Skip to:
Content

bbPress.org

Changeset 5069


Ignore:
Timestamp:
08/14/2013 09:34:56 PM (8 years ago)
Author:
johnjamesjacoby
Message:

Shift output escaping around in admin links to allow for filtering and passing additional HTML into them. Hat tip mourdak. Fixes #2090.

Location:
trunk/includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/includes/replies/template.php

    r5045 r5069  
    19411941            'link_after'   => '',
    19421942            'sep'          => ' | ',
    1943             'trash_text'   => __( 'Trash',   'bbpress' ),
    1944             'restore_text' => __( 'Restore', 'bbpress' ),
    1945             'delete_text'  => __( 'Delete',  'bbpress' )
     1943            'trash_text'   => esc_html__( 'Trash',   'bbpress' ),
     1944            'restore_text' => esc_html__( 'Restore', 'bbpress' ),
     1945            'delete_text'  => esc_html__( 'Delete',  'bbpress' )
    19461946        ), 'get_reply_trash_link' );
    19471947
     
    19541954
    19551955        if ( bbp_is_reply_trash( $reply->ID ) ) {
    1956             $actions['untrash'] = '<a title="' . esc_attr__( 'Restore this item from the Trash', 'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_reply_trash', 'sub_action' => 'untrash', 'reply_id' => $reply->ID ) ), 'untrash-' . $reply->post_type . '_' . $reply->ID ) ) . '">' . esc_html( $r['restore_text'] ) . '</a>';
     1956            $actions['untrash'] = '<a title="' . esc_attr__( 'Restore this item from the Trash', 'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_reply_trash', 'sub_action' => 'untrash', 'reply_id' => $reply->ID ) ), 'untrash-' . $reply->post_type . '_' . $reply->ID ) ) . '">' . $r['restore_text'] . '</a>';
    19571957        } elseif ( EMPTY_TRASH_DAYS ) {
    1958             $actions['trash']   = '<a title="' . esc_attr__( 'Move this item to the Trash', 'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_reply_trash', 'sub_action' => 'trash', 'reply_id' => $reply->ID ) ), 'trash-' . $reply->post_type . '_' . $reply->ID ) ) . '">' . esc_html( $r['trash_text'] ) . '</a>';
     1958            $actions['trash']   = '<a title="' . esc_attr__( 'Move this item to the Trash',      'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_reply_trash', 'sub_action' => 'trash',   'reply_id' => $reply->ID ) ), 'trash-'   . $reply->post_type . '_' . $reply->ID ) ) . '">' . $r['trash_text']  . '</a>';
    19591959        }
    19601960
    19611961        if ( bbp_is_reply_trash( $reply->ID ) || !EMPTY_TRASH_DAYS ) {
    1962             $actions['delete']  = '<a title="' . esc_attr__( 'Delete this item permanently', 'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_reply_trash', 'sub_action' => 'delete', 'reply_id' => $reply->ID ) ), 'delete-' . $reply->post_type . '_' . $reply->ID ) ) . '" onclick="return confirm(\'' . esc_js( __( 'Are you sure you want to delete that permanently?', 'bbpress' ) ) . '\' );">' . esc_html( $r['delete_text'] ) . '</a>';
     1962            $actions['delete']  = '<a title="' . esc_attr__( 'Delete this item permanently',     'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_reply_trash', 'sub_action' => 'delete',  'reply_id' => $reply->ID ) ), 'delete-'  . $reply->post_type . '_' . $reply->ID ) ) . '" onclick="return confirm(\'' . esc_js( __( 'Are you sure you want to delete that permanently?', 'bbpress' ) ) . '\' );">' . $r['delete_text'] . '</a>';
    19631963        }
    19641964
     
    20122012            'link_before'  => '',
    20132013            'link_after'   => '',
    2014             'spam_text'    => __( 'Spam',   'bbpress' ),
    2015             'unspam_text'  => __( 'Unspam', 'bbpress' )
     2014            'spam_text'    => esc_html__( 'Spam',   'bbpress' ),
     2015            'unspam_text'  => esc_html__( 'Unspam', 'bbpress' )
    20162016        ), 'get_reply_spam_link' );
    20172017
     
