Skip to:
Content

bbPress.org


Ignore:
Timestamp:
05/01/2019 07:22:42 PM (5 years ago)
Author:
johnjamesjacoby
Message:

Subscriptions: ensure special characters in author names are encoded properly.

This commit copies the approach used on the content, and applies wp_specialchars_decode() and strip_tags() to author names in subscription emails.

(HTML tags are not usually allowed in usernames, but we strip them anyways in the event a filter allowed them. Better to keep emails legible than include unintended tags?)

Fixes #3256.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/includes/common/functions.php

    r6898 r6904  
    10911091
    10921092    // Strip tags from text and setup mail data
    1093     $blog_name     = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
    1094     $topic_title   = wp_specialchars_decode( strip_tags( bbp_get_topic_title( $topic_id ) ), ENT_QUOTES );
    1095     $reply_content = wp_specialchars_decode( strip_tags( bbp_get_reply_content( $reply_id ) ), ENT_QUOTES );
    1096     $reply_url     = bbp_get_reply_url( $reply_id );
     1093    $blog_name         = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
     1094    $topic_title       = wp_specialchars_decode( strip_tags( bbp_get_topic_title( $topic_id ) ), ENT_QUOTES );
     1095    $reply_author_name = wp_specialchars_decode( strip_tags( $reply_author_name ), ENT_QUOTES );
     1096    $reply_content     = wp_specialchars_decode( strip_tags( bbp_get_reply_content( $reply_id ) ), ENT_QUOTES );
     1097    $reply_url         = bbp_get_reply_url( $reply_id );
    10971098
    10981099    // For plugins to filter messages per reply/topic/user
     
    12521253
    12531254    // Strip tags from text and setup mail data
    1254     $blog_name     = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
    1255     $topic_title   = wp_specialchars_decode( strip_tags( bbp_get_topic_title( $topic_id ) ), ENT_QUOTES );
    1256     $topic_content = wp_specialchars_decode( strip_tags( bbp_get_topic_content( $topic_id ) ), ENT_QUOTES );
    1257     $topic_url     = get_permalink( $topic_id );
     1255    $blog_name         = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
     1256    $topic_title       = wp_specialchars_decode( strip_tags( bbp_get_topic_title( $topic_id ) ), ENT_QUOTES );
     1257    $topic_author_name = wp_specialchars_decode( strip_tags( $topic_author_name ), ENT_QUOTES );
     1258    $topic_content     = wp_specialchars_decode( strip_tags( bbp_get_topic_content( $topic_id ) ), ENT_QUOTES );
     1259    $topic_url         = get_permalink( $topic_id );
    12581260
    12591261    // For plugins to filter messages per reply/topic/user
Note: See TracChangeset for help on using the changeset viewer.