Changeset 4950

Timestamp:

05/27/2013 06:16:35 AM (13 years ago)

Author:

johnjamesjacoby

Message:

In admin, escape output of translated text where appropriate. Also review and refresh existing escaping approaches. See #1999.

Location:

trunk/includes/admin

Files:

• admin.php (modified) (13 diffs)
• converter.php (modified) (2 diffs)
• forums.php (modified) (2 diffs)
• functions.php (modified) (1 diff)
• metaboxes.php (modified) (13 diffs)
• replies.php (modified) (10 diffs)
• settings.php (modified) (49 diffs)
• tools.php (modified) (4 diffs)
• topics.php (modified) (10 diffs)
• users.php (modified) (3 diffs)

trunk/includes/admin/admin.php

@@ -1336 +1336 @@
 
         <div class="wrap about-wrap">
-            <h1><?php printf( __( 'Welcome to bbPress %s', 'bbpress' ), $display_version ); ?></h1>
-            <div class="about-text"><?php printf( __( 'Thank you for updating to the latest version! bbPress %s goes great with pizza and popcorn, and will nicely complement your community too!', 'bbpress' ), $display_version ); ?></div>
-            <div class="bbp-badge"><?php printf( __( 'Version %s', 'bbpress' ), $display_version ); ?></div>
+            <h1><?php printf( esc_html__( 'Welcome to bbPress %s', 'bbpress' ), $display_version ); ?></h1>
+            <div class="about-text"><?php printf( esc_html__( 'Thank you for updating to the latest version! bbPress %s goes great with pizza and popcorn, and will nicely complement your community too!', 'bbpress' ), $display_version ); ?></div>
+            <div class="bbp-badge"><?php printf( esc_html__( 'Version %s', 'bbpress' ), $display_version ); ?></div>
 
             <h2 class="nav-tab-wrapper">
                 <a class="nav-tab nav-tab-active" href="<?php echo esc_url( admin_url( add_query_arg( array( 'page' => 'bbp-about' ), 'index.php' ) ) ); ?>">
-                    <?php _e( 'What&#8217;s New', 'bbpress' ); ?>
+                    <?php esc_html_e( 'What&#8217;s New', 'bbpress' ); ?>
                 </a><a class="nav-tab" href="<?php echo esc_url( admin_url( add_query_arg( array( 'page' => 'bbp-credits' ), 'index.php' ) ) ); ?>">
-                    <?php _e( 'Credits', 'bbpress' ); ?>
+                    <?php esc_html_e( 'Credits', 'bbpress' ); ?>
                 </a>
             </h2>
 
             <div class="changelog">
-                <h3><?php _e( 'Forum Search', 'bbpress' ); ?></h3>
+                <h3><?php esc_html_e( 'Forum Search', 'bbpress' ); ?></h3>
 
                 <div class="feature-section">
-                    <h4><?php _e( 'Only Forum Content', 'bbpress' ); ?></h4>
-                    <p><?php _e( 'Allow your forums to be searched without mixing in your posts or pages.', 'bbpress' ); ?></p>
-
-                    <h4><?php _e( 'Choose Your Own Slug', 'bbpress' ); ?></h4>
-                    <p><?php _e( 'Setup your forum search to live anywhere relative to the forum index.', 'bbpress' ); ?></p>
+                    <h4><?php esc_html_e( 'Only Forum Content', 'bbpress' ); ?></h4>
+                    <p><?php esc_html_e( 'Allow your forums to be searched without mixing in your posts or pages.', 'bbpress' ); ?></p>
+
+                    <h4><?php esc_html_e( 'Choose Your Own Slug', 'bbpress' ); ?></h4>
+                    <p><?php esc_html_e( 'Setup your forum search to live anywhere relative to the forum index.', 'bbpress' ); ?></p>
                 </div>
             </div>
 
             <div class="changelog">
-                <h3><?php _e( 'New & Improved Forum Importers', 'bbpress' ); ?></h3>
+                <h3><?php esc_html_e( 'New & Improved Forum Importers', 'bbpress' ); ?></h3>
 
                 <div class="feature-section">
-                    <h4><?php _e( 'BBCodes & Smilies', 'bbpress' ); ?></h4>
-                    <p><?php _e( 'Happy faces all-around now that the importers properly convert BBCodes & smilies. :)', 'bbpress' ); ?></p>
-
-                    <h4><?php _e( 'Vanilla', 'bbpress' ); ?></h4>
-                    <p><?php _e( 'Tired of plain old Vanilla? Now you can easily switch to <del>Mint Chocolate Chip</del> bbPress!', 'bbpress' ); ?></p>
-
-                    <h4><?php _e( 'SimplePress', 'bbpress' ); ?></h4>
-                    <p><?php _e( 'Converting an existing SimplePress powered forum to bbPress has never been "simpler!"', 'bbpress' ); ?></p>
-
-                    <h4><?php _e( 'Mingle', 'bbpress' ); ?></h4>
-                    <p><?php _e( 'No time to... chit-chat; convert your Mingle forums to bbPress today!', 'bbpress' ); ?></p>
+                    <h4><?php esc_html_e( 'BBCodes & Smilies', 'bbpress' ); ?></h4>
+                    <p><?php esc_html_e( 'Happy faces all-around now that the importers properly convert BBCodes & smilies. :)', 'bbpress' ); ?></p>
+
+                    <h4><?php esc_html_e( 'Vanilla', 'bbpress' ); ?></h4>
+                    <p><?php esc_html_e( 'Tired of plain old Vanilla? Now you can easily switch to <del>Mint Chocolate Chip</del> bbPress!', 'bbpress' ); ?></p>
+
+                    <h4><?php esc_html_e( 'SimplePress', 'bbpress' ); ?></h4>
+                    <p><?php esc_html_e( 'Converting an existing SimplePress powered forum to bbPress has never been "simpler!"', 'bbpress' ); ?></p>
+
+                    <h4><?php esc_html_e( 'Mingle', 'bbpress' ); ?></h4>
+                    <p><?php esc_html_e( 'No time to... chit-chat; convert your Mingle forums to bbPress today!', 'bbpress' ); ?></p>
                 </div>
             </div>
 
             <div class="changelog">
-                <h3><?php _e( 'Even Better BuddyPress Integration', 'bbpress' ); ?></h3>
+                <h3><?php esc_html_e( 'Even Better BuddyPress Integration', 'bbpress' ); ?></h3>
 
                 <div class="feature-section">
-                    <h4><?php _e( 'bbPress powered BuddyPress Group Forums', 'bbpress' ); ?></h4>
-                    <p><?php _e( 'Use bbPress to manage your BuddyPress Group Forums, allowing for seamless integration and improved plugin performance.', 'bbpress' ); ?></p>
+                    <h4><?php esc_html_e( 'bbPress powered BuddyPress Group Forums', 'bbpress' ); ?></h4>
+                    <p><?php esc_html_e( 'Use bbPress to manage your BuddyPress Group Forums, allowing for seamless integration and improved plugin performance.', 'bbpress' ); ?></p>
                 </div>
             </div>
 
             <div class="changelog">
-                <h3><?php _e( 'Under the Hood', 'bbpress' ); ?></h3>
+                <h3><?php esc_html_e( 'Under the Hood', 'bbpress' ); ?></h3>
 
                 <div class="feature-section col three-col">
                     <div>
-                        <h4><?php _e( 'Smarter Fancy Editor', 'bbpress' ); ?></h4>
-                        <p><?php _e( 'We simplified the Fancy Editor, and the allowed HTML tags that work with it.', 'bbpress' ); ?></p>
-
-                        <h4><?php _e( 'Better Code Posting', 'bbpress' ); ?></h4>
-                        <p><?php _e( 'Your users can now post code snippets without too much hassle.', 'bbpress' ); ?></p>
+                        <h4><?php esc_html_e( 'Smarter Fancy Editor', 'bbpress' ); ?></h4>
+                        <p><?php esc_html_e( 'We simplified the Fancy Editor, and the allowed HTML tags that work with it.', 'bbpress' ); ?></p>
+
+                        <h4><?php esc_html_e( 'Better Code Posting', 'bbpress' ); ?></h4>
+                        <p><?php esc_html_e( 'Your users can now post code snippets without too much hassle.', 'bbpress' ); ?></p>
                     </div>
 
                     <div>
-                        <h4><?php _e( 'Template Stacking', 'bbpress' ); ?></h4>
-                        <p><?php _e( 'Now you can replace specific template parts on the fly without modifying the existing theme.', 'bbpress' ); ?></p>
-
-                        <h4><?php _e( 'TwentyThirteen Tested', 'bbpress' ); ?></h4>
-                        <p><?php _e( 'bbPress 2.3 already works with the in-development TwentyThirteen theme, coming in a future version of WordPress.', 'bbpress' ); ?></p>
+                        <h4><?php esc_html_e( 'Template Stacking', 'bbpress' ); ?></h4>
+                        <p><?php esc_html_e( 'Now you can replace specific template parts on the fly without modifying the existing theme.', 'bbpress' ); ?></p>
+
+                        <h4><?php esc_html_e( 'TwentyThirteen Tested', 'bbpress' ); ?></h4>
+                        <p><?php esc_html_e( 'bbPress 2.3 already works with the in-development TwentyThirteen theme, coming in a future version of WordPress.', 'bbpress' ); ?></p>
                     </div>
 
                     <div class="last-feature">
-                        <h4><?php _e( 'Statistics Shortcode', 'bbpress' ); ?></h4>
-                        <p><?php _e( 'The old statistics easter-egg page was turned into an easy to use shortcode.', 'bbpress' ); ?></p>
-
-                        <h4><?php _e( 'Green Theme Updated', 'bbpress' ); ?></h4>
-                        <p><?php _e( 'The green admin theme easter-egg was updated to work with WordPress 3.5 changes.', 'bbpress' ); ?></p>
+                        <h4><?php esc_html_e( 'Statistics Shortcode', 'bbpress' ); ?></h4>
+                        <p><?php esc_html_e( 'The old statistics easter-egg page was turned into an easy to use shortcode.', 'bbpress' ); ?></p>
+
+                        <h4><?php esc_html_e( 'Green Theme Updated', 'bbpress' ); ?></h4>
+                        <p><?php esc_html_e( 'The green admin theme easter-egg was updated to work with WordPress 3.5 changes.', 'bbpress' ); ?></p>
                     </div>
                 </div>
@@ -1418 +1418 @@
 
             <div class="return-to-dashboard">
-                <a href="<?php echo esc_url( admin_url( add_query_arg( array( 'page' => 'bbpress' ), 'options-general.php' ) ) ); ?>"><?php _e( 'Go to Forum Settings', 'bbpress' ); ?></a>
+                <a href="<?php echo esc_url( admin_url( add_query_arg( array( 'page' => 'bbpress' ), 'options-general.php' ) ) ); ?>"><?php esc_html_e( 'Go to Forum Settings', 'bbpress' ); ?></a>
             </div>
 