    20242024        $uri      = add_query_arg( array( 'action' => 'bbp_toggle_reply_spam', 'reply_id' => $reply->ID ) );
    20252025        $uri      = wp_nonce_url( $uri, 'spam-reply_' . $reply->ID );
    2026         $retval   = $r['link_before'] . '<a href="' . esc_url( $uri ) . '">' . esc_html( $display ) . '</a>' . $r['link_after'];
     2026        $retval   = $r['link_before'] . '<a href="' . esc_url( $uri ) . '">' . $display . '</a>' . $r['link_after'];
    20272027
    20282028        return apply_filters( 'bbp_get_reply_spam_link', $retval, $r );
     
    20762076            'link_before' => '',
    20772077            'link_after'  => '',
    2078             'split_text'  => __( 'Move',            'bbpress' ),
    2079             'split_title' => __( 'Move this reply', 'bbpress' )
     2078            'split_text'  => esc_html__( 'Move',            'bbpress' ),
     2079            'split_title' => esc_attr__( 'Move this reply', 'bbpress' )
    20802080        ), 'get_reply_move_link' );
    20812081
     
    20912091        ), bbp_get_reply_edit_url( $reply_id ) );
    20922092
    2093         $retval = $r['link_before'] . '<a href="' . esc_url( $uri ) . '" title="' . esc_attr( $r['split_title'] ) . '">' . esc_html( $r['split_text'] ) . '</a>' . $r['link_after'];
     2093        $retval = $r['link_before'] . '<a href="' . esc_url( $uri ) . '" title="' . $r['split_title'] . '">' . $r['split_text'] . '</a>' . $r['link_after'];
    20942094
    20952095        return apply_filters( 'bbp_get_reply_move_link', $retval, $r );
     
    21432143            'link_before' => '',
    21442144            'link_after'  => '',
    2145             'split_text'  => __( 'Split',                           'bbpress' ),
    2146             'split_title' => __( 'Split the topic from this reply', 'bbpress' )
     2145            'split_text'  => esc_html__( 'Split',                           'bbpress' ),
     2146            'split_title' => esc_attr__( 'Split the topic from this reply', 'bbpress' )
    21472147        ), 'get_topic_split_link' );
    21482148
  • trunk/includes/topics/template.php

    r5060 r5069  
    24622462            'link_after'   => '',
    24632463            'sep'          => ' | ',
    2464             'trash_text'   => __( 'Trash',   'bbpress' ),
    2465             'restore_text' => __( 'Restore', 'bbpress' ),
    2466             'delete_text'  => __( 'Delete',  'bbpress' )
     2464            'trash_text'   => esc_html__( 'Trash',   'bbpress' ),
     2465            'restore_text' => esc_html__( 'Restore', 'bbpress' ),
     2466            'delete_text'  => esc_html__( 'Delete',  'bbpress' )
    24672467        ), 'get_topic_trash_link' );
    24682468
     
    24752475
    24762476        if ( bbp_is_topic_trash( $topic->ID ) ) {
    2477             $actions['untrash'] = '<a title="' . esc_attr__( 'Restore this item from the Trash', 'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_topic_trash', 'sub_action' => 'untrash', 'topic_id' => $topic->ID ) ), 'untrash-' . $topic->post_type . '_' . $topic->ID ) ) . '">' . esc_html( $r['restore_text'] ) . '</a>';
     2477            $actions['untrash'] = '<a title="' . esc_attr__( 'Restore this item from the Trash', 'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_topic_trash', 'sub_action' => 'untrash', 'topic_id' => $topic->ID ) ), 'untrash-' . $topic->post_type . '_' . $topic->ID ) ) . '">' . $r['restore_text'] . '</a>';
    24782478        } elseif ( EMPTY_TRASH_DAYS ) {
    2479             $actions['trash']   = '<a title="' . esc_attr__( 'Move this item to the Trash', 'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_topic_trash', 'sub_action' => 'trash', 'topic_id' => $topic->ID ) ), 'trash-' . $topic->post_type . '_' . $topic->ID ) ) . '">' . esc_html( $r['trash_text'] ) . '</a>';
     2479            $actions['trash']   = '<a title="' . esc_attr__( 'Move this item to the Trash', 'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_topic_trash', 'sub_action' => 'trash', 'topic_id' => $topic->ID ) ), 'trash-' . $topic->post_type . '_' . $topic->ID ) ) . '">' . $r['trash_text'] . '</a>';
    24802480        }
    24812481
    24822482        if ( bbp_is_topic_trash( $topic->ID ) || !EMPTY_TRASH_DAYS ) {
    2483             $actions['delete']  = '<a title="' . esc_attr__( 'Delete this item permanently', 'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_topic_trash', 'sub_action' => 'delete', 'topic_id' => $topic->ID ) ), 'delete-' . $topic->post_type . '_' . $topic->ID ) ) . '" onclick="return confirm(\'' . esc_js( __( 'Are you sure you want to delete that permanently?', 'bbpress' ) ) . '\' );">' . esc_html( $r['delete_text'] ) . '</a>';
     2483            $actions['delete']  = '<a title="' . esc_attr__( 'Delete this item permanently', 'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_topic_trash', 'sub_action' => 'delete', 'topic_id' => $topic->ID ) ), 'delete-' . $topic->post_type . '_' . $topic->ID ) ) . '" onclick="return confirm(\'' . esc_js( __( 'Are you sure you want to delete that permanently?', 'bbpress' ) ) . '\' );">' . $r['delete_text'] . '</a>';
    24842484        }
    24852485
     
