Changeset 9772 for trunk/src/bp-members/admin/bp-members-admin-classes.php

Timestamp:

04/20/2015 03:38:54 PM (11 years ago)

Author:

johnjamesjacoby

Message:

All: make sure URL variables are escaped (trunk)

File:

• trunk/src/bp-members/admin/bp-members-admin-classes.php (modified) (2 diffs)

trunk/src/bp-members/admin/bp-members-admin-classes.php

@@ -98 +98 @@
         // Remove the 'current' class from the 'All' link
         $views['all']        = str_replace( 'class="current"', '', $views['all'] );
-        $views['registered'] = sprintf( '<a href="%1$s" class="current">%2$s</a>', add_query_arg( 'page', 'bp-signups', bp_get_admin_url( 'users.php' ) ), sprintf( _x( 'Pending %s', 'signup users', 'buddypress' ), '<span class="count">(' . number_format_i18n( $this->signup_counts ) . ')</span>' ) );
+        $views['registered'] = sprintf( '<a href="%1$s" class="current">%2$s</a>', esc_url( add_query_arg( 'page', 'bp-signups', bp_get_admin_url( 'users.php' ) ) ), sprintf( _x( 'Pending %s', 'signup users', 'buddypress' ), '<span class="count">(' . number_format_i18n( $this->signup_counts ) . ')</span>' ) );
 
         return $views;
@@ -465 +465 @@
         // Remove the 'current' class from the 'All' link
         $views['all']        = str_replace( 'class="current"', '', $views['all'] );
-        $views['registered'] = sprintf( '<a href="%1$s" class="current">%2$s</a>', add_query_arg( 'page', 'bp-signups', bp_get_admin_url( 'users.php' ) ), sprintf( _x( 'Pending %s', 'signup users', 'buddypress' ), '<span class="count">(' . number_format_i18n( $this->signup_counts ) . ')</span>' ) );
+        $views['registered'] = sprintf( '<a href="%1$s" class="current">%2$s</a>', esc_url( add_query_arg( 'page', 'bp-signups', bp_get_admin_url( 'users.php' ) ) ), sprintf( _x( 'Pending %s', 'signup users', 'buddypress' ), '<span class="count">(' . number_format_i18n( $this->signup_counts ) . ')</span>' ) );
 
         return $views;