@@ -1445 +1445 @@
             <h2 class="nav-tab-wrapper">
                 <a href="<?php echo esc_url( admin_url( add_query_arg( array( 'page' => 'bbp-about' ), 'index.php' ) ) ); ?>" class="nav-tab">
-                    <?php _e( 'What&#8217;s New', 'bbpress' ); ?>
+                    <?php esc_html_e( 'What&#8217;s New', 'bbpress' ); ?>
                 </a><a href="<?php echo esc_url( admin_url( add_query_arg( array( 'page' => 'bbp-credits' ), 'index.php' ) ) ); ?>" class="nav-tab nav-tab-active">
-                    <?php _e( 'Credits', 'bbpress' ); ?>
+                    <?php esc_html_e( 'Credits', 'bbpress' ); ?>
                 </a>
             </h2>
 
-            <p class="about-description"><?php _e( 'bbPress is created by a worldwide swarm of busy, busy bees.', 'bbpress' ); ?></p>
-
-            <h4 class="wp-people-group"><?php _e( 'Project Leaders', 'bbpress' ); ?></h4>
+            <p class="about-description"><?php esc_html_e( 'bbPress is created by a worldwide swarm of busy, busy bees.', 'bbpress' ); ?></p>
+
+            <h4 class="wp-people-group"><?php esc_html_e( 'Project Leaders', 'bbpress' ); ?></h4>
             <ul class="wp-people-group " id="wp-people-group-project-leaders">
                 <li class="wp-person" id="wp-person-matt">
                     <a href="http://profiles.wordpress.org/matt"><img src="http://0.gravatar.com/avatar/767fc9c115a1b989744c755db47feb60?s=60" class="gravatar" alt="Matt Mullenweg" /></a>
                     <a class="web" href="http://profiles.wordpress.org/matt">Matt Mullenweg</a>
-                    <span class="title"><?php _e( 'Founding Developer', 'bbpress' ); ?></span>
+                    <span class="title"><?php esc_html_e( 'Founding Developer', 'bbpress' ); ?></span>
                 </li>
                 <li class="wp-person" id="wp-person-johnjamesjacoby">
                     <a href="http://profiles.wordpress.org/johnjamesjacoby"><img src="http://0.gravatar.com/avatar/81ec16063d89b162d55efe72165c105f?s=60" class="gravatar" alt="John James Jacoby" /></a>
                     <a class="web" href="http://profiles.wordpress.org/johnjamesjacoby">John James Jacoby</a>
-                    <span class="title"><?php _e( 'Lead Developer', 'bbpress' ); ?></span>
+                    <span class="title"><?php esc_html_e( 'Lead Developer', 'bbpress' ); ?></span>
                 </li>
                 <li class="wp-person" id="wp-person-jmdodd">
@@ -1472 +1472 @@
             </ul>
 
-            <h4 class="wp-people-group"><?php _e( 'Contributing Developers', 'bbpress' ); ?></h4>
+            <h4 class="wp-people-group"><?php esc_html_e( 'Contributing Developers', 'bbpress' ); ?></h4>
             <ul class="wp-people-group " id="wp-people-group-contributing-developers">
                 <li class="wp-person" id="wp-person-netweb">
@@ -1491 +1491 @@
             </ul>
 
-            <h4 class="wp-people-group"><?php _e( 'Core Contributors to bbPress 2.3', 'bbpress' ); ?></h4>
+            <h4 class="wp-people-group"><?php esc_html_e( 'Core Contributors to bbPress 2.3', 'bbpress' ); ?></h4>
             <p class="wp-credits-list">
                 <a href="http://profiles.wordpress.org/alexvorn2">alexvorn2</a>,
@@ -1532 +1532 @@
 
             <div class="return-to-dashboard">
-                <a href="<?php echo esc_url( admin_url( add_query_arg( array( 'page' => 'bbpress' ), 'options-general.php' ) ) ); ?>"><?php _e( 'Go to Forum Settings', 'bbpress' ); ?></a>
+                <a href="<?php echo esc_url( admin_url( add_query_arg( array( 'page' => 'bbpress' ), 'options-general.php' ) ) ); ?>"><?php esc_html_e( 'Go to Forum Settings', 'bbpress' ); ?></a>
             </div>
 
@@ -1558 +1558 @@
         <div class="wrap">
             <div id="icon-edit" class="icon32 icon32-posts-topic"><br /></div>
-            <h2><?php _e( 'Update Forum', 'bbpress' ); ?></h2>
+            <h2><?php esc_html_e( 'Update Forum', 'bbpress' ); ?></h2>
 
         <?php
@@ -1569 +1569 @@
                 bbp_version_updater(); ?>
 
-                <p><?php _e( 'All done!', 'bbpress' ); ?></p>
-                <a class="button" href="index.php?page=bbp-update"><?php _e( 'Go Back', 'bbpress' ); ?></a>
+                <p><?php esc_html_e( 'All done!', 'bbpress' ); ?></p>
+                <a class="button" href="index.php?page=bbp-update"><?php esc_html_e( 'Go Back', 'bbpress' ); ?></a>
 
                 <?php
@@ -1579 +1579 @@
             default : ?>
 
-                <p><?php _e( 'You can update your forum through this page. Hit the link below to update.', 'bbpress' ); ?></p>
-                <p><a class="button" href="index.php?page=bbp-update&amp;action=bbp-update"><?php _e( 'Update Forum', 'bbpress' ); ?></a></p>
+                <p><?php esc_html_e( 'You can update your forum through this page. Hit the link below to update.', 'bbpress' ); ?></p>
+                <p><a class="button" href="index.php?page=bbp-update&amp;action=bbp-update"><?php esc_html_e( 'Update Forum', 'bbpress' ); ?></a></p>
 
             <?php break;
@@ -1606 +1606 @@
         <div class="wrap">
             <div id="icon-edit" class="icon32 icon32-posts-topic"><br /></div>
-            <h2><?php _e( 'Update Forums', 'bbpress' ); ?></h2>
+            <h2><?php esc_html_e( 'Update Forums', 'bbpress' ); ?></h2>
 
         <?php
@@ -1623 +1623 @@
                 if ( empty( $blogs ) ) : ?>
 
-                    <p><?php _e( 'All done!', 'bbpress' ); ?></p>
-                    <a class="button" href="update-core.php?page=bbpress-update"><?php _e( 'Go Back', 'bbpress' ); ?></a>
+                    <p><?php esc_html_e( 'All done!', 'bbpress' ); ?></p>
+                    <a class="button" href="update-core.php?page=bbpress-update"><?php esc_html_e( 'Go Back', 'bbpress' ); ?></a>
 
                     <?php break; ?>
@@ -1675 +1675 @@
 
                     <p>
-                        <?php _e( 'If your browser doesn&#8217;t start loading the next page automatically, click this link:', 'bbpress' ); ?>
-                        <a class="button" href="update-core.php?page=bbpress-update&amp;action=bbpress-update&amp;n=<?php echo ( $n + 5 ); ?>"><?php _e( 'Next Forums', 'bbpress' ); ?></a>
+                        <?php esc_html_e( 'If your browser doesn&#8217;t start loading the next page automatically, click this link:', 'bbpress' ); ?>
+                        <a class="button" href="update-core.php?page=bbpress-update&amp;action=bbpress-update&amp;n=<?php echo ( $n + 5 ); ?>"><?php esc_html_e( 'Next Forums', 'bbpress' ); ?></a>
                     </p>
                     <script type='text/javascript'>
@@ -1694 +1694 @@
             default : ?>
 
-                <p><?php _e( 'You can update all the forums on your network through this page. It works by calling the update script of each site automatically. Hit the link below to update.', 'bbpress' ); ?></p>
-                <p><a class="button" href="update-core.php?page=bbpress-update&amp;action=bbpress-update"><?php _e( 'Update Forums', 'bbpress' ); ?></a></p>
+                <p><?php esc_html_e( 'You can update all the forums on your network through this page. It works by calling the update script of each site automatically. Hit the link below to update.', 'bbpress' ); ?></p>
+                <p><a class="button" href="update-core.php?page=bbpress-update&amp;action=bbpress-update"><?php esc_html_e( 'Update Forums', 'bbpress' ); ?></a></p>
 
             <?php break;

trunk/includes/admin/converter.php

@@ -221 +221 @@
                     jQuery('#bbp-converter-stop').show();
                     jQuery('#bbp-converter-progress').show();
-                    bbconverter_log( '<p class="loading"><?php _e( 'Starting Conversion', 'bbpress' ); ?></p>' );
+                    bbconverter_log( '<p class="loading"><?php esc_html_e( 'Starting Conversion', 'bbpress' ); ?></p>' );
                     bbconverter_run();
                 }
@@ -246 +246 @@
                 bbconverter_log(response);
 
-                if ( response == '<p class="loading"><?php _e( 'Conversion Complete', 'bbpress' ); ?></p>' || response.indexOf('error') > -1 ) {
+                if ( response == '<p class="loading"><?php esc_html_e( 'Conversion Complete', 'bbpress' ); ?></p>' || response.indexOf('error') > -1 ) {
                     bbconverter_log('<p>Repair any missing information: <a href="<?php echo admin_url(); ?>tools.php?page=bbp-repair">Continue</a></p>');
                     bbconverter_stop();

trunk/includes/admin/forums.php

@@ -449 +449 @@
 
             case 'bbp_forum_created':
-                printf( __( '%1$s <br /> %2$s', 'bbpress' ),
+                printf( '%1$s <br /> %2$s',
                     get_the_date(),
                     esc_attr( get_the_time() )
@@ -459 +459 @@
                 $last_active = bbp_get_forum_last_active_time( $forum_id, false );
                 if ( !empty( $last_active ) )
-                    echo $last_active;
+                    echo esc_html( $last_active );
                 else
-                    _e( 'No Topics', 'bbpress' );
+                    esc_html_e( 'No Topics', 'bbpress' );
 
                 break;

trunk/includes/admin/functions.php

@@ -247 +247 @@
 
         // Loop through tabs and build navigation
-        foreach( $tabs as $tab_id => $tab_data ) {
+        foreach( array_values( $tabs ) as $tab_data ) {
             $is_current = (bool) ( $tab_data['name'] == $active_tab );
             $tab_class  = $is_current ? $active_class : $idle_class;
-            $tabs_html .= '<a href="' . $tab_data['href'] . '" class="' . $tab_class . '">' . $tab_data['name'] . '</a>';
+            $tabs_html .= '<a href="' . esc_url( $tab_data['href'] ) . '" class="' . esc_attr( $tab_class ) . '">' . esc_html( $tab_data['name'] ) . '</a>';
         }
 

trunk/includes/admin/metaboxes.php

@@ -40 +40 @@
     <div class="table table_content">
 
-        <p class="sub"><?php _e( 'Discussion', 'bbpress' ); ?></p>
+        <p class="sub"><?php esc_html_e( 'Discussion', 'bbpress' ); ?></p>
 
