Skip to:
Content

bbPress.org

Changeset 5037


Ignore:
Timestamp:
07/17/2013 07:35:03 PM (12 years ago)
Author:
johnjamesjacoby
Message:

For all template functions that output URL's, always echo an escaped value using esc_url(). See #2367.

Location:
trunk/includes
Files:
7 edited

Legend:

Unmodified
Added
Removed
  • trunk/includes/common/ajax.php

    r4951 r5037  
    2222 */
    2323function bbp_ajax_url() {
    24     echo bbp_get_ajax_url();
     24    echo esc_url( bbp_get_ajax_url() );
    2525}
    2626    /**
  • trunk/includes/common/template-tags.php

    r5018 r5037  
    2525 */
    2626function bbp_forums_url( $path = '/' ) {
    27     echo bbp_get_forums_url( $path );
     27    echo esc_url( bbp_get_forums_url( $path ) );
    2828}
    2929    /**
     
    4949 */
    5050function bbp_topics_url( $path = '/' ) {
    51     echo bbp_get_topics_url( $path );
     51    echo esc_url( bbp_get_topics_url( $path ) );
    5252}
    5353    /**
     
    19451945 */
    19461946function bbp_view_url( $view = false ) {
    1947     echo bbp_get_view_url( $view );
     1947    echo esc_url( bbp_get_view_url( $view ) );
    19481948}
    19491949    /**
  • trunk/includes/forums/template-tags.php

    r5002 r5037  
    231231 */
    232232function bbp_forum_permalink( $forum_id = 0 ) {
    233     echo bbp_get_forum_permalink( $forum_id );
     233    echo esc_url( bbp_get_forum_permalink( $forum_id ) );
    234234}
    235235    /**
     
    807807 */
    808808function bbp_forum_last_topic_permalink( $forum_id = 0 ) {
    809     echo bbp_get_forum_last_topic_permalink( $forum_id );
     809    echo esc_url( bbp_get_forum_last_topic_permalink( $forum_id ) );
    810810}
    811811    /**
     
    949949 */
    950950function bbp_forum_last_reply_permalink( $forum_id = 0 ) {
    951     echo bbp_get_forum_last_reply_permalink( $forum_id );
     951    echo esc_url( bbp_get_forum_last_reply_permalink( $forum_id ) );
    952952}
    953953    /**
     
    978978 */
    979979function bbp_forum_last_reply_url( $forum_id = 0 ) {
    980     echo bbp_get_forum_last_reply_url( $forum_id );
     980    echo esc_url( bbp_get_forum_last_reply_url( $forum_id ) );
    981981}
    982982    /**
  • trunk/includes/replies/template-tags.php

    r4995 r5037  
    367367 */
    368368function bbp_reply_permalink( $reply_id = 0 ) {
    369     echo bbp_get_reply_permalink( $reply_id );
     369    echo esc_url( bbp_get_reply_permalink( $reply_id ) );
    370370}
    371371    /**
     
    395395 */
    396396function bbp_reply_url( $reply_id = 0 ) {
    397     echo bbp_get_reply_url( $reply_id );
     397    echo esc_url( bbp_get_reply_url( $reply_id ) );
    398398}
    399399    /**
     
    11811181 */
    11821182function bbp_reply_author_url( $reply_id = 0 ) {
    1183     echo bbp_get_reply_author_url( $reply_id );
     1183    echo esc_url( bbp_get_reply_author_url( $reply_id ) );
    11841184}
    11851185    /**
     
    18521852 */
    18531853function bbp_reply_edit_url( $reply_id = 0 ) {
    1854     echo bbp_get_reply_edit_url( $reply_id );
     1854    echo esc_url( bbp_get_reply_edit_url( $reply_id ) );
    18551855}
    18561856    /**
  • trunk/includes/search/template-tags.php

    r4952 r5037  
    247247 */
    248248function bbp_search_url() {
    249     echo bbp_get_search_url();
     249    echo esc_url( bbp_get_search_url() );
    250250}
    251251    /**
     
    285285 */
    286286function bbp_search_results_url() {
    287     echo bbp_get_search_results_url();
     287    echo esc_url( bbp_get_search_results_url() );
    288288}
    289289    /**
  • trunk/includes/topics/template-tags.php

    r5004 r5037  
    513513 */
    514514function bbp_topic_permalink( $topic_id = 0, $redirect_to = '' ) {
    515     echo bbp_get_topic_permalink( $topic_id, $redirect_to );
     515    echo esc_url( bbp_get_topic_permalink( $topic_id, $redirect_to ) );
    516516}
    517517    /**
     
    14771477 */
    14781478function bbp_topic_author_url( $topic_id = 0 ) {
    1479     echo bbp_get_topic_author_url( $topic_id );
     1479    echo esc_url( bbp_get_topic_author_url( $topic_id ) );
    14801480}
    14811481
     
    18151815 */
    18161816function bbp_topic_last_reply_permalink( $topic_id = 0 ) {
    1817     echo bbp_get_topic_last_reply_permalink( $topic_id );
     1817    echo esc_url( bbp_get_topic_last_reply_permalink( $topic_id ) );
    18181818}
    18191819    /**
     
