mirror of
https://gh.wpcy.net/https://github.com/buddypress/buddypress.git
synced 2026-05-31 05:04:29 +08:00
db016930a1
In r6202 and r6204, sanitization was introduced into the xprofile output functions, to protect against CSRF-style vulnerabilities. However, the sanitization (esc_html()) was run in such a way that some clickable items, such as email addresses, were double escaped, resulting in HTML tags being printed to the screen rather than parsed by the browser. This changeset reconfigures the sanitization procedure, so that output is sanitized by esc_html() before being run through the formatting filters such as make_clickable() and xprofile_filter_link_profile_data(). Fixes #4392 Props rachelbaker, DJPaul git-svn-id: https://buddypress.svn.wordpress.org/trunk@6224 cdf35c40-ae34-48e0-9cc9-0c9da1808c22 |
||
|---|---|---|
| .. | ||
| admin | ||
| bp-xprofile-actions.php | ||
| bp-xprofile-activity.php | ||
| bp-xprofile-admin.php | ||
| bp-xprofile-buddybar.php | ||
| bp-xprofile-cache.php | ||
| bp-xprofile-caps.php | ||
| bp-xprofile-classes.php | ||
| bp-xprofile-cssjs.php | ||
| bp-xprofile-filters.php | ||
| bp-xprofile-functions.php | ||
| bp-xprofile-loader.php | ||
| bp-xprofile-screens.php | ||
| bp-xprofile-template.php | ||