         <table>
@@ -125 +125 @@
     <div class="table table_discussion">
 
-        <p class="sub"><?php _e( 'Users &amp; Moderation', 'bbpress' ); ?></p>
+        <p class="sub"><?php esc_html_e( 'Users &amp; Moderation', 'bbpress' ); ?></p>
 
         <table>
@@ -259 +259 @@
 
     <p>
-        <strong class="label"><?php _e( 'Type:', 'bbpress' ); ?></strong>
-        <label class="screen-reader-text" for="bbp_forum_type_select"><?php _e( 'Type:', 'bbpress' ) ?></label>
+        <strong class="label"><?php esc_html_e( 'Type:', 'bbpress' ); ?></strong>
+        <label class="screen-reader-text" for="bbp_forum_type_select"><?php esc_html_e( 'Type:', 'bbpress' ) ?></label>
         <?php bbp_form_forum_type_dropdown( $post_id ); ?>
     </p>
@@ -271 +271 @@
 
     <p>
-        <strong class="label"><?php _e( 'Status:', 'bbpress' ); ?></strong>
-        <label class="screen-reader-text" for="bbp_forum_status_select"><?php _e( 'Status:', 'bbpress' ) ?></label>
+        <strong class="label"><?php esc_html_e( 'Status:', 'bbpress' ); ?></strong>
+        <label class="screen-reader-text" for="bbp_forum_status_select"><?php esc_html_e( 'Status:', 'bbpress' ) ?></label>
         <?php bbp_form_forum_status_dropdown( $post_id ); ?>
     </p>
@@ -283 +283 @@
 
     <p>
-        <strong class="label"><?php _e( 'Visibility:', 'bbpress' ); ?></strong>
-        <label class="screen-reader-text" for="bbp_forum_visibility_select"><?php _e( 'Visibility:', 'bbpress' ) ?></label>
+        <strong class="label"><?php esc_html_e( 'Visibility:', 'bbpress' ); ?></strong>
+        <label class="screen-reader-text" for="bbp_forum_visibility_select"><?php esc_html_e( 'Visibility:', 'bbpress' ) ?></label>
         <?php bbp_form_forum_visibility_dropdown( $post_id ); ?>
     </p>
@@ -297 +297 @@
 
     <p>
-        <strong class="label"><?php _e( 'Parent:', 'bbpress' ); ?></strong>
-        <label class="screen-reader-text" for="parent_id"><?php _e( 'Forum Parent', 'bbpress' ); ?></label>
+        <strong class="label"><?php esc_html_e( 'Parent:', 'bbpress' ); ?></strong>
+        <label class="screen-reader-text" for="parent_id"><?php esc_html_e( 'Forum Parent', 'bbpress' ); ?></label>
         <?php bbp_dropdown( array(
             'post_type'          => bbp_get_forum_post_type(),
@@ -320 +320 @@
 
     <p>
-        <strong class="label"><?php _e( 'Order:', 'bbpress' ); ?></strong>
-        <label class="screen-reader-text" for="menu_order"><?php _e( 'Forum Order', 'bbpress' ); ?></label>
+        <strong class="label"><?php esc_html_e( 'Order:', 'bbpress' ); ?></strong>
+        <label class="screen-reader-text" for="menu_order"><?php esc_html_e( 'Forum Order', 'bbpress' ); ?></label>
         <input name="menu_order" type="number" step="1" size="4" id="menu_order" value="<?php echo esc_attr( $menu_order ); ?>" />
     </p>
@@ -348 +348 @@
 
     <p>
-        <strong class="label"><?php _e( 'Type:', 'bbpress' ); ?></strong>
-        <label class="screen-reader-text" for="bbp_stick_topic"><?php _e( 'Topic Type', 'bbpress' ); ?></label>
+        <strong class="label"><?php esc_html_e( 'Type:', 'bbpress' ); ?></strong>
+        <label class="screen-reader-text" for="bbp_stick_topic"><?php esc_html_e( 'Topic Type', 'bbpress' ); ?></label>
         <?php bbp_topic_type_select( array( 'topic_id' => $post_id ) ); ?>
     </p>
 
     <p>
-        <strong class="label"><?php _e( 'Forum:', 'bbpress' ); ?></strong>
-        <label class="screen-reader-text" for="parent_id"><?php _e( 'Forum', 'bbpress' ); ?></label>
+        <strong class="label"><?php esc_html_e( 'Forum:', 'bbpress' ); ?></strong>
+        <label class="screen-reader-text" for="parent_id"><?php esc_html_e( 'Forum', 'bbpress' ); ?></label>
         <?php bbp_dropdown( array(
             'post_type'          => bbp_get_forum_post_type(),
@@ -407 +407 @@
 
         <p>
-            <strong class="label"><?php _e( 'Forum:', 'bbpress' ); ?></strong>
-            <label class="screen-reader-text" for="bbp_forum_id"><?php _e( 'Forum', 'bbpress' ); ?></label>
+            <strong class="label"><?php esc_html_e( 'Forum:', 'bbpress' ); ?></strong>
+            <label class="screen-reader-text" for="bbp_forum_id"><?php esc_html_e( 'Forum', 'bbpress' ); ?></label>
             <?php bbp_dropdown( array(
                 'post_type'          => bbp_get_forum_post_type(),
@@ -432 +432 @@
 
     <p>
-        <strong class="label"><?php _e( 'Topic:', 'bbpress' ); ?></strong>
-        <label class="screen-reader-text" for="parent_id"><?php _e( 'Topic', 'bbpress' ); ?></label>
+        <strong class="label"><?php esc_html_e( 'Topic:', 'bbpress' ); ?></strong>
+        <label class="screen-reader-text" for="parent_id"><?php esc_html_e( 'Topic', 'bbpress' ); ?></label>
         <input name="parent_id" id="bbp_topic_id" type="text" value="<?php echo esc_attr( $reply_topic_id ); ?>" />
     </p>
 
     <p>
-        <strong class="label"><?php _e( 'Reply To:', 'bbpress' ); ?></strong>
-        <label class="screen-reader-text" for="bbp_reply_to"><?php _e( 'Reply To', 'bbpress' ); ?></label>
+        <strong class="label"><?php esc_html_e( 'Reply To:', 'bbpress' ); ?></strong>
+        <label class="screen-reader-text" for="bbp_reply_to"><?php esc_html_e( 'Reply To', 'bbpress' ); ?></label>
         <input name="bbp_reply_to" id="bbp_reply_to" type="text" value="<?php echo esc_attr( $reply_to ); ?>" />
     </p>
@@ -469 +469 @@
 
         <p>
-            <strong class="label"><?php _e( 'Name:', 'bbpress' ); ?></strong>
-            <label class="screen-reader-text" for="bbp_anonymous_name"><?php _e( 'Name', 'bbpress' ); ?></label>
+            <strong class="label"><?php esc_html_e( 'Name:', 'bbpress' ); ?></strong>
+            <label class="screen-reader-text" for="bbp_anonymous_name"><?php esc_html_e( 'Name', 'bbpress' ); ?></label>
             <input type="text" id="bbp_anonymous_name" name="bbp_anonymous_name" value="<?php echo esc_attr( get_post_meta( $post_id, '_bbp_anonymous_name', true ) ); ?>" />
         </p>
 
         <p>
-            <strong class="label"><?php _e( 'Email:', 'bbpress' ); ?></strong>
-            <label class="screen-reader-text" for="bbp_anonymous_email"><?php _e( 'Email', 'bbpress' ); ?></label>
+            <strong class="label"><?php esc_html_e( 'Email:', 'bbpress' ); ?></strong>
+            <label class="screen-reader-text" for="bbp_anonymous_email"><?php esc_html_e( 'Email', 'bbpress' ); ?></label>
             <input type="text" id="bbp_anonymous_email" name="bbp_anonymous_email" value="<?php echo esc_attr( get_post_meta( $post_id, '_bbp_anonymous_email', true ) ); ?>" />
         </p>
 
         <p>
-            <strong class="label"><?php _e( 'Website:', 'bbpress' ); ?></strong>
-            <label class="screen-reader-text" for="bbp_anonymous_website"><?php _e( 'Website', 'bbpress' ); ?></label>
+            <strong class="label"><?php esc_html_e( 'Website:', 'bbpress' ); ?></strong>
+            <label class="screen-reader-text" for="bbp_anonymous_website"><?php esc_html_e( 'Website', 'bbpress' ); ?></label>
             <input type="text" id="bbp_anonymous_website" name="bbp_anonymous_website" value="<?php echo esc_attr( get_post_meta( $post_id, '_bbp_anonymous_website', true ) ); ?>" />
         </p>
@@ -489 +489 @@
 
         <p>
-            <strong class="label"><?php _e( 'Name:', 'bbpress' ); ?></strong>
-            <label class="screen-reader-text" for="bbp_author_name"><?php _e( 'Name', 'bbpress' ); ?></label>
+            <strong class="label"><?php esc_html_e( 'Name:', 'bbpress' ); ?></strong>
+            <label class="screen-reader-text" for="bbp_author_name"><?php esc_html_e( 'Name', 'bbpress' ); ?></label>
             <input type="text" id="bbp_author_name" name="bbp_author_name" value="<?php echo esc_attr( get_the_author_meta( 'nicename', bbp_get_global_post_field( 'post_author' ) ) ); ?>" disabled="disabled" />
         </p>
 
         <p>
-            <strong class="label"><?php _e( 'Email:', 'bbpress' ); ?></strong>
-            <label class="screen-reader-text" for="bbp_author_email"><?php _e( 'Email', 'bbpress' ); ?></label>
+            <strong class="label"><?php esc_html_e( 'Email:', 'bbpress' ); ?></strong>
+            <label class="screen-reader-text" for="bbp_author_email"><?php esc_html_e( 'Email', 'bbpress' ); ?></label>
             <input type="text" id="bbp_author_email" name="bbp_author_email" value="<?php echo esc_attr( get_the_author_meta( 'email', bbp_get_global_post_field( 'post_author' ) ) ); ?>" disabled="disabled" />
         </p>
@@ -503 +503 @@
 
     <p>
-        <strong class="label"><?php _e( 'IP:', 'bbpress' ); ?></strong>
-        <label class="screen-reader-text" for="bbp_author_ip_address"><?php _e( 'IP Address', 'bbpress' ); ?></label>
+        <strong class="label"><?php esc_html_e( 'IP:', 'bbpress' ); ?></strong>
+        <label class="screen-reader-text" for="bbp_author_ip_address"><?php esc_html_e( 'IP Address', 'bbpress' ); ?></label>
         <input type="text" id="bbp_author_ip_address" name="bbp_author_ip_address" value="<?php echo esc_attr( get_post_meta( $post_id, '_bbp_author_ip', true ) ); ?>" disabled="disabled" />
     </p>

trunk/includes/admin/replies.php

@@ -526 +526 @@
                 return;
 