    18441844 */
    18451845function bbp_topic_last_reply_url( $topic_id = 0 ) {
    1846     echo bbp_get_topic_last_reply_url( $topic_id );
     1846    echo esc_url( bbp_get_topic_last_reply_url( $topic_id ) );
    18471847}
    18481848    /**
     
    19071907
    19081908        if ( !empty( $time_since ) )
    1909             $anchor = '<a href="' . $link_url . '" title="' . esc_attr( $title ) . '">' . $time_since . '</a>';
     1909            $anchor = '<a href="' . esc_url( $link_url ) . '" title="' . esc_attr( $title ) . '">' . esc_html( $time_since ) . '</a>';
    19101910        else
    19111911            $anchor = __( 'No Replies', 'bbpress' );
     
    23592359            return;
    23602360
    2361         $retval = $r['link_before'] . '<a href="' . $uri . '">' . $r['edit_text'] . '</a>' . $r['link_after'];
     2361        $retval = $r['link_before'] . '<a href="' . esc_url( $uri ) . '">' . $r['edit_text'] . '</a>' . $r['link_after'];
    23622362
    23632363        return apply_filters( 'bbp_get_topic_edit_link', $retval, $r );
     
    23732373 */
    23742374function bbp_topic_edit_url( $topic_id = 0 ) {
    2375     echo bbp_get_topic_edit_url( $topic_id );
     2375    echo esc_url( bbp_get_topic_edit_url( $topic_id ) );
    23762376}
    23772377    /**
     
    32433243 */
    32443244function bbp_topic_tag_link( $tag = '' ) {
    3245     echo bbp_get_topic_tag_link( $tag );
     3245    echo esc_url( bbp_get_topic_tag_link( $tag ) );
    32463246}
    32473247    /**
     
    32873287 */
    32883288function bbp_topic_tag_edit_link( $tag = '' ) {
    3289     echo bbp_get_topic_tag_edit_link( $tag );
     3289    echo esc_url( bbp_get_topic_tag_edit_link( $tag ) );
    32903290}
    32913291    /**
  • trunk/includes/users/template-tags.php

    r4995 r5037  
    256256
    257257        $user      = get_userdata( $user_id );
    258         $name      = esc_attr( $user->display_name );
    259         $user_link = '<a href="' . bbp_get_user_profile_url( $user_id ) . '">' . $name . '</a>';
     258        $user_link = '<a href="' . esc_url( bbp_get_user_profile_url( $user_id ) ) . '">' . esc_html( $user->display_name ) . '</a>';
    260259
    261260        return apply_filters( 'bbp_get_user_profile_link', $user_link, $user_id );
     
    324323 */
    325324function bbp_user_profile_url( $user_id = 0, $user_nicename = '' ) {
    326     echo bbp_get_user_profile_url( $user_id, $user_nicename );
     325    echo esc_url( bbp_get_user_profile_url( $user_id, $user_nicename ) );
    327326}
    328327    /**
     
    407406
    408407        $user      = get_userdata( $user_id );
    409         $name      = $user->display_name;
    410         $edit_link = '<a href="' . bbp_get_user_profile_url( $user_id ) . '">' . $name . '</a>';
     408        $edit_link = '<a href="' . esc_url( bbp_get_user_profile_url( $user_id ) ) . '">' . esc_html( $user->display_name ) . '</a>';
    411409        return apply_filters( 'bbp_get_user_profile_edit_link', $edit_link, $user_id );
    412410    }
     
    422420 */
    423421function bbp_user_profile_edit_url( $user_id = 0, $user_nicename = '' ) {
    424     echo bbp_get_user_profile_edit_url( $user_id, $user_nicename );
     422    echo esc_url( bbp_get_user_profile_edit_url( $user_id, $user_nicename ) );
    425423}
    426424    /**
     
    563561        ), 'get_admin_link' );
    564562
    565         $retval = $r['before'] . '<a href="' . admin_url() . '">' . $r['text'] . '</a>' . $r['after'];
     563        $retval = $r['before'] . '<a href="' . esc_url( admin_url() ) . '">' . $r['text'] . '</a>' . $r['after'];
    566564
    567565        return apply_filters( 'bbp_get_admin_link', $retval, $r );
     
    626624 */
    627625function bbp_favorites_permalink( $user_id = 0 ) {
    628     echo bbp_get_favorites_permalink( $user_id );
     626    echo esc_url( bbp_get_favorites_permalink( $user_id ) );
    629627}
    630628    /**
     
    788786 */
    789787function bbp_subscriptions_permalink( $user_id = 0 ) {
    790     echo bbp_get_subscriptions_permalink( $user_id );
     788    echo esc_url( bbp_get_subscriptions_permalink( $user_id ) );
    791789}
    792790    /**
     
    11161114 */
    11171115function bbp_user_topics_created_url( $user_id = 0 ) {
    1118     echo bbp_get_user_topics_created_url( $user_id );
     1116    echo esc_url( bbp_get_user_topics_created_url( $user_id ) );
    11191117}
    11201118    /**
     
    11761174 */
    11771175function bbp_user_replies_created_url( $user_id = 0 ) {
    1178     echo bbp_get_user_replies_created_url( $user_id );
     1176    echo esc_url( bbp_get_user_replies_created_url( $user_id ) );
    11791177}
    11801178    /**
Note: See TracChangeset for help on using the changeset viewer.