04/20/2015 03:38:54 PM (10 years ago)

Author:

johnjamesjacoby

Message:

All: make sure URL variables are escaped (trunk)

File:

• trunk/src/bp-activity/bp-activity-template.php (modified) (5 diffs)

trunk/src/bp-activity/bp-activity-template.php

@@ -388 +388 @@
         if ( (int) $this->total_activity_count && (int) $this->pag_num ) {
             $this->pag_links = paginate_links( array(
-                'base'      => add_query_arg( $page_arg, '%#%' ),
+                'base'      => add_query_arg( $this->page_arg, '%#%' ),
                 'format'    => '',
                 'total'     => ceil( (int) $this->total_activity_count / (int) $this->pag_num ),
@@ -3090 +3090 @@
      * @uses bp_is_activity_component()
      * @uses bp_current_action()
-     * @uses add_query_arg()
      * @uses wp_get_referer()
      * @uses wp_nonce_url()
@@ -3338 +3337 @@
             $link = apply_filters( 'bp_get_activity_filter_link_href', $link, $component );
 
-            $component_links[] = $before . '<a href="' . esc_attr( $link ) . '">' . ucwords( $component ) . '</a>' . $after;
+            $component_links[] = $before . '<a href="' . esc_url( $link ) . '">' . ucwords( $component ) . '</a>' . $after;
         }
 
@@ -3344 +3343 @@
 
         if ( isset( $_GET['afilter'] ) ) {
-            $component_links[] = '<' . $tag . ' id="afilter-clear"><a href="' . esc_attr( $link ) . '">' . __( 'Clear Filter', 'buddypress' ) . '</a></' . $tag . '>';
+            $component_links[] = '<' . $tag . ' id="afilter-clear"><a href="' . esc_url( $link ) . '">' . __( 'Clear Filter', 'buddypress' ) . '</a></' . $tag . '>';
         }
 
@@ -3592 +3591 @@
  */
 function bp_send_public_message_link() {
-    echo bp_get_send_public_message_link();
+    echo esc_url( bp_get_send_public_message_link() );
 }