Skip to:

Opened 8 years ago

Closed 8 years ago

#6815 closed defect (bug) (fixed)

Escape properly groups names on wp-admin groups delete confirmation page

Reported by: slaffik's profile slaFFik Owned by: imath's profile imath
Milestone: 2.5 Priority: normal
Severity: normal Version:
Component: Administration Keywords: has-patch


On this page /wp-admin/admin.php?page=bp-groups all groups names are escaped properly, if they have ' or " in names, example: What's League Of Legends?
But on groups deletion (bulk delete) pages like these /wp-admin/admin.php?s&page=bp-groups&action=delete&paged=1&gid[0]=134 groups names in a list are not escaped properly and I see What\'s League Of Legends? there.

Attachments (2)

6815.patch (508 bytes) - added by imath 8 years ago.
6815.2.patch (466 bytes) - added by slaFFik 8 years ago.
Using bp_group_name() instead

Download all attachments as: .zip

Change History (6)

#1 @imath
8 years ago

  • Keywords has-patch added
  • Milestone changed from Awaiting Review to 2.5

Good catch, thanks for your feedback.

8 years ago

#2 @slaFFik
8 years ago

@imath Why not using bp_get_group_name( $group )? It's basically the same, but more consistent, imo.
Patch attached.

Last edited 8 years ago by slaFFik (previous) (diff)

8 years ago

Using bp_group_name() instead

#3 @imath
8 years ago

i guess that's because:

  • everywhere else in the file bp-groups-admin.php we do so,
  • as we're not in a groups loop, and if for some reason the $group object is empty we avoid a notice warning doing so.

#4 @imath
8 years ago

  • Owner set to imath
  • Resolution set to fixed
  • Status changed from new to closed

In 10569:

Groups Administration: properly escape the Group name on the Delete confirmation screen

Props slaFFik

Fixes #6815

Note: See TracTickets for help on using tickets.