Changeset 9773 for branches/2.2/src/bp-activity/bp-activity-template.php

Timestamp:

04/20/2015 04:08:00 PM (11 years ago)

Author:

johnjamesjacoby

Message:

All: make sure URLs are escaped (2.2 branch)

File:

• branches/2.2/src/bp-activity/bp-activity-template.php (modified) (5 diffs)

branches/2.2/src/bp-activity/bp-activity-template.php

@@ -309 +309 @@
         if ( (int) $this->total_activity_count && (int) $this->pag_num ) {
             $this->pag_links = paginate_links( array(
-                'base'      => add_query_arg( $page_arg, '%#%' ),
+                'base'      => add_query_arg( $this->pag_arg, '%#%' ),
                 'format'    => '',
                 'total'     => ceil( (int) $this->total_activity_count / (int) $this->pag_num ),
@@ -2977 +2977 @@
      * @uses bp_is_activity_component()
      * @uses bp_current_action()
-     * @uses add_query_arg()
      * @uses wp_get_referer()
      * @uses wp_nonce_url()
@@ -3222 +3221 @@
             $link = apply_filters( 'bp_get_activity_filter_link_href', $link, $component );
 
-            $component_links[] = $before . '<a href="' . esc_attr( $link ) . '">' . ucwords( $component ) . '</a>' . $after;
+            $component_links[] = $before . '<a href="' . esc_url( $link ) . '">' . ucwords( $component ) . '</a>' . $after;
         }
 
@@ -3228 +3227 @@
 
         if ( isset( $_GET['afilter'] ) )
-            $component_links[] = '<' . $tag . ' id="afilter-clear"><a href="' . esc_attr( $link ) . '">' . __( 'Clear Filter', 'buddypress' ) . '</a></' . $tag . '>';
+            $component_links[] = '<' . $tag . ' id="afilter-clear"><a href="' . esc_url( $link ) . '">' . __( 'Clear Filter', 'buddypress' ) . '</a></' . $tag . '>';
 
         /**
@@ -3472 +3471 @@
  */
 function bp_send_public_message_link() {
-    echo bp_get_send_public_message_link();
+    echo esc_url( bp_get_send_public_message_link() );
 }