Opened 10 years ago
Closed 10 years ago
#6106 closed defect (bug)
Xprofile admin groups desc not stripping slashes
Reported by: | hnla | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | minor | Version: | |
Component: | Extended Profile | Keywords: | has-patch |
Cc: | hnla |
Description
In the group description on an xprofile admin edit screen we are not handling escapes, rendering back \'s etc
Patch wraps $group->description in stripslashes() before we esc_attr() it (not sure esc_attr is correct here? rather than esc_html if we are pushing out to an html element rather than to a html attr? )
Also to note in checking the field description for same issue, they are handled differently in echoing a function bp_the_profile_field_name
which is handling the stripping elsewhere so we have a slight variance in approaches here!
stripslashes from group field description