Skip to:
Content

bbPress.org

Changeset 7260


Ignore:
Timestamp:
06/23/2024 09:36:26 PM (20 months ago)
Author:
johnjamesjacoby
Message:

Templates: correct escaping on allowed HTML Tags form template parts.

This change introduces a new template-part file: form-allowed-tags.php and uses it inside of the Forum, Topic, and Reply form template-parts.

Additionally, the output is now properly escaped, which prevents unintentional escaping of the <attr> tag inside of the string.

Fixes #3492.

Props naxoc.

In branches/2.6, for 2.6.10.

Location:
branches/2.6/src/templates/default/bbpress
Files:
1 added
3 edited

Legend:

Unmodified
Added
Removed

  • branches/2.6/src/templates/default/bbpress/form-forum.php

    r6806 r7260  
    8585                    <?php do_action( 'bbp_theme_after_forum_form_content' ); ?>
    8686
    87                     <?php if ( ! ( bbp_use_wp_editor() || current_user_can( 'unfiltered_html' ) ) ) : ?>
    88 
    89                         <p class="form-allowed-tags">
    90                             <label><?php esc_html_e( 'You may use these <abbr title="HyperText Markup Language">HTML</abbr> tags and attributes:','bbpress' ); ?></label><br />
    91                             <code><?php bbp_allowed_tags(); ?></code>
    92                         </p>
    93 
    94                     <?php endif; ?>
     87                    <?php bbp_get_template_part( 'form', 'allowed-tags' ); ?>
    9588
    9689                    <?php if ( bbp_allow_forum_mods() && current_user_can( 'assign_moderators' ) ) : ?>

  • branches/2.6/src/templates/default/bbpress/form-reply.php

    r6806 r7260  
    7474                    <?php do_action( 'bbp_theme_after_reply_form_content' ); ?>
    7575
    76                     <?php if ( ! ( bbp_use_wp_editor() || current_user_can( 'unfiltered_html' ) ) ) : ?>
    77 
    78                         <p class="form-allowed-tags">
    79                             <label><?php esc_html_e( 'You may use these <abbr title="HyperText Markup Language">HTML</abbr> tags and attributes:','bbpress' ); ?></label><br />
    80                             <code><?php bbp_allowed_tags(); ?></code>
    81                         </p>
    82 
    83                     <?php endif; ?>
     76                    <?php bbp_get_template_part( 'form', 'allowed-tags' ); ?>
    8477
    8578                    <?php if ( bbp_allow_topic_tags() && current_user_can( 'assign_topic_tags', bbp_get_topic_id() ) ) : ?>

  • branches/2.6/src/templates/default/bbpress/form-topic.php

    r6806 r7260  
    9595                    <?php do_action( 'bbp_theme_after_topic_form_content' ); ?>
    9696
    97                     <?php if ( ! ( bbp_use_wp_editor() || current_user_can( 'unfiltered_html' ) ) ) : ?>
    98 
    99                         <p class="form-allowed-tags">
    100                             <label><?php printf( esc_html__( 'You may use these %s tags and attributes:', 'bbpress' ), '<abbr title="HyperText Markup Language">HTML</abbr>' ); ?></label><br />
    101                             <code><?php bbp_allowed_tags(); ?></code>
    102                         </p>
    103 
    104                     <?php endif; ?>
     97                    <?php bbp_get_template_part( 'form', 'allowed-tags' ); ?>
    10598
    10699                    <?php if ( bbp_allow_topic_tags() && current_user_can( 'assign_topic_tags', bbp_get_topic_id() ) ) : ?>
Note: See TracChangeset for help on using the changeset viewer.