[buddypress-trac] [BuddyPress Trac] #9079: PHP code is printed to document source in JS templates
buddypress-trac
noreply at wordpress.org
Mon Jan 22 19:04:10 UTC 2024
#9079: PHP code is printed to document source in JS templates
----------------------------+-----------------------------
Reporter: chairmanbrando | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Templates | Version: 12.1.1
Severity: normal | Keywords:
----------------------------+-----------------------------
`bp_get_dynamic_template_part()` uses `file_get_contents()` which means
the PHP code in these templates isn't processed by the server. `wp_kses()`
would strip it, but it's not run when the `$type` parameter in this
function is set to `"js"`. The entirety of the file's contents is output
including the PHP comment at the top. This seems to affect three
blocks/widgets:
- bp-friends/bp-friends-blocks.php
- bp-groups/bp-groups-blocks.php
- bp-members/bp-members-blocks.php
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/9079>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list