Skip to:

Opened 2 years ago

Closed 23 months ago

#7923 closed defect (bug) (fixed)

Nouveau - Paragraph elements are escaped for group descriptions

Reported by: MorgunovVit Owned by: imath
Milestone: 3.2.0 Priority: normal
Severity: normal Version: 3.0.0
Component: Groups Keywords: has-patch commit


I think, that it’s a mistake in file: plugins\buddypress\bp-groups\bp-groups-template.php

<?php echo esc_html( bp_nouveau_group_meta()->description ); ?>

need to be:

<?php echo wp_specialchars_decode( bp_nouveau_group_meta()->description ); ?>

Because in another way it prints on site page something like this: Screenshot

Attachments (2)

7923.1.diff (764 bytes) - added by dcavins 2 years ago.
Remove esc_html() wrapper.
7923.2.patch (5.0 KB) - added by imath 23 months ago.

Download all attachments as: .zip

Change History (11)

#1 @r-a-y
2 years ago

  • Keywords needs-patch added
  • Milestone changed from Awaiting Review to 3.2.0
  • Summary changed from Bug in plugins\buddypress\bp-groups\bp-groups-template.php to Nouveau - Paragraph elements are escaped for group descriptions
  • Version set to 3.0.0

2 years ago

Remove esc_html() wrapper.

#2 @dcavins
2 years ago

Closed duplicate: #7930

#3 @imath
23 months ago

  • Owner set to imath
  • Status changed from new to assigned

Closed duplicate #7961

So this seems to be something very annoying for people using the BP Nouveau template pack. Thanks a lot @dcavins for this first patch, but seeing an unescaped string is giving me headaches ! :)

I'm going to work on this and will submit a new patch asap.

#4 @imath
23 months ago

  • Keywords has-patch reporter-feedback added; needs-patch removed

After looking deeper into this issue. Here is some contextual information :

  • One of the concerns of @hnla (correct me if I'm wrong :) ) was to make sure no empty markup was generated by BP Nouveau.
  • The Group description has a specific customizer setting where the Admin can choose to display this description within the default Groups front page's body instead of the Group's header.

The 7923.2.patch is taking these two points in account, and directly use the existing core template tag bp_group_description() instead of the bp_nouveau_group_meta()->description property that is causing some confusion imho. FYI hnla I also added some style rules to the paragraph because it was weird to have a big empty space before the bottom of the header's group description box.

If @MorgunovVit &/or @dcavins &/or @marcella1981 who reported the bug could test the patch and confirm it's fixing the issue : that would be really great !

23 months ago

#5 @marcella1981
23 months ago

*manual merge test only from me. Output as expected.

GJ @imath.

#6 @dcavins
23 months ago

Hi @imath-

Thanks for updating the patch. Your proposed fix, replacing esc_html( bp_nouveau_group_meta()->description ) with bp_group_description(), works for me. :)

#7 @imath
23 months ago

  • Keywords commit added; reporter-feedback removed

@marcella1981 & @dcavins Thanks a lot for tour feedbacks, I’ll commit the patch later tonight.

#8 @imath
23 months ago

In 12214:

BP Nouveau: Avoid escaping single Group description after sanitization

Props MorgunovVit dcavins marcella1981

See #7923 (branch 3.0)

#9 @imath
23 months ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 12215:

BP Nouveau: Avoid escaping single Group description after sanitization

Props MorgunovVit dcavins marcella1981

Fixes #7923 (trunk)

Note: See TracTickets for help on using tickets.