Opened 13 months ago
Closed 9 months ago
#9079 closed defect (bug) (fixed)
PHP code is printed to document source in JS templates
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | 14.0.0 | Priority: | normal |
Severity: | normal | Version: | 12.1.1 |
Component: | Templates | Keywords: | has-patch |
Cc: |
Description
bp_get_dynamic_template_part()
uses file_get_contents()
which means the PHP code in these templates isn't processed by the server. wp_kses()
would strip it, but it's not run when the $type
parameter in this function is set to "js"
. The entirety of the file's contents is output including the PHP comment at the top. This seems to affect three blocks/widgets:
- bp-friends/bp-friends-blocks.php
- bp-groups/bp-groups-blocks.php
- bp-members/bp-members-blocks.php
Attachments (1)
Change History (5)
#1
@
13 months ago
- Keywords needs-patch added
- Milestone changed from Awaiting Review to 14.0.0
Hi @chairmanbrando
Thanks a lot for your feedback. We’ll have it fixed 👌
This ticket was mentioned in PR #289 on buddypress/buddypress by imath.
9 months ago
#3
- Keywords has-patch added; needs-patch removed
This template part is used to preview and display the dynamic widget blocks content. As previewing is made using the REST API, we need to buffer the rendered template to perform token replacements.
Trac ticket: https://buddypress.trac.wordpress.org/ticket/9079
Screenshot of the document source when using the Dynamic Members widget