-            $reply_title = esc_html( bbp_get_reply_title( $reply->ID ) );
+            $reply_title = bbp_get_reply_title( $reply->ID );
 
             switch ( $notice ) {
@@ -544 +544 @@
 
             <div id="message" class="<?php echo $is_failure == true ? 'error' : 'updated'; ?> fade">
-                <p style="line-height: 150%"><?php echo $message; ?></p>
+                <p style="line-height: 150%"><?php echo esc_html( $message ); ?></p>
             </div>
 
@@ -624 +624 @@
                     $topic_title = bbp_get_topic_title( $topic_id );
                     if ( empty( $topic_title ) ) {
-                        $topic_title = __( 'No Topic', 'bbpress' );
+                        $topic_title = esc_html__( 'No Topic', 'bbpress' );
                     }
 
@@ -632 +632 @@
                 // Reply has no topic
                 } else {
-                    _e( 'No Topic', 'bbpress' );
+                    esc_html_e( 'No Topic', 'bbpress' );
                 }
 
@@ -650 +650 @@
                     $forum_title = bbp_get_forum_title( $reply_forum_id );
                     if ( empty( $forum_title ) ) {
-                        $forum_title = __( 'No Forum', 'bbpress' );
+                        $forum_title = esc_html__( 'No Forum', 'bbpress' );
                     }
 
@@ -656 +656 @@
                     if ( $reply_forum_id != $topic_forum_id ) {
                         if ( current_user_can( 'edit_others_replies' ) || current_user_can( 'moderate' ) ) {
-                            $forum_title .= '<div class="attention">' . __( '(Mismatch)', 'bbpress' ) . '</div>';
+                            $forum_title .= '<div class="attention">' . esc_html__( '(Mismatch)', 'bbpress' ) . '</div>';
                         }
                     }
@@ -679 +679 @@
 
                 // Output last activity time and date
-                printf( __( '%1$s <br /> %2$s', 'bbpress' ),
+                printf( '%1$s <br /> %2$s',
                     get_the_date(),
                     esc_attr( get_the_time() )
@@ -724 +724 @@
 
         // Reply view links to topic
-        $actions['view'] = '<a href="' . bbp_get_reply_url( $reply->ID ) . '" title="' . esc_attr( sprintf( __( 'View &#8220;%s&#8221;', 'bbpress' ), bbp_get_reply_title( $reply->ID ) ) ) . '" rel="permalink">' . __( 'View', 'bbpress' ) . '</a>';
+        $actions['view'] = '<a href="' . bbp_get_reply_url( $reply->ID ) . '" title="' . esc_attr( sprintf( __( 'View &#8220;%s&#8221;', 'bbpress' ), bbp_get_reply_title( $reply->ID ) ) ) . '" rel="permalink">' . esc_html__( 'View', 'bbpress' ) . '</a>';
 
         // User cannot view replies in trash
@@ -733 +733 @@
         if ( current_user_can( 'moderate', $reply->ID ) ) {
             if ( in_array( $reply->post_status, array( bbp_get_public_status_id(), bbp_get_spam_status_id() ) ) ) {
-                $spam_uri  = esc_url( wp_nonce_url( add_query_arg( array( 'reply_id' => $reply->ID, 'action' => 'bbp_toggle_reply_spam' ), remove_query_arg( array( 'bbp_reply_toggle_notice', 'reply_id', 'failed', 'super' ) ) ), 'spam-reply_'  . $reply->ID ) );
+                $spam_uri  = wp_nonce_url( add_query_arg( array( 'reply_id' => $reply->ID, 'action' => 'bbp_toggle_reply_spam' ), remove_query_arg( array( 'bbp_reply_toggle_notice', 'reply_id', 'failed', 'super' ) ) ), 'spam-reply_'  . $reply->ID );
                 if ( bbp_is_reply_spam( $reply->ID ) ) {
-                    $actions['spam'] = '<a href="' . $spam_uri . '" title="' . esc_attr__( 'Mark the reply as not spam', 'bbpress' ) . '">' . __( 'Not spam', 'bbpress' ) . '</a>';
+                    $actions['spam'] = '<a href="' . esc_url( $spam_uri ) . '" title="' . esc_attr__( 'Mark the reply as not spam', 'bbpress' ) . '">' . esc_html__( 'Not spam', 'bbpress' ) . '</a>';
                 } else {
-                    $actions['spam'] = '<a href="' . $spam_uri . '" title="' . esc_attr__( 'Mark this reply as spam',    'bbpress' ) . '">' . __( 'Spam',     'bbpress' ) . '</a>';
+                    $actions['spam'] = '<a href="' . esc_url( $spam_uri ) . '" title="' . esc_attr__( 'Mark this reply as spam',    'bbpress' ) . '">' . esc_html__( 'Spam',     'bbpress' ) . '</a>';
                 }
             }
@@ -745 +745 @@
         if ( current_user_can( 'delete_reply', $reply->ID ) ) {
             if ( bbp_get_trash_status_id() == $reply->post_status ) {
-                $post_type_object = get_post_type_object( bbp_get_reply_post_type() );
-                $actions['untrash'] = "<a title='" . esc_attr__( 'Restore this item from the Trash', 'bbpress' ) . "' href='" . add_query_arg( array( '_wp_http_referer' => add_query_arg( array( 'post_type' => bbp_get_reply_post_type() ), admin_url( 'edit.php' ) ) ), wp_nonce_url( admin_url( sprintf( $post_type_object->_edit_link . '&amp;action=untrash', $reply->ID ) ), 'untrash-' . $reply->post_type . '_' . $reply->ID ) ) . "'>" . __( 'Restore', 'bbpress' ) . "</a>";
+                $post_type_object   = get_post_type_object( bbp_get_reply_post_type() );
+                $actions['untrash'] = "<a title='" . esc_attr__( 'Restore this item from the Trash', 'bbpress' ) . "' href='" . add_query_arg( array( '_wp_http_referer' => add_query_arg( array( 'post_type' => bbp_get_reply_post_type() ), admin_url( 'edit.php' ) ) ), wp_nonce_url( admin_url( sprintf( $post_type_object->_edit_link . '&amp;action=untrash', $reply->ID ) ), 'untrash-' . $reply->post_type . '_' . $reply->ID ) ) . "'>" . esc_html__( 'Restore', 'bbpress' ) . "</a>";
             } elseif ( EMPTY_TRASH_DAYS ) {
-                $actions['trash'] = "<a class='submitdelete' title='" . esc_attr__( 'Move this item to the Trash', 'bbpress' ) . "' href='" . add_query_arg( array( '_wp_http_referer' => add_query_arg( array( 'post_type' => bbp_get_reply_post_type() ), admin_url( 'edit.php' ) ) ), get_delete_post_link( $reply->ID ) ) . "'>" . __( 'Trash', 'bbpress' ) . "</a>";
+                $actions['trash'] = "<a class='submitdelete' title='" . esc_attr__( 'Move this item to the Trash', 'bbpress' ) . "' href='" . add_query_arg( array( '_wp_http_referer' => add_query_arg( array( 'post_type' => bbp_get_reply_post_type() ), admin_url( 'edit.php' ) ) ), get_delete_post_link( $reply->ID ) ) . "'>" . esc_html__( 'Trash', 'bbpress' ) . "</a>";
             }
 
             if ( bbp_get_trash_status_id() == $reply->post_status || !EMPTY_TRASH_DAYS ) {
-                $actions['delete'] = "<a class='submitdelete' title='" . esc_attr__( 'Delete this item permanently', 'bbpress' ) . "' href='" . add_query_arg( array( '_wp_http_referer' => add_query_arg( array( 'post_type' => bbp_get_reply_post_type() ), admin_url( 'edit.php' ) ) ), get_delete_post_link( $reply->ID, '', true ) ) . "'>" . __( 'Delete Permanently', 'bbpress' ) . "</a>";
+                $actions['delete'] = "<a class='submitdelete' title='" . esc_attr__( 'Delete this item permanently', 'bbpress' ) . "' href='" . add_query_arg( array( '_wp_http_referer' => add_query_arg( array( 'post_type' => bbp_get_reply_post_type() ), admin_url( 'edit.php' ) ) ), get_delete_post_link( $reply->ID, '', true ) ) . "'>" . esc_html__( 'Delete Permanently', 'bbpress' ) . "</a>";
             } elseif ( bbp_get_spam_status_id() == $reply->post_status ) {
                 unset( $actions['trash'] );

trunk/includes/admin/settings.php

@@ -21 +21 @@
 function bbp_admin_get_settings_sections() {
     return (array) apply_filters( 'bbp_admin_get_settings_sections', array(
-
-        //
         'bbp_settings_main' => array(
             'title'    => __( 'Main Forum Settings', 'bbpress' ),
@@ -428 +426 @@
 ?>
 
-    <p><?php _e( 'Main forum settings for enabling features and setting time limits', 'bbpress' ); ?></p>
+    <p><?php esc_html_e( 'Main forum settings for enabling features and setting time limits', 'bbpress' ); ?></p>
 
 <?php
@@ -444 +442 @@
 
     <input name="_bbp_edit_lock" type="number" min="0" step="1" id="_bbp_edit_lock" value="<?php bbp_form_option( '_bbp_edit_lock', '5' ); ?>" class="small-text"<?php bbp_maybe_admin_setting_disabled( '_bbp_edit_lock' ); ?> />
-    <label for="_bbp_edit_lock"><?php _e( 'minutes', 'bbpress' ); ?></label>
+    <label for="_bbp_edit_lock"><?php esc_html_e( 'minutes', 'bbpress' ); ?></label>
 
 <?php
@@ -460 +458 @@
 
     <input name="_bbp_throttle_time" type="number" min="0" step="1" id="_bbp_throttle_time" value="<?php bbp_form_option( '_bbp_throttle_time', '10' ); ?>" class="small-text"<?php bbp_maybe_admin_setting_disabled( '_bbp_throttle_time' ); ?> />
-    <label for="_bbp_throttle_time"><?php _e( 'seconds', 'bbpress' ); ?></label>
+    <label for="_bbp_throttle_time"><?php esc_html_e( 'seconds', 'bbpress' ); ?></label>
 
 <?php
@@ -476 +474 @@
 
     <input id="_bbp_enable_favorites" name="_bbp_enable_favorites" type="checkbox" id="_bbp_enable_favorites" value="1" <?php checked( bbp_is_favorites_active( true ) ); bbp_maybe_admin_setting_disabled( '_bbp_enable_favorites' ); ?> />
-    <label for="_bbp_enable_favorites"><?php _e( 'Allow users to mark topics as favorites', 'bbpress' ); ?></label>
+    <label for="_bbp_enable_favorites"><?php esc_html_e( 'Allow users to mark topics as favorites', 'bbpress' ); ?></label>
 