    25922592            'link_before'  => '',
    25932593            'link_after'   => '',
    2594             'stick_text'   => __( 'Stick',    'bbpress' ),
    2595             'unstick_text' => __( 'Unstick',  'bbpress' ),
    2596             'super_text'   => __( 'to front', 'bbpress' ),
     2594            'stick_text'   => esc_html__( 'Stick',      'bbpress' ),
     2595            'unstick_text' => esc_html__( 'Unstick',    'bbpress' ),
     2596            'super_text'   => esc_html__( '(to front)', 'bbpress' ),
    25972597        ), 'get_topic_stick_link' );
    25982598
     
    26072607        $stick_uri = wp_nonce_url( $stick_uri, 'stick-topic_' . $topic->ID );
    26082608
    2609         $stick_display = true === $is_sticky ? $r['unstick_text'] : $r['stick_text'];
     2609        $stick_display = ( true === $is_sticky ) ? $r['unstick_text'] : $r['stick_text'];
    26102610        $stick_display = '<a href="' . esc_url( $stick_uri ) . '">' . $stick_display . '</a>';
    26112611
     
    26142614            $super_uri = wp_nonce_url( $super_uri, 'stick-topic_' . $topic->ID );
    26152615
    2616             $super_display = ' (<a href="' . esc_url( $super_uri ) . '">' . $r['super_text'] . '</a>)';
     2616            $super_display = ' <a href="' . esc_url( $super_uri ) . '">' . $r['super_text'] . '</a>';
    26172617        } else {
    26182618            $super_display = '';
     
    26632663            'link_before'  => '',
    26642664            'link_after'   => '',
    2665             'merge_text'   => __( 'Merge', 'bbpress' ),
     2665            'merge_text'   => esc_html__( 'Merge', 'bbpress' ),
    26662666        ), 'get_topic_merge_link' );
    26672667
     
    27192719            'link_after'   => '',
    27202720            'sep'          => ' | ',
    2721             'spam_text'    => __( 'Spam',   'bbpress' ),
    2722             'unspam_text'  => __( 'Unspam', 'bbpress' )
     2721            'spam_text'    => esc_html__( 'Spam',   'bbpress' ),
     2722            'unspam_text'  => esc_html__( 'Unspam', 'bbpress' )
    27232723        ), 'get_topic_spam_link' );
    27242724
     
    27682768            'link_before'  => '',
    27692769            'link_after'   => '',
    2770             'reply_text'   => __( 'Reply', 'bbpress' ),
     2770            'reply_text'   => esc_html__( 'Reply', 'bbpress' ),
    27712771        ), 'get_topic_reply_link' );
    27722772
     
    27822782        // Add $uri to the array, to be passed through the filter
    27832783        $r['uri'] = $uri;
    2784         $retval   = $r['link_before'] . '<a href="' . esc_url( $r['uri'] ) . '" class="bbp-topic-reply-link">' . esc_html( $r['reply_text'] ) . '</a>' . $r['link_after'];
     2784        $retval   = $r['link_before'] . '<a href="' . esc_url( $r['uri'] ) . '" class="bbp-topic-reply-link">' . $r['reply_text'] . '</a>' . $r['link_after'];
    27852785
    27862786        return apply_filters( 'bbp_get_topic_reply_link', $retval, $r, $args );
Note: See TracChangeset for help on using the changeset viewer.