[buddypress-trac] [BuddyPress Trac] #7656: Update `bp_new_group_invite_friend_list` for new $args to support full list markup
buddypress-trac
noreply at wordpress.org
Wed Jan 17 10:24:26 UTC 2018
#7656: Update `bp_new_group_invite_friend_list` for new $args to support full list
markup
-------------------------+------------------
Reporter: hnla | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 3.0
Component: Groups | Version:
Severity: normal | Resolution:
Keywords: has-patch |
-------------------------+------------------
Comment (by hnla):
1. Will patch to.
2. looked at kses but not sure it's appropriate here? In only accepting a
plain string isn't kses and it's element array overkill, I'm not sure how
we use it in this specific context ( we do utilise wp_kses elsewhere in BP
core iirc though).
Am in favour though of preventing daft strings being passed in and
rendered e.g 'dib', 'uk' so maybe a simpler approach, create our own array
of allowed strings and then do a basic in_array check whilst retaining the
esc_html... maybe:
{{{
$allowed_elements = array('ul', 'div', 'p');
if ( ! empty( $r['after_list'] ) && in_array( $r['after_list'],
$allowed_elements ) ) {
}}}
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7656#comment:2>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list