 <?php
@@ -492 +490 @@
 
     <input id="_bbp_enable_subscriptions" name="_bbp_enable_subscriptions" type="checkbox" id="_bbp_enable_subscriptions" value="1" <?php checked( bbp_is_subscriptions_active( true ) ); bbp_maybe_admin_setting_disabled( '_bbp_enable_subscriptions' ); ?> />
-    <label for="_bbp_enable_subscriptions"><?php _e( 'Allow users to subscribe to topics', 'bbpress' ); ?></label>
+    <label for="_bbp_enable_subscriptions"><?php esc_html_e( 'Allow users to subscribe to topics', 'bbpress' ); ?></label>
 
 <?php
@@ -508 +506 @@
 
     <input id="_bbp_allow_topic_tags" name="_bbp_allow_topic_tags" type="checkbox" id="_bbp_allow_topic_tags" value="1" <?php checked( bbp_allow_topic_tags( true ) ); bbp_maybe_admin_setting_disabled( '_bbp_allow_topic_tags' ); ?> />
-    <label for="_bbp_allow_topic_tags"><?php _e( 'Allow topics to have tags', 'bbpress' ); ?></label>
+    <label for="_bbp_allow_topic_tags"><?php esc_html_e( 'Allow topics to have tags', 'bbpress' ); ?></label>
 
 <?php
@@ -538 +536 @@
     </select>
 
-    <label for="_bbp_thread_replies_depth"><?php _e( 'levels deep', 'bbpress' ); ?></label>
+    <label for="_bbp_thread_replies_depth"><?php esc_html_e( 'levels deep', 'bbpress' ); ?></label>
 
 <?php
@@ -554 +552 @@
 
     <input id="_bbp_allow_revisions" name="_bbp_allow_revisions" type="checkbox" id="_bbp_allow_revisions" value="1" <?php checked( bbp_allow_revisions( true ) ); bbp_maybe_admin_setting_disabled( '_bbp_allow_revisions' ); ?> />
-    <label for="_bbp_allow_revisions"><?php _e( 'Allow topic and reply revision logging', 'bbpress' ); ?></label>
+    <label for="_bbp_allow_revisions"><?php esc_html_e( 'Allow topic and reply revision logging', 'bbpress' ); ?></label>
 
 <?php
@@ -570 +568 @@
 
     <input id="_bbp_allow_anonymous" name="_bbp_allow_anonymous" type="checkbox" id="_bbp_allow_anonymous" value="1" <?php checked( bbp_allow_anonymous( false ) ); bbp_maybe_admin_setting_disabled( '_bbp_allow_anonymous' ); ?> />
-    <label for="_bbp_allow_anonymous"><?php _e( 'Allow guest users without accounts to create topics and replies', 'bbpress' ); ?></label>
+    <label for="_bbp_allow_anonymous"><?php esc_html_e( 'Allow guest users without accounts to create topics and replies', 'bbpress' ); ?></label>
 
 <?php
@@ -586 +584 @@
 
     <input id="_bbp_allow_global_access" name="_bbp_allow_global_access" type="checkbox" id="_bbp_allow_global_access" value="1" <?php checked( bbp_allow_global_access( true ) ); bbp_maybe_admin_setting_disabled( '_bbp_allow_global_access' ); ?> />
-    <label for="_bbp_allow_global_access"><?php _e( 'Automatically assign default role to new, registered users upon visiting the site.', 'bbpress' ); ?></label>
+    <label for="_bbp_allow_global_access"><?php esc_html_e( 'Automatically assign default role to new, registered users upon visiting the site.', 'bbpress' ); ?></label>
 
 <?php
@@ -624 +622 @@
 
     <input id="_bbp_use_wp_editor" name="_bbp_use_wp_editor" type="checkbox" id="_bbp_use_wp_editor" value="1" <?php checked( bbp_use_wp_editor( true ) ); bbp_maybe_admin_setting_disabled( '_bbp_use_wp_editor' ); ?> />
-    <label for="_bbp_use_wp_editor"><?php _e( 'Use the fancy WordPress editor to create and edit topics and replies', 'bbpress' ); ?></label>
+    <label for="_bbp_use_wp_editor"><?php esc_html_e( 'Use the fancy WordPress editor to create and edit topics and replies', 'bbpress' ); ?></label>
 
 <?php
@@ -637 +635 @@
 ?>
 
-    <p><?php _e( 'How your forum content is displayed within your existing theme.', 'bbpress' ); ?></p>
+    <p><?php esc_html_e( 'How your forum content is displayed within your existing theme.', 'bbpress' ); ?></p>
 
 <?php
@@ -661 +659 @@
     // @see bbPress::register_theme_packages()
     foreach ( (array) bbpress()->theme_compat->packages as $id => $theme ) {
-        $theme_options .= '<option value="' . esc_attr( $id ) . '"' . selected( $theme->id, $current_package, false ) . '>' . sprintf( __( '%1$s - %2$s', 'bbpress' ), esc_html( $theme->name ), esc_html( str_replace( WP_CONTENT_DIR, '', $theme->dir ) ) )  . '</option>';
+        $theme_options .= '<option value="' . esc_attr( $id ) . '"' . selected( $theme->id, $current_package, false ) . '>' . sprintf( esc_html__( '%1$s - %2$s', 'bbpress' ), esc_html( $theme->name ), esc_html( str_replace( WP_CONTENT_DIR, '', $theme->dir ) ) )  . '</option>';
     }
 
@@ -667 +665 @@
 
         <select name="_bbp_theme_package_id" id="_bbp_theme_package_id" <?php bbp_maybe_admin_setting_disabled( '_bbp_theme_package_id' ); ?>><?php echo $theme_options ?></select>
-        <label for="_bbp_theme_package_id"><?php _e( 'will serve all bbPress templates', 'bbpress' ); ?></label>
+        <label for="_bbp_theme_package_id"><?php esc_html_e( 'will serve all bbPress templates', 'bbpress' ); ?></label>
 
     <?php else : ?>
 
-        <p><?php _e( 'No template packages available.', 'bbpress' ); ?></p>
+        <p><?php esc_html_e( 'No template packages available.', 'bbpress' ); ?></p>
 
     <?php endif;
@@ -687 +685 @@
 
     <input id="_bbp_use_autoembed" name="_bbp_use_autoembed" type="checkbox" id="_bbp_use_autoembed" value="1" <?php checked( bbp_use_autoembed( true ) ); bbp_maybe_admin_setting_disabled( '_bbp_use_autoembed' ); ?> />
-    <label for="_bbp_use_autoembed"><?php _e( 'Embed media (YouTube, Twitter, Flickr, etc...) directly into topics and replies', 'bbpress' ); ?></label>
+    <label for="_bbp_use_autoembed"><?php esc_html_e( 'Embed media (YouTube, Twitter, Flickr, etc...) directly into topics and replies', 'bbpress' ); ?></label>
 
 <?php
@@ -702 +700 @@
 ?>
 
-    <p><?php _e( 'How many topics and replies to show per page', 'bbpress' ); ?></p>
+    <p><?php esc_html_e( 'How many topics and replies to show per page', 'bbpress' ); ?></p>
 
 <?php
@@ -718 +716 @@
 
     <input name="_bbp_topics_per_page" type="number" min="1" step="1" id="_bbp_topics_per_page" value="<?php bbp_form_option( '_bbp_topics_per_page', '15' ); ?>" class="small-text"<?php bbp_maybe_admin_setting_disabled( '_bbp_topics_per_page' ); ?> />
-    <label for="_bbp_topics_per_page"><?php _e( 'per page', 'bbpress' ); ?></label>
+    <label for="_bbp_topics_per_page"><?php esc_html_e( 'per page', 'bbpress' ); ?></label>
 
 <?php
@@ -734 +732 @@
 
     <input name="_bbp_replies_per_page" type="number" min="1" step="1" id="_bbp_replies_per_page" value="<?php bbp_form_option( '_bbp_replies_per_page', '15' ); ?>" class="small-text"<?php bbp_maybe_admin_setting_disabled( '_bbp_replies_per_page' ); ?> />
-    <label for="_bbp_replies_per_page"><?php _e( 'per page', 'bbpress' ); ?></label>
+    <label for="_bbp_replies_per_page"><?php esc_html_e( 'per page', 'bbpress' ); ?></label>
 
 <?php
@@ -749 +747 @@
 ?>
 
-    <p><?php _e( 'How many topics and replies to show per RSS page', 'bbpress' ); ?></p>
+    <p><?php esc_html_e( 'How many topics and replies to show per RSS page', 'bbpress' ); ?></p>
 
 <?php
@@ -765 +763 @@
 
     <input name="_bbp_topics_per_rss_page" type="number" min="1" step="1" id="_bbp_topics_per_rss_page" value="<?php bbp_form_option( '_bbp_topics_per_rss_page', '25' ); ?>" class="small-text"<?php bbp_maybe_admin_setting_disabled( '_bbp_topics_per_rss_page' ); ?> />
-    <label for="_bbp_topics_per_rss_page"><?php _e( 'per page', 'bbpress' ); ?></label>
+    <label for="_bbp_topics_per_rss_page"><?php esc_html_e( 'per page', 'bbpress' ); ?></label>
 
 <?php
@@ -781 +779 @@
 
     <input name="_bbp_replies_per_rss_page" type="number" min="1" step="1" id="_bbp_replies_per_rss_page" value="<?php bbp_form_option( '_bbp_replies_per_rss_page', '25' ); ?>" class="small-text"<?php bbp_maybe_admin_setting_disabled( '_bbp_replies_per_rss_page' ); ?> />
-    <label for="_bbp_replies_per_rss_page"><?php _e( 'per page', 'bbpress' ); ?></label>
+    <label for="_bbp_replies_per_rss_page"><?php esc_html_e( 'per page', 'bbpress' ); ?></label>
 
 <?php
@@ -799 +797 @@
         flush_rewrite_rules(); ?>
 
-    <p><?php _e( 'Customize your Forums root. Partner with a WordPress Page and use Shortcodes for more flexibility.', 'bbpress' ); ?></p>
+    <p><?php esc_html_e( 'Customize your Forums root. Partner with a WordPress Page and use Shortcodes for more flexibility.', 'bbpress' ); ?></p>
 
 <?php
@@ -832 +830 @@
 
     <input id="_bbp_include_root" name="_bbp_include_root" type="checkbox" id="_bbp_include_root" value="1" <?php checked( bbp_include_root_slug() ); bbp_maybe_admin_setting_disabled( '_bbp_include_root' ); ?> />
-    <label for="_bbp_include_root"><?php _e( 'Prefix all forum content with the Forum Root slug (Recommended)', 'bbpress' ); ?></label>
+    <label for="_bbp_include_root"><?php esc_html_e( 'Prefix all forum content with the Forum Root slug (Recommended)', 'bbpress' ); ?></label>
 
 <?php
@@ -882 +880 @@
 ?>
 
-    <p><?php _e( 'Customize your user profile slugs.', 'bbpress' ); ?></p>
+    <p><?php esc_html_e( 'Customize your user profile slugs.', 'bbpress' ); ?></p>
 
