Changeset 5040 for trunk/includes/topics/template-tags.php

Timestamp:

07/18/2013 07:16:23 AM (13 years ago)

Author:

johnjamesjacoby

Message:

More esc_url() improvements, and practice late-escaping where we were otherwise passing around escaped URL variables. See #2367.

File:

• trunk/includes/topics/template-tags.php (modified) (4 diffs)

trunk/includes/topics/template-tags.php

@@ -2543 +2543 @@
         $display = bbp_is_topic_open( $topic->ID ) ? $r['close_text'] : $r['open_text'];
         $uri     = add_query_arg( array( 'action' => 'bbp_toggle_topic_close', 'topic_id' => $topic->ID ) );
-        $uri     = esc_url( wp_nonce_url( $uri, 'close-topic_' . $topic->ID ) );
-        $retval  = $r['link_before'] . '<a href="' . $uri . '">' . $display . '</a>' . $r['link_after'];
+        $uri     = wp_nonce_url( $uri, 'close-topic_' . $topic->ID );
+        $retval  = $r['link_before'] . '<a href="' . esc_url( $uri ) . '">' . $display . '</a>' . $r['link_after'];
 
         return apply_filters( 'bbp_get_topic_close_link', $retval, $r );
@@ -2605 +2605 @@
 
         $stick_uri = add_query_arg( array( 'action' => 'bbp_toggle_topic_stick', 'topic_id' => $topic->ID ) );
-        $stick_uri = esc_url( wp_nonce_url( $stick_uri, 'stick-topic_' . $topic->ID ) );
+        $stick_uri = wp_nonce_url( $stick_uri, 'stick-topic_' . $topic->ID );
 
         $stick_display = true === $is_sticky ? $r['unstick_text'] : $r['stick_text'];
-        $stick_display = '<a href="' . $stick_uri . '">' . $stick_display . '</a>';
+        $stick_display = '<a href="' . esc_url( $stick_uri ) . '">' . $stick_display . '</a>';
 
         if ( empty( $is_sticky ) ) {
             $super_uri = add_query_arg( array( 'action' => 'bbp_toggle_topic_stick', 'topic_id' => $topic->ID, 'super' => 1 ) );
-            $super_uri = esc_url( wp_nonce_url( $super_uri, 'stick-topic_' . $topic->ID ) );
-
-            $super_display = ' (<a href="' . $super_uri . '">' . $r['super_text'] . '</a>)';
+            $super_uri = wp_nonce_url( $super_uri, 'stick-topic_' . $topic->ID );
+
+            $super_display = ' (<a href="' . esc_url( $super_uri ) . '">' . $r['super_text'] . '</a>)';
         } else {
             $super_display = '';
@@ -2671 +2671 @@
             return;
 
-        $uri    = esc_url( add_query_arg( array( 'action' => 'merge' ), bbp_get_topic_edit_url( $topic->ID ) ) );
-        $retval = $r['link_before'] . '<a href="' . $uri . '">' . $r['merge_text'] . '</a>' . $r['link_after'];
+        $uri    = add_query_arg( array( 'action' => 'merge' ), bbp_get_topic_edit_url( $topic->ID ) );
+        $retval = $r['link_before'] . '<a href="' . esc_url( $uri ) . '">' . $r['merge_text'] . '</a>' . $r['link_after'];
 
         return apply_filters( 'bbp_get_topic_merge_link', $retval, $args );
@@ -2730 +2730 @@
         $display = bbp_is_topic_spam( $topic->ID ) ? $r['unspam_text'] : $r['spam_text'];
         $uri     = add_query_arg( array( 'action' => 'bbp_toggle_topic_spam', 'topic_id' => $topic->ID ) );
-        $uri     = esc_url( wp_nonce_url( $uri, 'spam-topic_' . $topic->ID ) );
-        $retval  = $r['link_before'] . '<a href="' . $uri . '">' . $display . '</a>' . $r['link_after'];
+        $uri     = wp_nonce_url( $uri, 'spam-topic_' . $topic->ID );
+        $retval  = $r['link_before'] . '<a href="' . esc_url( $uri ) . '">' . $display . '</a>' . $r['link_after'];
 
         return apply_filters( 'bbp_get_topic_spam_link', $retval, $r );