Changeset 5037 for trunk/includes/users/template-tags.php

Timestamp:

07/17/2013 07:35:03 PM (13 years ago)

Author:

johnjamesjacoby

Message:

For all template functions that output URL's, always echo an escaped value using esc_url(). See #2367.

File:

• trunk/includes/users/template-tags.php (modified) (9 diffs)

trunk/includes/users/template-tags.php

@@ -256 +256 @@
 
         $user      = get_userdata( $user_id );
-        $name      = esc_attr( $user->display_name );
-        $user_link = '<a href="' . bbp_get_user_profile_url( $user_id ) . '">' . $name . '</a>';
+        $user_link = '<a href="' . esc_url( bbp_get_user_profile_url( $user_id ) ) . '">' . esc_html( $user->display_name ) . '</a>';
 
         return apply_filters( 'bbp_get_user_profile_link', $user_link, $user_id );
@@ -324 +323 @@
  */
 function bbp_user_profile_url( $user_id = 0, $user_nicename = '' ) {
-    echo bbp_get_user_profile_url( $user_id, $user_nicename );
+    echo esc_url( bbp_get_user_profile_url( $user_id, $user_nicename ) );
 }
     /**
@@ -407 +406 @@
 
         $user      = get_userdata( $user_id );
-        $name      = $user->display_name;
-        $edit_link = '<a href="' . bbp_get_user_profile_url( $user_id ) . '">' . $name . '</a>';
+        $edit_link = '<a href="' . esc_url( bbp_get_user_profile_url( $user_id ) ) . '">' . esc_html( $user->display_name ) . '</a>';
         return apply_filters( 'bbp_get_user_profile_edit_link', $edit_link, $user_id );
     }
@@ -422 +420 @@
  */
 function bbp_user_profile_edit_url( $user_id = 0, $user_nicename = '' ) {
-    echo bbp_get_user_profile_edit_url( $user_id, $user_nicename );
+    echo esc_url( bbp_get_user_profile_edit_url( $user_id, $user_nicename ) );
 }
     /**
@@ -563 +561 @@
         ), 'get_admin_link' );
 
-        $retval = $r['before'] . '<a href="' . admin_url() . '">' . $r['text'] . '</a>' . $r['after'];
+        $retval = $r['before'] . '<a href="' . esc_url( admin_url() ) . '">' . $r['text'] . '</a>' . $r['after'];
 
         return apply_filters( 'bbp_get_admin_link', $retval, $r );
@@ -626 +624 @@
  */
 function bbp_favorites_permalink( $user_id = 0 ) {
-    echo bbp_get_favorites_permalink( $user_id );
+    echo esc_url( bbp_get_favorites_permalink( $user_id ) );
 }
     /**
@@ -788 +786 @@
  */
 function bbp_subscriptions_permalink( $user_id = 0 ) {
-    echo bbp_get_subscriptions_permalink( $user_id );
+    echo esc_url( bbp_get_subscriptions_permalink( $user_id ) );
 }
     /**
@@ -1116 +1114 @@
  */
 function bbp_user_topics_created_url( $user_id = 0 ) {
-    echo bbp_get_user_topics_created_url( $user_id );
+    echo esc_url( bbp_get_user_topics_created_url( $user_id ) );
 }
     /**
@@ -1176 +1174 @@
  */
 function bbp_user_replies_created_url( $user_id = 0 ) {
-    echo bbp_get_user_replies_created_url( $user_id );
+    echo esc_url( bbp_get_user_replies_created_url( $user_id ) );
 }
     /**