 <?php
@@ -982 +980 @@
 ?>
 
-    <p><?php printf( __( 'Custom slugs for single forums, topics, replies, tags, views, and search.', 'bbpress' ), get_admin_url( null, 'options-permalink.php' ) ); ?></p>
+    <p><?php printf( esc_html__( 'Custom slugs for single forums, topics, replies, tags, views, and search.', 'bbpress' ), get_admin_url( null, 'options-permalink.php' ) ); ?></p>
 
 <?php
@@ -1100 +1098 @@
 ?>
 
-    <p><?php _e( 'Forum settings for BuddyPress', 'bbpress' ); ?></p>
+    <p><?php esc_html_e( 'Forum settings for BuddyPress', 'bbpress' ); ?></p>
 
 <?php
@@ -1116 +1114 @@
 
     <input id="_bbp_enable_group_forums" name="_bbp_enable_group_forums" type="checkbox" id="_bbp_enable_group_forums" value="1" <?php checked( bbp_is_group_forums_active( true ) );  bbp_maybe_admin_setting_disabled( '_bbp_enable_group_forums' ); ?> />
-    <label for="_bbp_enable_group_forums"><?php _e( 'Allow BuddyPress Groups to have their own forums', 'bbpress' ); ?></label>
+    <label for="_bbp_enable_group_forums"><?php esc_html_e( 'Allow BuddyPress Groups to have their own forums', 'bbpress' ); ?></label>
 
 <?php
@@ -1141 +1139 @@
     ) ); ?>
 
-    <label for="_bbp_group_forums_root_id"><?php _e( 'is the parent for all group forums', 'bbpress' ); ?></label>
-    <p class="description"><?php _e( 'Using the Forum Root is not recommended. Changing this does not move existing forums.', 'bbpress' ); ?></p>
+    <label for="_bbp_group_forums_root_id"><?php esc_html_e( 'is the parent for all group forums', 'bbpress' ); ?></label>
+    <p class="description"><?php esc_html_e( 'Using the Forum Root is not recommended. Changing this does not move existing forums.', 'bbpress' ); ?></p>
 
 <?php
@@ -1157 +1155 @@
 ?>
 
-    <p><?php _e( 'Forum settings for Akismet', 'bbpress' ); ?></p>
+    <p><?php esc_html_e( 'Forum settings for Akismet', 'bbpress' ); ?></p>
 
 <?php
@@ -1174 +1172 @@
 
     <input id="_bbp_enable_akismet" name="_bbp_enable_akismet" type="checkbox" id="_bbp_enable_akismet" value="1" <?php checked( bbp_is_akismet_active( true ) );  bbp_maybe_admin_setting_disabled( '_bbp_enable_akismet' ); ?> />
-    <label for="_bbp_enable_akismet"><?php _e( 'Allow Akismet to actively prevent forum spam.', 'bbpress' ); ?></label>
+    <label for="_bbp_enable_akismet"><?php esc_html_e( 'Allow Akismet to actively prevent forum spam.', 'bbpress' ); ?></label>
 
 <?php
@@ -1197 +1195 @@
         <?php screen_icon(); ?>
 
-        <h2><?php _e( 'Forums Settings', 'bbpress' ) ?></h2>
+        <h2><?php esc_html_e( 'Forums Settings', 'bbpress' ) ?></h2>
 
         <form action="options.php" method="post">
@@ -1225 +1223 @@
 ?>
 
-    <p><?php _e( 'Information about your previous forums database so that they can be converted. <strong>Backup your database before proceeding.</strong>', 'bbpress' ); ?></p>
+    <p><?php esc_html_e( 'Information about your previous forums database so that they can be converted. <strong>Backup your database before proceeding.</strong>', 'bbpress' ); ?></p>
 
 <?php
@@ -1248 +1246 @@
         if ( ( stristr( $file, '.php' ) ) && ( stristr( $file, 'index' ) === false ) ) {
             $file              = preg_replace( '/.php/', '', $file );
-            $platform_options .= '<option value="' . $file . '">' . $file . '</option>';
+            $platform_options .= '<option value="' . $file . '">' . esc_html( $file ) . '</option>';
         }
     }
@@ -1255 +1253 @@
 
     <select name="_bbp_converter_platform" id="_bbp_converter_platform" /><?php echo $platform_options ?></select>
-    <label for="_bbp_converter_platform"><?php _e( 'is the previous forum software', 'bbpress' ); ?></label>
+    <label for="_bbp_converter_platform"><?php esc_html_e( 'is the previous forum software', 'bbpress' ); ?></label>
 
 <?php
@@ -1269 +1267 @@
 
     <input name="_bbp_converter_db_server" type="text" id="_bbp_converter_db_server" value="<?php bbp_form_option( '_bbp_converter_db_server', 'localhost' ); ?>" class="medium-text" />
-    <label for="_bbp_converter_db_server"><?php _e( 'IP or hostname', 'bbpress' ); ?></label>
+    <label for="_bbp_converter_db_server"><?php esc_html_e( 'IP or hostname', 'bbpress' ); ?></label>
 
 <?php
@@ -1283 +1281 @@
 
     <input name="_bbp_converter_db_port" type="text" id="_bbp_converter_db_port" value="<?php bbp_form_option( '_bbp_converter_db_port', '3306' ); ?>" class="small-text" />
-    <label for="_bbp_converter_db_port"><?php _e( 'Use default 3306 if unsure', 'bbpress' ); ?></label>
+    <label for="_bbp_converter_db_port"><?php esc_html_e( 'Use default 3306 if unsure', 'bbpress' ); ?></label>
 
 <?php
@@ -1297 +1295 @@
 
     <input name="_bbp_converter_db_user" type="text" id="_bbp_converter_db_user" value="<?php bbp_form_option( '_bbp_converter_db_user' ); ?>" class="medium-text" />
-    <label for="_bbp_converter_db_user"><?php _e( 'User for your database connection', 'bbpress' ); ?></label>
+    <label for="_bbp_converter_db_user"><?php esc_html_e( 'User for your database connection', 'bbpress' ); ?></label>
 
 <?php
@@ -1311 +1309 @@
 
     <input name="_bbp_converter_db_pass" type="password" id="_bbp_converter_db_pass" value="<?php bbp_form_option( '_bbp_converter_db_pass' ); ?>" class="medium-text" />
-    <label for="_bbp_converter_db_pass"><?php _e( 'Password to access the database', 'bbpress' ); ?></label>
+    <label for="_bbp_converter_db_pass"><?php esc_html_e( 'Password to access the database', 'bbpress' ); ?></label>
 
 <?php
@@ -1325 +1323 @@
 
     <input name="_bbp_converter_db_name" type="text" id="_bbp_converter_db_name" value="<?php bbp_form_option( '_bbp_converter_db_name' ); ?>" class="medium-text" />
-    <label for="_bbp_converter_db_name"><?php _e( 'Name of the database with your old forum data', 'bbpress' ); ?></label>
+    <label for="_bbp_converter_db_name"><?php esc_html_e( 'Name of the database with your old forum data', 'bbpress' ); ?></label>
 
 <?php
@@ -1338 +1336 @@
 ?>
 
-    <p><?php _e( 'Some optional parameters to help tune the conversion process.', 'bbpress' ); ?></p>
+    <p><?php esc_html_e( 'Some optional parameters to help tune the conversion process.', 'bbpress' ); ?></p>
 
 <?php
@@ -1352 +1350 @@
 
     <input name="_bbp_converter_db_prefix" type="text" id="_bbp_converter_db_prefix" value="<?php bbp_form_option( '_bbp_converter_db_prefix' ); ?>" class="medium-text" />
-    <label for="_bbp_converter_db_prefix"><?php _e( '(If converting from BuddyPress Forums, use "wp_bb_" or your custom prefix)', 'bbpress' ); ?></label>
+    <label for="_bbp_converter_db_prefix"><?php esc_html_e( '(If converting from BuddyPress Forums, use "wp_bb_" or your custom prefix)', 'bbpress' ); ?></label>
 
 <?php
@@ -1366 +1364 @@
 
     <input name="_bbp_converter_rows" type="text" id="_bbp_converter_rows" value="<?php bbp_form_option( '_bbp_converter_rows', '100' ); ?>" class="small-text" />
-    <label for="_bbp_converter_rows"><?php _e( 'rows to process at a time', 'bbpress' ); ?></label>
-    <p class="description"><?php _e( 'Keep this low if you experience out-of-memory issues.', 'bbpress' ); ?></p>
+    <label for="_bbp_converter_rows"><?php esc_html_e( 'rows to process at a time', 'bbpress' ); ?></label>
+    <p class="description"><?php esc_html_e( 'Keep this low if you experience out-of-memory issues.', 'bbpress' ); ?></p>
 
 <?php
@@ -1381 +1379 @@
 
     <input name="_bbp_converter_delay_time" type="text" id="_bbp_converter_delay_time" value="<?php bbp_form_option( '_bbp_converter_delay_time', '1' ); ?>" class="small-text" />
-    <label for="_bbp_converter_delay_time"><?php _e( 'second(s) delay between each group of rows', 'bbpress' ); ?></label>
-    <p class="description"><?php _e( 'Keep this high to prevent too-many-connection issues.', 'bbpress' ); ?></p>
+    <label for="_bbp_converter_delay_time"><?php esc_html_e( 'second(s) delay between each group of rows', 'bbpress' ); ?></label>
+    <p class="description"><?php esc_html_e( 'Keep this high to prevent too-many-connection issues.', 'bbpress' ); ?></p>
 
 <?php
@@ -1396 +1394 @@
 
     <input id="_bbp_converter_restart" name="_bbp_converter_restart" type="checkbox" id="_bbp_converter_restart" value="1" <?php checked( get_option( '_bbp_converter_restart', false ) ); ?> />
-    <label for="_bbp_converter_restart"><?php _e( 'Start a fresh conversion from the beginning', 'bbpress' ); ?></label>
-    <p class="description"><?php _e( 'You should clean old conversion information before starting over.', 'bbpress' ); ?></p>
+    <label for="_bbp_converter_restart"><?php esc_html_e( 'Start a fresh conversion from the beginning', 'bbpress' ); ?></label>
+    <p class="description"><?php esc_html_e( 'You should clean old conversion information before starting over.', 'bbpress' ); ?></p>
 
 <?php
@@ -1411 +1409 @@
 
     <input id="_bbp_converter_clean" name="_bbp_converter_clean" type="checkbox" id="_bbp_converter_clean" value="1" <?php checked( get_option( '_bbp_converter_clean', false ) ); ?> />
-    <label for="_bbp_converter_clean"><?php _e( 'Purge all information from a previously attempted import', 'bbpress' ); ?></label>
-    <p class="description"><?php _e( 'Use this if an import failed and you want to remove that incomplete data.', 'bbpress' ); ?></p>
+    <label for="_bbp_converter_clean"><?php esc_html_e( 'Purge all information from a previously attempted import', 'bbpress' ); ?></label>
+    <p class="description"><?php esc_html_e( 'Use this if an import failed and you want to remove that incomplete data.', 'bbpress' ); ?></p>
 
