Skip to:
Content

bbPress.org

Changeset 5070


Ignore:
Timestamp:
08/14/2013 09:43:24 PM (8 years ago)
Author:
johnjamesjacoby
Message:

Add missing output escaping in admin edit links, and add unique classes to all admin links. See #2090.

Location:
trunk/includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/includes/replies/template.php

    r5069 r5070  
    18171817            'link_before'  => '',
    18181818            'link_after'   => '',
    1819             'edit_text'    => __( 'Edit', 'bbpress' )
     1819            'edit_text'    => est_html__( 'Edit', 'bbpress' )
    18201820        ), 'get_reply_edit_link' );
    18211821
     
    18381838            return;
    18391839
    1840         $retval = $r['link_before'] . '<a href="' . esc_url( $uri ) . '">' . esc_html( $r['edit_text'] ) . '</a>' . $r['link_after'];
     1840        $retval = $r['link_before'] . '<a href="' . esc_url( $uri ) . '" class="bbp-reply-edit-link">' . $r['edit_text'] . '</a>' . $r['link_after'];
    18411841
    18421842        return apply_filters( 'bbp_get_reply_edit_link', $retval, $r );
     
    19541954
    19551955        if ( bbp_is_reply_trash( $reply->ID ) ) {
    1956             $actions['untrash'] = '<a title="' . esc_attr__( 'Restore this item from the Trash', 'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_reply_trash', 'sub_action' => 'untrash', 'reply_id' => $reply->ID ) ), 'untrash-' . $reply->post_type . '_' . $reply->ID ) ) . '">' . $r['restore_text'] . '</a>';
     1956            $actions['untrash'] = '<a title="' . esc_attr__( 'Restore this item from the Trash', 'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_reply_trash', 'sub_action' => 'untrash', 'reply_id' => $reply->ID ) ), 'untrash-' . $reply->post_type . '_' . $reply->ID ) ) . '" class="bbp-reply-restore-link">' . $r['restore_text'] . '</a>';
    19571957        } elseif ( EMPTY_TRASH_DAYS ) {
    1958             $actions['trash']   = '<a title="' . esc_attr__( 'Move this item to the Trash',      'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_reply_trash', 'sub_action' => 'trash',   'reply_id' => $reply->ID ) ), 'trash-'   . $reply->post_type . '_' . $reply->ID ) ) . '">' . $r['trash_text']   . '</a>';
     1958            $actions['trash']   = '<a title="' . esc_attr__( 'Move this item to the Trash',      'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_reply_trash', 'sub_action' => 'trash',   'reply_id' => $reply->ID ) ), 'trash-'   . $reply->post_type . '_' . $reply->ID ) ) . '" class="bbp-reply-trash-link">'  . $r['trash_text']   . '</a>';
    19591959        }
    19601960
    19611961        if ( bbp_is_reply_trash( $reply->ID ) || !EMPTY_TRASH_DAYS ) {
    1962             $actions['delete']  = '<a title="' . esc_attr__( 'Delete this item permanently',     'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_reply_trash', 'sub_action' => 'delete',  'reply_id' => $reply->ID ) ), 'delete-'  . $reply->post_type . '_' . $reply->ID ) ) . '" onclick="return confirm(\'' . esc_js( __( 'Are you sure you want to delete that permanently?', 'bbpress' ) ) . '\' );">' . $r['delete_text'] . '</a>';
     1962            $actions['delete']  = '<a title="' . esc_attr__( 'Delete this item permanently',     'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_reply_trash', 'sub_action' => 'delete',  'reply_id' => $reply->ID ) ), 'delete-'  . $reply->post_type . '_' . $reply->ID ) ) . '" onclick="return confirm(\'' . esc_js( __( 'Are you sure you want to delete that permanently?', 'bbpress' ) ) . '\' );" class="bbp-reply-delete-link">' . $r['delete_text'] . '</a>';
    19631963        }
    19641964
     
