Skip to:
Content

bbPress.org


Ignore:
Timestamp:
08/14/2013 09:43:24 PM (11 years ago)
Author:
johnjamesjacoby
Message:

Add missing output escaping in admin edit links, and add unique classes to all admin links. See #2090.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/includes/replies/template.php

    r5069 r5070  
    18171817            'link_before'  => '',
    18181818            'link_after'   => '',
    1819             'edit_text'    => __( 'Edit', 'bbpress' )
     1819            'edit_text'    => est_html__( 'Edit', 'bbpress' )
    18201820        ), 'get_reply_edit_link' );
    18211821
     
    18381838            return;
    18391839
    1840         $retval = $r['link_before'] . '<a href="' . esc_url( $uri ) . '">' . esc_html( $r['edit_text'] ) . '</a>' . $r['link_after'];
     1840        $retval = $r['link_before'] . '<a href="' . esc_url( $uri ) . '" class="bbp-reply-edit-link">' . $r['edit_text'] . '</a>' . $r['link_after'];
    18411841
    18421842        return apply_filters( 'bbp_get_reply_edit_link', $retval, $r );
     
    19541954
    19551955        if ( bbp_is_reply_trash( $reply->ID ) ) {
    1956             $actions['untrash'] = '<a title="' . esc_attr__( 'Restore this item from the Trash', 'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_reply_trash', 'sub_action' => 'untrash', 'reply_id' => $reply->ID ) ), 'untrash-' . $reply->post_type . '_' . $reply->ID ) ) . '">' . $r['restore_text'] . '</a>';
     1956            $actions['untrash'] = '<a title="' . esc_attr__( 'Restore this item from the Trash', 'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_reply_trash', 'sub_action' => 'untrash', 'reply_id' => $reply->ID ) ), 'untrash-' . $reply->post_type . '_' . $reply->ID ) ) . '" class="bbp-reply-restore-link">' . $r['restore_text'] . '</a>';
    19571957        } elseif ( EMPTY_TRASH_DAYS ) {
    1958             $actions['trash']   = '<a title="' . esc_attr__( 'Move this item to the Trash',      'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_reply_trash', 'sub_action' => 'trash',   'reply_id' => $reply->ID ) ), 'trash-'   . $reply->post_type . '_' . $reply->ID ) ) . '">' . $r['trash_text']   . '</a>';
     1958            $actions['trash']   = '<a title="' . esc_attr__( 'Move this item to the Trash',      'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_reply_trash', 'sub_action' => 'trash',   'reply_id' => $reply->ID ) ), 'trash-'   . $reply->post_type . '_' . $reply->ID ) ) . '" class="bbp-reply-trash-link">'  . $r['trash_text']   . '</a>';
    19591959        }
    19601960
    19611961        if ( bbp_is_reply_trash( $reply->ID ) || !EMPTY_TRASH_DAYS ) {
    1962             $actions['delete']  = '<a title="' . esc_attr__( 'Delete this item permanently',     'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_reply_trash', 'sub_action' => 'delete',  'reply_id' => $reply->ID ) ), 'delete-'  . $reply->post_type . '_' . $reply->ID ) ) . '" onclick="return confirm(\'' . esc_js( __( 'Are you sure you want to delete that permanently?', 'bbpress' ) ) . '\' );">' . $r['delete_text'] . '</a>';
     1962            $actions['delete']  = '<a title="' . esc_attr__( 'Delete this item permanently',     'bbpress' ) . '" href="' . esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'bbp_toggle_reply_trash', 'sub_action' => 'delete',  'reply_id' => $reply->ID ) ), 'delete-'  . $reply->post_type . '_' . $reply->ID ) ) . '" onclick="return confirm(\'' . esc_js( __( 'Are you sure you want to delete that permanently?', 'bbpress' ) ) . '\' );" class="bbp-reply-delete-link">' . $r['delete_text'] . '</a>';
    19631963        }
    19641964
     
    20242024        $uri      = add_query_arg( array( 'action' => 'bbp_toggle_reply_spam', 'reply_id' => $reply->ID ) );
    20252025        $uri      = wp_nonce_url( $uri, 'spam-reply_' . $reply->ID );
    2026         $retval   = $r['link_before'] . '<a href="' . esc_url( $uri ) . '">' . $display . '</a>' . $r['link_after'];
     2026        $retval   = $r['link_before'] . '<a href="' . esc_url( $uri ) . '" class="bbp-reply-spam-link">' . $display . '</a>' . $r['link_after'];
    20272027
    20282028        return apply_filters( 'bbp_get_reply_spam_link', $retval, $r );
     
    20912091        ), bbp_get_reply_edit_url( $reply_id ) );
    20922092
    2093         $retval = $r['link_before'] . '<a href="' . esc_url( $uri ) . '" title="' . $r['split_title'] . '">' . $r['split_text'] . '</a>' . $r['link_after'];
     2093        $retval = $r['link_before'] . '<a href="' . esc_url( $uri ) . '" title="' . $r['split_title'] . '" class="bbp-reply-spam-link">' . $r['split_text'] . '</a>' . $r['link_after'];
    20942094
    20952095        return apply_filters( 'bbp_get_reply_move_link', $retval, $r );
     
    21582158        ), bbp_get_topic_edit_url( $topic_id ) );
    21592159
    2160         $retval = $r['link_before'] . '<a href="' . esc_url( $uri ) . '" title="' . esc_attr( $r['split_title'] ) . '">' . esc_html( $r['split_text'] ) . '</a>' . $r['link_after'];
     2160        $retval = $r['link_before'] . '<a href="' . esc_url( $uri ) . '" title="' . esc_attr( $r['split_title'] ) . '" class="bbp-reply-split-link">' . esc_html( $r['split_text'] ) . '</a>' . $r['link_after'];
    21612161
    21622162        return apply_filters( 'bbp_get_topic_split_link', $retval, $r );
Note: See TracChangeset for help on using the changeset viewer.