<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" /><style type="text/css"><!--
#msg dl { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fc0 solid; padding: 6px; }
#msg ul, pre { overflow: auto; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<title>[BuddyPress] [2288] trunk: Fixing escaped allowed HTML in forum posts.</title>
</head>
<body>
<div id="msg">
<dl>
<dt>Revision</dt> <dd>2288</dd>
<dt>Author</dt> <dd>apeatling</dd>
<dt>Date</dt> <dd>2010-01-10 21:55:51 +0000 (Sun, 10 Jan 2010)</dd>
</dl>
<h3>Log Message</h3>
<pre>Fixing escaped allowed HTML in forum posts. Adding mention filters to blog comments and forum posts.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkbpactivitybpactivityfiltersphp">trunk/bp-activity/bp-activity-filters.php</a></li>
<li><a href="#trunkbpactivitybpactivitytemplatetagsphp">trunk/bp-activity/bp-activity-templatetags.php</a></li>
<li><a href="#trunkbpforumsbpforumsfiltersphp">trunk/bp-forums/bp-forums-filters.php</a></li>
<li><a href="#trunkbpforumsphp">trunk/bp-forums.php</a></li>
<li><a href="#trunkbpgroupsphp">trunk/bp-groups.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkbpactivitybpactivityfiltersphp"></a>
<div class="modfile"><h4>Modified: trunk/bp-activity/bp-activity-filters.php (2287 => 2288)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/bp-activity/bp-activity-filters.php 2010-01-10 20:42:42 UTC (rev 2287)
+++ trunk/bp-activity/bp-activity-filters.php 2010-01-10 21:55:51 UTC (rev 2288)
</span><span class="lines">@@ -58,7 +58,9 @@
</span><span class="cx"> $activity_allowedtags['img']['height'] = array();
</span><span class="cx"> $activity_allowedtags['img']['class'] = array();
</span><span class="cx"> $activity_allowedtags['img']['id'] = array();
</span><ins>+ $activity_allowedtags['code'] = array();
</ins><span class="cx">
</span><ins>+ $activity_allowedtags = apply_filters( 'bp_activity_allowed_tags', $activity_allowedtags );
</ins><span class="cx"> return wp_kses( $content, $activity_allowedtags );
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -87,7 +89,8 @@
</span><span class="cx"> }
</span><span class="cx"> add_filter( 'bp_activity_new_update_content', 'bp_activity_at_name_filter' );
</span><span class="cx"> add_filter( 'groups_activity_new_update_content', 'bp_activity_at_name_filter' );
</span><del>-add_filter( 'bp_activity_comment_content', 'bp_activity_at_name_filter' );
-add_filter( 'bp_get_activity_feed_item_description', 'bp_activity_at_name_filter' );
</del><ins>+add_filter( 'pre_comment_content', 'bp_activity_at_name_filter' );
+add_filter( 'group_forum_topic_text_before_save', 'bp_activity_at_name_filter' );
+add_filter( 'group_forum_post_text_before_save', 'bp_activity_at_name_filter' );
</ins><span class="cx">
</span><span class="cx"> ?>
</span><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="trunkbpactivitybpactivitytemplatetagsphp"></a>
<div class="modfile"><h4>Modified: trunk/bp-activity/bp-activity-templatetags.php (2287 => 2288)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/bp-activity/bp-activity-templatetags.php 2010-01-10 20:42:42 UTC (rev 2287)
+++ trunk/bp-activity/bp-activity-templatetags.php 2010-01-10 21:55:51 UTC (rev 2288)
</span><span class="lines">@@ -350,7 +350,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /* Add the permalink */
</span><del>- $meta = ' &middot; <a href="' . bp_activity_get_permalink( $activities_template->activity->id, $activities_template->activity ) . '" class="view" title="' . __( 'View Thread / Permalink', 'buddypress' ) . '">#</a>';
</del><ins>+ $meta = ' &middot; <a href="' . bp_activity_get_permalink( $activities_template->activity->id, $activities_template->activity ) . '" class="view" title="' . __( 'View Thread / Permalink', 'buddypress' ) . '">' . __( 'View', 'buddypress' ) . '</a>';
</ins><span class="cx">
</span><span class="cx"> /* Add the delete link if the user has permission on this item */
</span><span class="cx"> if ( ( $activities_template->activity->user_id == $bp->loggedin_user->id ) || $bp->is_item_admin || is_site_admin() )
</span></span></pre></div>
<a id="trunkbpforumsbpforumsfiltersphp"></a>
<div class="modfile"><h4>Modified: trunk/bp-forums/bp-forums-filters.php (2287 => 2288)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/bp-forums/bp-forums-filters.php 2010-01-10 20:42:42 UTC (rev 2287)
+++ trunk/bp-forums/bp-forums-filters.php 2010-01-10 21:55:51 UTC (rev 2288)
</span><span class="lines">@@ -4,13 +4,10 @@
</span><span class="cx"> add_filter( 'bp_forums_bbconfig_location', 'wp_filter_kses', 1 );
</span><span class="cx"> add_filter( 'bp_forums_bbconfig_location', 'attribute_escape', 1 );
</span><span class="cx">
</span><del>-add_filter( 'bp_get_the_topic_title', 'wp_filter_kses', 1 );
-add_filter( 'bp_get_the_topic_latest_post_excerpt', 'wp_filter_kses', 1 );
-add_filter( 'bp_get_the_topic_post_content', 'wp_filter_kses', 1 );