    20242024        $uri      = add_query_arg( array( 'action' => 'bbp_toggle_reply_spam', 'reply_id' => $reply->ID ) );
    20252025        $uri      = wp_nonce_url( $uri, 'spam-reply_' . $reply->ID );
    2026         $retval   = $r['link_before'] . '<a href="' . esc_url( $uri ) . '">' . $display . '</a>' . $r['link_after'];
     2026        $retval   = $r['link_before'] . '<a href="' . esc_url( $uri ) . '" class="bbp-reply-spam-link">' . $display . '</a>' . $r['link_after'];
    20272027
    20282028        return apply_filters( 'bbp_get_reply_spam_link', $retval, $r );
     
    20912091        ), bbp_get_reply_edit_url( $reply_id ) );
    20922092
    2093         $retval = $r['link_before'] . '<a href="' . esc_url( $uri ) . '" title="' . $r['split_title'] . '">' . $r['split_text'] . '</a>' . $r['link_after'];
     2093        $retval = $r['link_before'] . '<a href="' . esc_url( $uri ) . '" title="' . $r['split_title'] . '" class="bbp-reply-spam-link">' . $r['split_text'] . '</a>' . $r['link_after'];
    20942094
    20952095        return apply_filters( 'bbp_get_reply_move_link', $retval, $r );
     
    21582158        ), bbp_get_topic_edit_url( $topic_id ) );
    21592159
    2160         $retval = $r['link_before'] . '<a href="' . esc_url( $uri ) . '" title="' . esc_attr( $r['split_title'] ) . '">' . esc_html( $r['split_text'] ) . '</a>' . $r['link_after'];
     2160        $retval = $r['link_before'] . '<a href="' . esc_url( $uri ) . '" title="' . esc_attr( $r['split_title'] ) . '" class="bbp-reply-split-link">' . esc_html( $r['split_text'] ) . '</a>' . $r['link_after'];
    21612161
    21622162        return apply_filters( 'bbp_get_topic_split_link', $retval, $r );
  • trunk/includes/topics/template.php

    r5069 r5070  
    23382338            'link_before'  => '',
    23392339            'link_after'   => '',
    2340             'edit_text'    => __( 'Edit', 'bbpress' )
     2340            'edit_text'    => esc_html__( 'Edit', 'bbpress' )
    23412341        ), 'get_topic_edit_link' );
    23422342
     
    23592359            return;
    23602360
    2361         $retval = $r['link_before'] . '<a href="' . esc_url( $uri ) . '">' . $r['edit_text'] . '</a>' . $r['link_after'];
     2361        $retval = $r['link_before'] . '<a href="' . esc_url( $uri ) . '" class="bbp-topic-edit-link">' . $r['edit_text'] . '</a>' . $r['link_after'];
    23622362
    23632363        return apply_filters( 'bbp_get_topic_edit_link', $retval, $r );
     
    24752475
    24762476        if ( bbp_is_topic_trash( $topic->ID ) ) {
    2477             $actions['untrash'] = '<a title="' . esc_attr__( 'Restore this item from the Trash', 'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_topic_trash', 'sub_action' => 'untrash', 'topic_id' => $topic->ID ) ), 'untrash-' . $topic->post_type . '_' . $topic->ID ) ) . '">' . $r['restore_text'] . '</a>';
     2477            $actions['untrash'] = '<a title="' . esc_attr__( 'Restore this item from the Trash', 'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_topic_trash', 'sub_action' => 'untrash', 'topic_id' => $topic->ID ) ), 'untrash-' . $topic->post_type . '_' . $topic->ID ) ) . '" class="bbp-topic-restore-link">' . $r['restore_text'] . '</a>';
    24782478        } elseif ( EMPTY_TRASH_DAYS ) {
    2479             $actions['trash']   = '<a title="' . esc_attr__( 'Move this item to the Trash', 'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_topic_trash', 'sub_action' => 'trash', 'topic_id' => $topic->ID ) ), 'trash-' . $topic->post_type . '_' . $topic->ID ) ) . '">' . $r['trash_text'] . '</a>';
     2479            $actions['trash']   = '<a title="' . esc_attr__( 'Move this item to the Trash',      'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_topic_trash', 'sub_action' => 'trash',   'topic_id' => $topic->ID ) ), 'trash-'   . $topic->post_type . '_' . $topic->ID ) ) . '" class="bbp-topic-trash-link">'   . $r['trash_text']  . '</a>';
    24802480        }
    24812481
    24822482        if ( bbp_is_topic_trash( $topic->ID ) || !EMPTY_TRASH_DAYS ) {
    2483             $actions['delete']  = '<a title="' . esc_attr__( 'Delete this item permanently', 'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_topic_trash', 'sub_action' => 'delete', 'topic_id' => $topic->ID ) ), 'delete-' . $topic->post_type . '_' . $topic->ID ) ) . '" onclick="return confirm(\'' . esc_js( __( 'Are you sure you want to delete that permanently?', 'bbpress' ) ) . '\' );">' . $r['delete_text'] . '</a>';
     2483            $actions['delete']  = '<a title="' . esc_attr__( 'Delete this item permanently',     'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_topic_trash', 'sub_action' => 'delete',  'topic_id' => $topic->ID ) ), 'delete-'  . $topic->post_type . '_' . $topic->ID ) ) . '" onclick="return confirm(\'' . esc_js( __( 'Are you sure you want to delete that permanently?', 'bbpress' ) ) . '\' );" class="bbp-topic-delete-link">' . $r['delete_text'] . '</a>';
    24842484        }
    24852485
     
