Skip to:
Content

bbPress.org


Ignore:
Timestamp:
07/17/2013 07:35:03 PM (13 years ago)
Author:
johnjamesjacoby
Message:

For all template functions that output URL's, always echo an escaped value using esc_url(). See #2367.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/includes/topics/template-tags.php

    r5004 r5037  
    513513 */
    514514function bbp_topic_permalink( $topic_id = 0, $redirect_to = '' ) {
    515     echo bbp_get_topic_permalink( $topic_id, $redirect_to );
     515    echo esc_url( bbp_get_topic_permalink( $topic_id, $redirect_to ) );
    516516}
    517517    /**
     
    14771477 */
    14781478function bbp_topic_author_url( $topic_id = 0 ) {
    1479     echo bbp_get_topic_author_url( $topic_id );
     1479    echo esc_url( bbp_get_topic_author_url( $topic_id ) );
    14801480}
    14811481
     
    18151815 */
    18161816function bbp_topic_last_reply_permalink( $topic_id = 0 ) {
    1817     echo bbp_get_topic_last_reply_permalink( $topic_id );
     1817    echo esc_url( bbp_get_topic_last_reply_permalink( $topic_id ) );
    18181818}
    18191819    /**
     
    18441844 */
    18451845function bbp_topic_last_reply_url( $topic_id = 0 ) {
    1846     echo bbp_get_topic_last_reply_url( $topic_id );
     1846    echo esc_url( bbp_get_topic_last_reply_url( $topic_id ) );
    18471847}
    18481848    /**
     
    19071907
    19081908        if ( !empty( $time_since ) )
    1909             $anchor = '<a href="' . $link_url . '" title="' . esc_attr( $title ) . '">' . $time_since . '</a>';
     1909            $anchor = '<a href="' . esc_url( $link_url ) . '" title="' . esc_attr( $title ) . '">' . esc_html( $time_since ) . '</a>';
    19101910        else
    19111911            $anchor = __( 'No Replies', 'bbpress' );
     
    23592359            return;
    23602360
    2361         $retval = $r['link_before'] . '<a href="' . $uri . '">' . $r['edit_text'] . '</a>' . $r['link_after'];
     2361        $retval = $r['link_before'] . '<a href="' . esc_url( $uri ) . '">' . $r['edit_text'] . '</a>' . $r['link_after'];
    23622362
    23632363        return apply_filters( 'bbp_get_topic_edit_link', $retval, $r );
     
    23732373 */
    23742374function bbp_topic_edit_url( $topic_id = 0 ) {
    2375     echo bbp_get_topic_edit_url( $topic_id );
     2375    echo esc_url( bbp_get_topic_edit_url( $topic_id ) );
    23762376}
    23772377    /**
     
    32433243 */
    32443244function bbp_topic_tag_link( $tag = '' ) {
    3245     echo bbp_get_topic_tag_link( $tag );
     3245    echo esc_url( bbp_get_topic_tag_link( $tag ) );
    32463246}
    32473247    /**
     
    32873287 */
    32883288function bbp_topic_tag_edit_link( $tag = '' ) {
    3289     echo bbp_get_topic_tag_edit_link( $tag );
     3289    echo esc_url( bbp_get_topic_tag_edit_link( $tag ) );
    32903290}
    32913291    /**
Note: See TracChangeset for help on using the changeset viewer.