Skip to:
Content

bbPress.org


Ignore:
Timestamp:
08/14/2013 09:34:56 PM (11 years ago)
Author:
johnjamesjacoby
Message:

Shift output escaping around in admin links to allow for filtering and passing additional HTML into them. Hat tip mourdak. Fixes #2090.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/includes/replies/template.php

    r5045 r5069  
    19411941            'link_after'   => '',
    19421942            'sep'          => ' | ',
    1943             'trash_text'   => __( 'Trash',   'bbpress' ),
    1944             'restore_text' => __( 'Restore', 'bbpress' ),
    1945             'delete_text'  => __( 'Delete',  'bbpress' )
     1943            'trash_text'   => esc_html__( 'Trash',   'bbpress' ),
     1944            'restore_text' => esc_html__( 'Restore', 'bbpress' ),
     1945            'delete_text'  => esc_html__( 'Delete',  'bbpress' )
    19461946        ), 'get_reply_trash_link' );
    19471947
     
    19541954
    19551955        if ( bbp_is_reply_trash( $reply->ID ) ) {
    1956             $actions['untrash'] = '<a title="' . esc_attr__( 'Restore this item from the Trash', 'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_reply_trash', 'sub_action' => 'untrash', 'reply_id' => $reply->ID ) ), 'untrash-' . $reply->post_type . '_' . $reply->ID ) ) . '">' . esc_html( $r['restore_text'] ) . '</a>';
     1956            $actions['untrash'] = '<a title="' . esc_attr__( 'Restore this item from the Trash', 'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_reply_trash', 'sub_action' => 'untrash', 'reply_id' => $reply->ID ) ), 'untrash-' . $reply->post_type . '_' . $reply->ID ) ) . '">' . $r['restore_text'] . '</a>';
    19571957        } elseif ( EMPTY_TRASH_DAYS ) {
    1958             $actions['trash']   = '<a title="' . esc_attr__( 'Move this item to the Trash', 'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_reply_trash', 'sub_action' => 'trash', 'reply_id' => $reply->ID ) ), 'trash-' . $reply->post_type . '_' . $reply->ID ) ) . '">' . esc_html( $r['trash_text'] ) . '</a>';
     1958            $actions['trash']   = '<a title="' . esc_attr__( 'Move this item to the Trash',      'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_reply_trash', 'sub_action' => 'trash',   'reply_id' => $reply->ID ) ), 'trash-'   . $reply->post_type . '_' . $reply->ID ) ) . '">' . $r['trash_text']  . '</a>';
    19591959        }
    19601960
    19611961        if ( bbp_is_reply_trash( $reply->ID ) || !EMPTY_TRASH_DAYS ) {
    1962             $actions['delete']  = '<a title="' . esc_attr__( 'Delete this item permanently', 'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_reply_trash', 'sub_action' => 'delete', 'reply_id' => $reply->ID ) ), 'delete-' . $reply->post_type . '_' . $reply->ID ) ) . '" onclick="return confirm(\'' . esc_js( __( 'Are you sure you want to delete that permanently?', 'bbpress' ) ) . '\' );">' . esc_html( $r['delete_text'] ) . '</a>';
     1962            $actions['delete']  = '<a title="' . esc_attr__( 'Delete this item permanently',     'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_reply_trash', 'sub_action' => 'delete',  'reply_id' => $reply->ID ) ), 'delete-'  . $reply->post_type . '_' . $reply->ID ) ) . '" onclick="return confirm(\'' . esc_js( __( 'Are you sure you want to delete that permanently?', 'bbpress' ) ) . '\' );">' . $r['delete_text'] . '</a>';
    19631963        }
    19641964
     
    20122012            'link_before'  => '',
    20132013            'link_after'   => '',
    2014             'spam_text'    => __( 'Spam',   'bbpress' ),
    2015             'unspam_text'  => __( 'Unspam', 'bbpress' )
     2014            'spam_text'    => esc_html__( 'Spam',   'bbpress' ),
     2015            'unspam_text'  => esc_html__( 'Unspam', 'bbpress' )
    20162016        ), 'get_reply_spam_link' );
    20172017
     
    20242024        $uri      = add_query_arg( array( 'action' => 'bbp_toggle_reply_spam', 'reply_id' => $reply->ID ) );
    20252025        $uri      = wp_nonce_url( $uri, 'spam-reply_' . $reply->ID );
    2026         $retval   = $r['link_before'] . '<a href="' . esc_url( $uri ) . '">' . esc_html( $display ) . '</a>' . $r['link_after'];
     2026        $retval   = $r['link_before'] . '<a href="' . esc_url( $uri ) . '">' . $display . '</a>' . $r['link_after'];
    20272027
    20282028        return apply_filters( 'bbp_get_reply_spam_link', $retval, $r );
     
    20762076            'link_before' => '',
    20772077            'link_after'  => '',
    2078             'split_text'  => __( 'Move',            'bbpress' ),
    2079             'split_title' => __( 'Move this reply', 'bbpress' )
     2078            'split_text'  => esc_html__( 'Move',            'bbpress' ),
     2079            'split_title' => esc_attr__( 'Move this reply', 'bbpress' )
    20802080        ), 'get_reply_move_link' );
    20812081
     
    20912091        ), bbp_get_reply_edit_url( $reply_id ) );
    20922092
    2093         $retval = $r['link_before'] . '<a href="' . esc_url( $uri ) . '" title="' . esc_attr( $r['split_title'] ) . '">' . esc_html( $r['split_text'] ) . '</a>' . $r['link_after'];
     2093        $retval = $r['link_before'] . '<a href="' . esc_url( $uri ) . '" title="' . $r['split_title'] . '">' . $r['split_text'] . '</a>' . $r['link_after'];
    20942094
    20952095        return apply_filters( 'bbp_get_reply_move_link', $retval, $r );
     
    21432143            'link_before' => '',
    21442144            'link_after'  => '',
    2145             'split_text'  => __( 'Split',                           'bbpress' ),
    2146             'split_title' => __( 'Split the topic from this reply', 'bbpress' )
     2145            'split_text'  => esc_html__( 'Split',                           'bbpress' ),
     2146            'split_title' => esc_attr__( 'Split the topic from this reply', 'bbpress' )
    21472147        ), 'get_topic_split_link' );
    21482148
Note: See TracChangeset for help on using the changeset viewer.