    25442544        $uri     = add_query_arg( array( 'action' => 'bbp_toggle_topic_close', 'topic_id' => $topic->ID ) );
    25452545        $uri     = wp_nonce_url( $uri, 'close-topic_' . $topic->ID );
    2546         $retval  = $r['link_before'] . '<a href="' . esc_url( $uri ) . '">' . $display . '</a>' . $r['link_after'];
     2546        $retval  = $r['link_before'] . '<a href="' . esc_url( $uri ) . '" class="bbp-topic-close-link">' . $display . '</a>' . $r['link_after'];
    25472547
    25482548        return apply_filters( 'bbp_get_topic_close_link', $retval, $r );
     
    26082608
    26092609        $stick_display = ( true === $is_sticky ) ? $r['unstick_text'] : $r['stick_text'];
    2610         $stick_display = '<a href="' . esc_url( $stick_uri ) . '">' . $stick_display . '</a>';
     2610        $stick_display = '<a href="' . esc_url( $stick_uri ) . '" class="bbp-topic-sticky-link">' . $stick_display . '</a>';
    26112611
    26122612        if ( empty( $is_sticky ) ) {
     
    26142614            $super_uri = wp_nonce_url( $super_uri, 'stick-topic_' . $topic->ID );
    26152615
    2616             $super_display = ' <a href="' . esc_url( $super_uri ) . '">' . $r['super_text'] . '</a>';
     2616            $super_display = ' <a href="' . esc_url( $super_uri ) . '" class="bbp-topic-super-sticky-link">' . $r['super_text'] . '</a>';
    26172617        } else {
    26182618            $super_display = '';
     
    26722672
    26732673        $uri    = add_query_arg( array( 'action' => 'merge' ), bbp_get_topic_edit_url( $topic->ID ) );
    2674         $retval = $r['link_before'] . '<a href="' . esc_url( $uri ) . '">' . $r['merge_text'] . '</a>' . $r['link_after'];
     2674        $retval = $r['link_before'] . '<a href="' . esc_url( $uri ) . '" class="bbp-topic-merge-link">' . $r['merge_text'] . '</a>' . $r['link_after'];
    26752675
    26762676        return apply_filters( 'bbp_get_topic_merge_link', $retval, $args );
     
    27312731        $uri     = add_query_arg( array( 'action' => 'bbp_toggle_topic_spam', 'topic_id' => $topic->ID ) );
    27322732        $uri     = wp_nonce_url( $uri, 'spam-topic_' . $topic->ID );
    2733         $retval  = $r['link_before'] . '<a href="' . esc_url( $uri ) . '">' . $display . '</a>' . $r['link_after'];
     2733        $retval  = $r['link_before'] . '<a href="' . esc_url( $uri ) . '" class="bbp-topic-spam-link">' . $display . '</a>' . $r['link_after'];
    27342734
    27352735        return apply_filters( 'bbp_get_topic_spam_link', $retval, $r );
Note: See TracChangeset for help on using the changeset viewer.