 <?php
@@ -1426 +1424 @@
 
     <input id="_bbp_converter_convert_users" name="_bbp_converter_convert_users" type="checkbox" id="_bbp_converter_convert_users" value="1" <?php checked( get_option( '_bbp_converter_convert_users', false ) ); ?> />
-    <label for="_bbp_converter_convert_users"><?php _e( 'Attempt to import user accounts from previous forums', 'bbpress' ); ?></label>
-    <p class="description"><?php _e( 'Non-bbPress passwords cannot be automatically converted. They will be converted as each user logs in.', 'bbpress' ); ?></p>
+    <label for="_bbp_converter_convert_users"><?php esc_html_e( 'Attempt to import user accounts from previous forums', 'bbpress' ); ?></label>
+    <p class="description"><?php esc_html_e( 'Non-bbPress passwords cannot be automatically converted. They will be converted as each user logs in.', 'bbpress' ); ?></p>
 
 <?php
@@ -1448 +1446 @@
         <?php screen_icon( 'tools' ); ?>
 
-        <h2 class="nav-tab-wrapper"><?php bbp_tools_admin_tabs( __( 'Import Forums', 'bbpress' ) ); ?></h2>
+        <h2 class="nav-tab-wrapper"><?php bbp_tools_admin_tabs( esc_html__( 'Import Forums', 'bbpress' ) ); ?></h2>
 
         <form action="#" method="post" id="bbp-converter-settings">
@@ -1694 +1692 @@
         if ( ( $slug != $key ) && ( $slug_check == $this_slug ) ) : ?>
 
-            <span class="attention"><?php printf( __( 'Possible %1$s conflict: <strong>%2$s</strong>', 'bbpress' ), $value['context'], $value['name'] ); ?></span>
+            <span class="attention"><?php printf( esc_html__( 'Possible %1$s conflict: %2$s', 'bbpress' ), $value['context'], '<strong>' . $value['name'] . '</strong>' ); ?></span>
 
         <?php endif;

trunk/includes/admin/tools.php

@@ -34 +34 @@
         <h2 class="nav-tab-wrapper"><?php bbp_tools_admin_tabs( __( 'Repair Forums', 'bbpress' ) ); ?></h2>
 
-        <p><?php _e( 'bbPress keeps track of relationships between forums, topics, replies, and topic tags, and users. Occasionally these relationships become out of sync, most often after an import or migration. Use the tools below to manually recalculate these relationships.', 'bbpress' ); ?></p>
-        <p class="description"><?php _e( 'Some of these tools create substantial database overhead. Avoid running more than 1 repair job at a time.', 'bbpress' ); ?></p>
+        <p><?php esc_html_e( 'bbPress keeps track of relationships between forums, topics, replies, and topic tags, and users. Occasionally these relationships become out of sync, most often after an import or migration. Use the tools below to manually recalculate these relationships.', 'bbpress' ); ?></p>
+        <p class="description"><?php esc_html_e( 'Some of these tools create substantial database overhead. Avoid running more than 1 repair job at a time.', 'bbpress' ); ?></p>
 
         <form class="settings" method="post" action="">
@@ -41 +41 @@
                 <tbody>
                     <tr valign="top">
-                        <th scope="row"><?php _e( 'Relationships to Repair:', 'bbpress' ) ?></th>
+                        <th scope="row"><?php esc_html_e( 'Relationships to Repair:', 'bbpress' ) ?></th>
                         <td>
                             <fieldset>
-                                <legend class="screen-reader-text"><span><?php _e( 'Repair', 'bbpress' ) ?></span></legend>
+                                <legend class="screen-reader-text"><span><?php esc_html_e( 'Repair', 'bbpress' ) ?></span></legend>
 
                                 <?php foreach ( bbp_admin_repair_list() as $item ) : ?>
@@ -1095 +1095 @@
 
         <h2 class="nav-tab-wrapper"><?php bbp_tools_admin_tabs( __( 'Reset Forums', 'bbpress' ) ); ?></h2>
-        <p><?php _e( 'This will revert your forums back to a brand new installation. This process cannot be undone. <strong>Backup your database before proceeding</strong>.', 'bbpress' ); ?></p>
+        <p><?php esc_html_e( 'This will revert your forums back to a brand new installation. This process cannot be undone. <strong>Backup your database before proceeding</strong>.', 'bbpress' ); ?></p>
 
         <form class="settings" method="post" action="">
@@ -1101 +1101 @@
                 <tbody>
                     <tr valign="top">
-                        <th scope="row"><?php _e( 'The following data will be removed:', 'bbpress' ) ?></th>
+                        <th scope="row"><?php esc_html_e( 'The following data will be removed:', 'bbpress' ) ?></th>
                         <td>
-                            <?php _e( 'All Forums',           'bbpress' ); ?><br />
-                            <?php _e( 'All Topics',           'bbpress' ); ?><br />
-                            <?php _e( 'All Replies',          'bbpress' ); ?><br />
-                            <?php _e( 'All Topic Tags',       'bbpress' ); ?><br />
-                            <?php _e( 'Related Meta Data',    'bbpress' ); ?><br />
-                            <?php _e( 'Forum Settings',       'bbpress' ); ?><br />
-                            <?php _e( 'Forum Activity',       'bbpress' ); ?><br />
-                            <?php _e( 'Forum User Roles',     'bbpress' ); ?><br />
-                            <?php _e( 'Importer Helper Data', 'bbpress' ); ?><br />
+                            <?php esc_html_e( 'All Forums',           'bbpress' ); ?><br />
+                            <?php esc_html_e( 'All Topics',           'bbpress' ); ?><br />
+                            <?php esc_html_e( 'All Replies',          'bbpress' ); ?><br />
+                            <?php esc_html_e( 'All Topic Tags',       'bbpress' ); ?><br />
+                            <?php esc_html_e( 'Related Meta Data',    'bbpress' ); ?><br />
+                            <?php esc_html_e( 'Forum Settings',       'bbpress' ); ?><br />
+                            <?php esc_html_e( 'Forum Activity',       'bbpress' ); ?><br />
+                            <?php esc_html_e( 'Forum User Roles',     'bbpress' ); ?><br />
+                            <?php esc_html_e( 'Importer Helper Data', 'bbpress' ); ?><br />
                         </td>
                     </tr>
                     <tr valign="top">
-                        <th scope="row"><?php _e( 'Are you sure you want to do this?', 'bbpress' ) ?></th>
+                        <th scope="row"><?php esc_html_e( 'Are you sure you want to do this?', 'bbpress' ) ?></th>
                         <td>
                             <fieldset>
-                                <legend class="screen-reader-text"><span><?php _e( "Say it ain't so!", 'bbpress' ) ?></span></legend>
-                                <label><input type="checkbox" class="checkbox" name="bbpress-are-you-sure" id="bbpress-are-you-sure" value="1" /> <?php _e( 'This process cannot be undone.', 'bbpress' ); ?></label>
+                                <legend class="screen-reader-text"><span><?php esc_html_e( "Say it ain't so!", 'bbpress' ) ?></span></legend>
+                                <label><input type="checkbox" class="checkbox" name="bbpress-are-you-sure" id="bbpress-are-you-sure" value="1" /> <?php esc_html_e( 'This process cannot be undone.', 'bbpress' ); ?></label>
                             </fieldset>
                         </td>

trunk/includes/admin/topics.php

@@ -569 +569 @@
                 return;
 
-            $topic_title = esc_html( bbp_get_topic_title( $topic->ID ) );
+            $topic_title = bbp_get_topic_title( $topic->ID );
 
             switch ( $notice ) {
@@ -607 +607 @@
 
             <div id="message" class="<?php echo $is_failure == true ? 'error' : 'updated'; ?> fade">
-                <p style="line-height: 150%"><?php echo $message; ?></p>
+                <p style="line-height: 150%"><?php echo esc_html( $message ); ?></p>
             </div>
 
@@ -686 +686 @@
                     $forum_title = bbp_get_forum_title( $forum_id );
                     if ( empty( $forum_title ) ) {
-                        $forum_title = __( 'No Forum', 'bbpress' );
+                        $forum_title = esc_html__( 'No Forum', 'bbpress' );
                     }
 
@@ -693 +693 @@
 
                 } else {
-                    _e( '(No Forum)', 'bbpress' );
+                    esc_html_e( '(No Forum)', 'bbpress' );
                 }
 
@@ -715 +715 @@
             // Freshness
             case 'bbp_topic_created':
-                printf( __( '%1$s <br /> %2$s', 'bbpress' ),
+                printf( '%1$s <br /> %2$s',
                     get_the_date(),
                     esc_attr( get_the_time() )
@@ -726 +726 @@
                 $last_active = bbp_get_topic_last_active_time( $topic_id, false );
                 if ( !empty( $last_active ) ) {
-                    echo $last_active;
+                    echo esc_html( $last_active );
                 } else {
-                    _e( 'No Replies', 'bbpress' ); // This should never happen
+                    esc_html_e( 'No Replies', 'bbpress' ); // This should never happen
                 }
 
@@ -775 +775 @@
         // Show view link if it's not set, the topic is trashed and the user can view trashed topics
         if ( empty( $actions['view'] ) && ( bbp_get_trash_status_id() == $topic->post_status ) && current_user_can( 'view_trash' ) )
-            $actions['view'] = '<a href="' . bbp_get_topic_permalink( $topic->ID ) . '" title="' . esc_attr( sprintf( __( 'View &#8220;%s&#8221;', 'bbpress' ), bbp_get_topic_title( $topic->ID ) ) ) . '" rel="permalink">' . __( 'View', 'bbpress' ) . '</a>';
+            $actions['view'] = '<a href="' . bbp_get_topic_permalink( $topic->ID ) . '" title="' . esc_attr( sprintf( __( 'View &#8220;%s&#8221;', 'bbpress' ), bbp_get_topic_title( $topic->ID ) ) ) . '" rel="permalink">' . esc_html__( 'View', 'bbpress' ) . '</a>';
 
         // Only show the actions if the user is capable of viewing them :)
@@ -783 +783 @@
             // Show the 'close' and 'open' link on published and closed posts only
             if ( in_array( $topic->post_status, array( bbp_get_public_status_id(), bbp_get_closed_status_id() ) ) ) {
-                $close_uri = esc_url( wp_nonce_url( add_query_arg( array( 'topic_id' => $topic->ID, 'action' => 'bbp_toggle_topic_close' ), remove_query_arg( array( 'bbp_topic_toggle_notice', 'topic_id', 'failed', 'super' ) ) ), 'close-topic_' . $topic->ID ) );
+                $close_uri = wp_nonce_url( add_query_arg( array( 'topic_id' => $topic->ID, 'action' => 'bbp_toggle_topic_close' ), remove_query_arg( array( 'bbp_topic_toggle_notice', 'topic_id', 'failed', 'super' ) ) ), 'close-topic_' . $topic->ID );
                 if ( bbp_is_topic_open( $topic->ID ) )
-                    $actions['closed'] = '<a href="' . $close_uri . '" title="' . esc_attr__( 'Close this topic', 'bbpress' ) . '">' . _x( 'Close', 'Close a Topic', 'bbpress' ) . '</a>';
+                    $actions['closed'] = '<a href="' . esc_url( $close_uri ) . '" title="' . esc_attr__( 'Close this topic', 'bbpress' ) . '">' . _x( 'Close', 'Close a Topic', 'bbpress' ) . '</a>';
                 else
-                    $actions['closed'] = '<a href="' . $close_uri . '" title="' . esc_attr__( 'Open this topic',  'bbpress' ) . '">' . _x( 'Open',  'Open a Topic',  'bbpress' ) . '</a>';
+                    $actions['closed'] = '<a href="' . esc_url( $close_uri ) . '" title="' . esc_attr__( 'Open this topic',  'bbpress' ) . '">' . _x( 'Open',  'Open a Topic',  'bbpress' ) . '</a>';
             }
 
