Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
04/20/2015 03:38:54 PM (9 years ago)
Author:
johnjamesjacoby
Message:

All: make sure URL variables are escaped (trunk)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-blogs/bp-blogs-activity.php

    r9621 r9772  
    173173
    174174    // Build the 'post link' part of the activity action string
    175     $post_link  = '<a href="' . $post_url . '">' . $post_title . '</a>';
     175    $post_link  = '<a href="' . esc_url( $post_url ) . '">' . $post_title . '</a>';
    176176
    177177    $user_link = bp_core_get_userlink( $activity->user_id );
     
    250250    }
    251251
    252     $post_link = '<a href="' . $post_url . '">' . $post_title . '</a>';
     252    $post_link = '<a href="' . esc_url( $post_url ) . '">' . $post_title . '</a>';
    253253    $user_link = bp_core_get_userlink( $activity->user_id );
    254254
Note: See TracChangeset for help on using the changeset viewer.