Changeset 4977

Timestamp:

05/30/2013 10:52:32 PM (13 years ago)

Author:

johnjamesjacoby

Message:

Remove esc_attr() from bbp_get_displayed_user_field(), and practice late escaping where appropriate instead. See #4959.

Location:

trunk

Files:

• includes/users/template-tags.php (modified) (1 diff)
• templates/default/bbpress/user-details.php (modified) (7 diffs)

trunk/includes/users/template-tags.php

@@ -135 +135 @@
         // Return field if exists
         if ( isset( $bbp->displayed_user->$field ) )
-            $value = esc_attr( sanitize_text_field( $bbp->displayed_user->$field ) );
+            $value = sanitize_text_field( $bbp->displayed_user->$field );
 
         // Return empty

trunk/templates/default/bbpress/user-details.php

@@ -16 +16 @@
 
             <span class='vcard'>
-                <a class="url fn n" href="<?php bbp_user_profile_url(); ?>" title="<?php bbp_displayed_user_field( 'display_name' ); ?>" rel="me">
+                <a class="url fn n" href="<?php bbp_user_profile_url(); ?>" title="<?php echo esc_attr( bbp_get_displayed_user_field( 'display_name' ) ); ?>" rel="me">
                     <?php echo get_avatar( bbp_get_displayed_user_field( 'user_email' ), apply_filters( 'bbp_single_user_details_avatar_size', 150 ) ); ?>
                 </a>
@@ -27 +27 @@
                 <li class="<?php if ( bbp_is_single_user_profile() ) :?>current<?php endif; ?>">
                     <span class="vcard bbp-user-profile-link">
-                        <a class="url fn n" href="<?php bbp_user_profile_url(); ?>" title="<?php printf( esc_attr__( "%s's Profile", 'bbpress' ), bbp_get_displayed_user_field( 'display_name' ) ); ?>" rel="me"><?php _e( 'Profile', 'bbpress' ); ?></a>
+                        <a class="url fn n" href="<?php bbp_user_profile_url(); ?>" title="<?php printf( esc_attr__( "%s's Profile", 'bbpress' ), esc_attr( bbp_get_displayed_user_field( 'display_name' ) ) ); ?>" rel="me"><?php _e( 'Profile', 'bbpress' ); ?></a>
                     </span>
                 </li>
@@ -33 +33 @@
                 <li class="<?php if ( bbp_is_single_user_topics() ) :?>current<?php endif; ?>">
                     <span class='bbp-user-topics-created-link'>
-                        <a href="<?php bbp_user_topics_created_url(); ?>" title="<?php printf( esc_attr__( "%s's Topics Started", 'bbpress' ), bbp_get_displayed_user_field( 'display_name' ) ); ?>"><?php _e( 'Topics Started', 'bbpress' ); ?></a>
+                        <a href="<?php bbp_user_topics_created_url(); ?>" title="<?php printf( esc_attr__( "%s's Topics Started", 'bbpress' ), esc_attr( bbp_get_displayed_user_field( 'display_name' ) ) ); ?>"><?php _e( 'Topics Started', 'bbpress' ); ?></a>
                     </span>
                 </li>
@@ -39 +39 @@
                 <li class="<?php if ( bbp_is_single_user_replies() ) :?>current<?php endif; ?>">
                     <span class='bbp-user-replies-created-link'>
-                        <a href="<?php bbp_user_replies_created_url(); ?>" title="<?php printf( esc_attr__( "%s's Replies Created", 'bbpress' ), bbp_get_displayed_user_field( 'display_name' ) ); ?>"><?php _e( 'Replies Created', 'bbpress' ); ?></a>
+                        <a href="<?php bbp_user_replies_created_url(); ?>" title="<?php printf( esc_attr__( "%s's Replies Created", 'bbpress' ), esc_attr( bbp_get_displayed_user_field( 'display_name' ) ) ); ?>"><?php _e( 'Replies Created', 'bbpress' ); ?></a>
                     </span>
                 </li>
@@ -46 +46 @@
                     <li class="<?php if ( bbp_is_favorites() ) :?>current<?php endif; ?>">
                         <span class="bbp-user-favorites-link">
-                            <a href="<?php bbp_favorites_permalink(); ?>" title="<?php printf( esc_attr__( "%s's Favorites", 'bbpress' ), bbp_get_displayed_user_field( 'display_name' ) ); ?>"><?php _e( 'Favorites', 'bbpress' ); ?></a>
+                            <a href="<?php bbp_favorites_permalink(); ?>" title="<?php printf( esc_attr__( "%s's Favorites", 'bbpress' ), esc_attr( bbp_get_displayed_user_field( 'display_name' ) ) ); ?>"><?php _e( 'Favorites', 'bbpress' ); ?></a>
                         </span>
                     </li>
@@ -56 +56 @@
                         <li class="<?php if ( bbp_is_subscriptions() ) :?>current<?php endif; ?>">
                             <span class="bbp-user-subscriptions-link">
-                                <a href="<?php bbp_subscriptions_permalink(); ?>" title="<?php printf( esc_attr__( "%s's Subscriptions", 'bbpress' ), bbp_get_displayed_user_field( 'display_name' ) ); ?>"><?php _e( 'Subscriptions', 'bbpress' ); ?></a>
+                                <a href="<?php bbp_subscriptions_permalink(); ?>" title="<?php printf( esc_attr__( "%s's Subscriptions", 'bbpress' ), esc_attr( bbp_get_displayed_user_field( 'display_name' ) ) ); ?>"><?php _e( 'Subscriptions', 'bbpress' ); ?></a>
                             </span>
                         </li>
@@ -63 +63 @@
                     <li class="<?php if ( bbp_is_single_user_edit() ) :?>current<?php endif; ?>">
                         <span class="bbp-user-edit-link">
-                            <a href="<?php bbp_user_profile_edit_url(); ?>" title="<?php printf( esc_attr__( 'Edit Profile of User %s', 'bbpress' ), bbp_get_displayed_user_field( 'display_name' ) ); ?>"><?php _e( 'Edit', 'bbpress' ); ?></a>
+                            <a href="<?php bbp_user_profile_edit_url(); ?>" title="<?php printf( esc_attr__( 'Edit Profile of User %s', 'bbpress' ), esc_attr( bbp_get_displayed_user_field( 'display_name' ) ) ); ?>"><?php _e( 'Edit', 'bbpress' ); ?></a>
                         </span>
                     </li>