@@ -794 +794 @@
 
                 // Sticky
-                $stick_uri  = esc_url( wp_nonce_url( add_query_arg( array( 'topic_id' => $topic->ID, 'action' => 'bbp_toggle_topic_stick' ), remove_query_arg( array( 'bbp_topic_toggle_notice', 'topic_id', 'failed', 'super' ) ) ), 'stick-topic_'  . $topic->ID ) );
+                $stick_uri  = wp_nonce_url( add_query_arg( array( 'topic_id' => $topic->ID, 'action' => 'bbp_toggle_topic_stick' ), remove_query_arg( array( 'bbp_topic_toggle_notice', 'topic_id', 'failed', 'super' ) ) ), 'stick-topic_'  . $topic->ID );
                 if ( bbp_is_topic_sticky( $topic->ID ) ) {
-                    $actions['stick'] = '<a href="' . $stick_uri . '" title="' . esc_attr__( 'Unstick this topic', 'bbpress' ) . '">' . __( 'Unstick', 'bbpress' ) . '</a>';
+                    $actions['stick'] = '<a href="' . esc_url( $stick_uri ) . '" title="' . esc_attr__( 'Unstick this topic', 'bbpress' ) . '">' . esc_html__( 'Unstick', 'bbpress' ) . '</a>';
                 } else {
                     $super_uri        = esc_url( wp_nonce_url( add_query_arg( array( 'topic_id' => $topic->ID, 'action' => 'bbp_toggle_topic_stick', 'super' => '1' ), remove_query_arg( array( 'bbp_topic_toggle_notice', 'topic_id', 'failed', 'super' ) ) ), 'stick-topic_'  . $topic->ID ) );
-                    $actions['stick'] = '<a href="' . $stick_uri . '" title="' . esc_attr__( 'Stick this topic to its forum', 'bbpress' ) . '">' . __( 'Stick', 'bbpress' ) . '</a> (<a href="' . $super_uri . '" title="' . esc_attr__( 'Stick this topic to front', 'bbpress' ) . '">' . __( 'to front', 'bbpress' ) . '</a>)';
+                    $actions['stick'] = '<a href="' . esc_url( $stick_uri ) . '" title="' . esc_attr__( 'Stick this topic to its forum', 'bbpress' ) . '">' . esc_html__( 'Stick', 'bbpress' ) . '</a> (<a href="' . $super_uri . '" title="' . esc_attr__( 'Stick this topic to front', 'bbpress' ) . '">' . esc_html__( 'to front', 'bbpress' ) . '</a>)';
                 }
             }
 
             // Spam
-            $spam_uri  = esc_url( wp_nonce_url( add_query_arg( array( 'topic_id' => $topic->ID, 'action' => 'bbp_toggle_topic_spam' ), remove_query_arg( array( 'bbp_topic_toggle_notice', 'topic_id', 'failed', 'super' ) ) ), 'spam-topic_'  . $topic->ID ) );
+            $spam_uri  = wp_nonce_url( add_query_arg( array( 'topic_id' => $topic->ID, 'action' => 'bbp_toggle_topic_spam' ), remove_query_arg( array( 'bbp_topic_toggle_notice', 'topic_id', 'failed', 'super' ) ) ), 'spam-topic_'  . $topic->ID );
             if ( bbp_is_topic_spam( $topic->ID ) )
-                $actions['spam'] = '<a href="' . $spam_uri . '" title="' . esc_attr__( 'Mark the topic as not spam', 'bbpress' ) . '">' . __( 'Not spam', 'bbpress' ) . '</a>';
+                $actions['spam'] = '<a href="' . esc_url( $spam_uri ) . '" title="' . esc_attr__( 'Mark the topic as not spam', 'bbpress' ) . '">' . esc_html__( 'Not spam', 'bbpress' ) . '</a>';
             else
-                $actions['spam'] = '<a href="' . $spam_uri . '" title="' . esc_attr__( 'Mark this topic as spam',    'bbpress' ) . '">' . __( 'Spam',     'bbpress' ) . '</a>';
+                $actions['spam'] = '<a href="' . esc_url( $spam_uri ) . '" title="' . esc_attr__( 'Mark this topic as spam',    'bbpress' ) . '">' . esc_html__( 'Spam',     'bbpress' ) . '</a>';
 
         }
@@ -816 +816 @@
             if ( bbp_get_trash_status_id() == $topic->post_status ) {
                 $post_type_object   = get_post_type_object( bbp_get_topic_post_type() );
-                $actions['untrash'] = "<a title='" . esc_attr__( 'Restore this item from the Trash', 'bbpress' ) . "' href='" . wp_nonce_url( add_query_arg( array( '_wp_http_referer' => add_query_arg( array( 'post_type' => bbp_get_topic_post_type() ), admin_url( 'edit.php' ) ) ), admin_url( sprintf( $post_type_object->_edit_link . '&amp;action=untrash', $topic->ID ) ) ), 'untrash-' . $topic->post_type . '_' . $topic->ID ) . "'>" . __( 'Restore', 'bbpress' ) . "</a>";
+                $actions['untrash'] = "<a title='" . esc_attr__( 'Restore this item from the Trash', 'bbpress' ) . "' href='" . wp_nonce_url( add_query_arg( array( '_wp_http_referer' => add_query_arg( array( 'post_type' => bbp_get_topic_post_type() ), admin_url( 'edit.php' ) ) ), admin_url( sprintf( $post_type_object->_edit_link . '&amp;action=untrash', $topic->ID ) ) ), 'untrash-' . $topic->post_type . '_' . $topic->ID ) . "'>" . esc_html__( 'Restore', 'bbpress' ) . "</a>";
             } elseif ( EMPTY_TRASH_DAYS ) {
-                $actions['trash'] = "<a class='submitdelete' title='" . esc_attr__( 'Move this item to the Trash', 'bbpress' ) . "' href='" . add_query_arg( array( '_wp_http_referer' => add_query_arg( array( 'post_type' => bbp_get_topic_post_type() ), admin_url( 'edit.php' ) ) ), get_delete_post_link( $topic->ID ) ) . "'>" . __( 'Trash', 'bbpress' ) . "</a>";
+                $actions['trash'] = "<a class='submitdelete' title='" . esc_attr__( 'Move this item to the Trash', 'bbpress' ) . "' href='" . add_query_arg( array( '_wp_http_referer' => add_query_arg( array( 'post_type' => bbp_get_topic_post_type() ), admin_url( 'edit.php' ) ) ), get_delete_post_link( $topic->ID ) ) . "'>" . esc_html__( 'Trash', 'bbpress' ) . "</a>";
             }
 
             if ( bbp_get_trash_status_id() == $topic->post_status || !EMPTY_TRASH_DAYS ) {
-                $actions['delete'] = "<a class='submitdelete' title='" . esc_attr__( 'Delete this item permanently', 'bbpress' ) . "' href='" . add_query_arg( array( '_wp_http_referer' => add_query_arg( array( 'post_type' => bbp_get_topic_post_type() ), admin_url( 'edit.php' ) ) ), get_delete_post_link( $topic->ID, '', true ) ) . "'>" . __( 'Delete Permanently', 'bbpress' ) . "</a>";
+                $actions['delete'] = "<a class='submitdelete' title='" . esc_attr__( 'Delete this item permanently', 'bbpress' ) . "' href='" . add_query_arg( array( '_wp_http_referer' => add_query_arg( array( 'post_type' => bbp_get_topic_post_type() ), admin_url( 'edit.php' ) ) ), get_delete_post_link( $topic->ID, '', true ) ) . "'>" . esc_html__( 'Delete Permanently', 'bbpress' ) . "</a>";
             } elseif ( bbp_get_spam_status_id() == $topic->post_status ) {
                 unset( $actions['trash'] );

trunk/includes/admin/users.php

@@ -80 +80 @@
             unset( $dynamic_roles[ bbp_get_keymaster_role() ] ); ?>
 
-        <h3><?php _e( 'Forums', 'bbpress' ); ?></h3>
+        <h3><?php esc_html_e( 'Forums', 'bbpress' ); ?></h3>
 
         <table class="form-table">
             <tbody>
                 <tr>
-                    <th><label for="bbp-forums-role"><?php _e( 'Forum Role', 'bbpress' ); ?></label></th>
+                    <th><label for="bbp-forums-role"><?php esc_html_e( 'Forum Role', 'bbpress' ); ?></label></th>
                     <td>
 
@@ -94 +94 @@
                             <?php if ( ! empty( $user_role ) ) : ?>
 
-                                <option value=""><?php _e( '&mdash; No role for these forums &mdash;', 'bbpress' ); ?></option>
+                                <option value=""><?php esc_html_e( '&mdash; No role for these forums &mdash;', 'bbpress' ); ?></option>
 
                             <?php else : ?>
 
-                                <option value="" selected="selected"><?php _e( '&mdash; No role for these forums &mdash;', 'bbpress' ); ?></option>
+                                <option value="" selected="selected"><?php esc_html_e( '&mdash; No role for these forums &mdash;', 'bbpress' ); ?></option>
 
                             <?php endif; ?>
@@ -136 +136 @@
             unset( $dynamic_roles[ bbp_get_keymaster_role() ] ); ?>
 
-        <label class="screen-reader-text" for="bbp-new-role"><?php _e( 'Change forum role to&hellip;', 'bbpress' ) ?></label>
+        <label class="screen-reader-text" for="bbp-new-role"><?php esc_html_e( 'Change forum role to&hellip;', 'bbpress' ) ?></label>
         <select name="bbp-new-role" id="bbp-new-role" style="display:inline-block; float:none;">
-            <option value=''><?php _e( 'Change forum role to&hellip;', 'bbpress' ) ?></option>
+            <option value=''><?php esc_html_e( 'Change forum role to&hellip;', 'bbpress' ) ?></option>
             <?php foreach ( $dynamic_roles as $role => $details ) : ?>
                 <option value="<?php echo esc_attr( $role ); ?>"><?php echo translate_user_role( $details['name'] ); ?></option>