</del><ins>+add_filter( 'bp_get_the_topic_title', 'bp_forums_filter_kses', 1 );
+add_filter( 'bp_get_the_topic_latest_post_excerpt', 'bp_forums_filter_kses', 1 );
+add_filter( 'bp_get_the_topic_post_content', 'bp_forums_filter_kses', 1 );
</ins><span class="cx">
</span><del>-add_filter( 'bp_get_the_topic_title', 'attribute_escape' );
-add_filter( 'bp_get_the_topic_post_content', 'attribute_escape' );
-
</del><span class="cx"> add_filter( 'bp_get_the_topic_title', 'wptexturize' );
</span><span class="cx"> add_filter( 'bp_get_the_topic_poster_name', 'wptexturize' );
</span><span class="cx"> add_filter( 'bp_get_the_topic_last_poster_name', 'wptexturize' );
</span><span class="lines">@@ -37,13 +34,32 @@
</span><span class="cx"> add_filter( 'bp_get_forum_topic_count_for_user', 'number_format' );
</span><span class="cx"> add_filter( 'bp_get_forum_topic_count', 'number_format' );
</span><span class="cx">
</span><del>-function bp_forums_add_allowed_tags( $allowedtags ) {
- $allowedtags['p'] = array();
- $allowedtags['br'] = array();
</del><ins>+function bp_forums_filter_kses( $content ) {
+ global $allowedtags;
</ins><span class="cx">
</span><del>- return $allowedtags;
</del><ins>+ $forums_allowedtags = $allowedtags;
+ $forums_allowedtags['span'] = array();
+ $forums_allowedtags['span']['class'] = array();
+ $forums_allowedtags['div'] = array();
+ $forums_allowedtags['div']['class'] = array();
+ $forums_allowedtags['div']['id'] = array();
+ $forums_allowedtags['a']['class'] = array();
+ $forums_allowedtags['img'] = array();
+ $forums_allowedtags['br'] = array();
+ $forums_allowedtags['p'] = array();
+ $forums_allowedtags['img']['src'] = array();
+ $forums_allowedtags['img']['alt'] = array();
+ $forums_allowedtags['img']['class'] = array();
+ $forums_allowedtags['img']['width'] = array();
+ $forums_allowedtags['img']['height'] = array();
+ $forums_allowedtags['img']['class'] = array();
+ $forums_allowedtags['img']['id'] = array();
+ $forums_allowedtags['code'] = array();
+ $forums_allowedtags['blockquote'] = array();
+
+ $forums_allowedtags = apply_filters( 'bp_forums_allowed_tags', $forums_allowedtags );
+ return wp_kses( $content, $forums_allowedtags );
</ins><span class="cx"> }
</span><del>-add_filter( 'edit_allowedtags', 'bp_forums_add_allowed_tags' );
</del><span class="cx">
</span><span class="cx"> function bp_forums_filter_tag_link( $link, $tag, $page, $context ) {
</span><span class="cx"> global $bp;
</span></span></pre></div>
<a id="trunkbpforumsphp"></a>
<div class="modfile"><h4>Modified: trunk/bp-forums.php (2287 => 2288)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/bp-forums.php 2010-01-10 20:42:42 UTC (rev 2287)
+++ trunk/bp-forums.php 2010-01-10 21:55:51 UTC (rev 2288)
</span><span class="lines">@@ -194,6 +194,7 @@
</span><span class="cx"> $defaults = array(
</span><span class="cx"> 'topic_title' => '',
</span><span class="cx"> 'topic_slug' => '',
</span><ins>+ 'topic_text' => '',
</ins><span class="cx"> 'topic_poster' => $bp->loggedin_user->id, // accepts ids
</span><span class="cx"> 'topic_poster_name' => $bp->loggedin_user->fullname, // accept names
</span><span class="cx"> 'topic_last_poster' => $bp->loggedin_user->id, // accepts ids
</span><span class="lines">@@ -242,7 +243,7 @@
</span><span class="cx"> return false;
</span><span class="cx">
</span><span class="cx"> /* Update the first post */
</span><del>- if ( !$post = bb_insert_post( array( 'post_id' => $post->post_id, 'topic_id' => $topic_id, 'post_text' => $topic_text, 'post_time' => $post->post_time, 'poster_id' => $post->poster_id, 'poster_ip' => $post->poster_ip, 'post_status' => $post->post_status, 'post_position' => $post->post_position ) ) )
</del><ins>+ if ( !$post = bp_forums_insert_post( array( 'post_id' => $post->post_id, 'topic_id' => $topic_id, 'post_text' => $topic_text, 'post_time' => $post->post_time, 'poster_id' => $post->poster_id, 'poster_ip' => $post->poster_ip, 'post_status' => $post->post_status, 'post_position' => $post->post_position ) ) )
</ins><span class="cx"> return false;
</span><span class="cx">
</span><span class="cx"> return bp_forums_get_topic_details( $topic_id );
</span></span></pre></div>
<a id="trunkbpgroupsphp"></a>
<div class="modfile"><h4>Modified: trunk/bp-groups.php (2287 => 2288)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/bp-groups.php 2010-01-10 20:42:42 UTC (rev 2287)
+++ trunk/bp-groups.php 2010-01-10 21:55:51 UTC (rev 2288)
</span><span class="lines">@@ -2081,11 +2081,14 @@
</span><span class="cx"> if ( empty( $post_text ) )
</span><span class="cx"> return false;
</span><span class="cx">
</span><ins>+ $post_text = apply_filters( 'group_forum_post_text_before_save', $post_text );
+ $topic_id = apply_filters( 'group_forum_post_topic_id_before_save', $topic_id );
+
</ins><span class="cx"> if ( $forum_post = bp_forums_insert_post( array( 'post_text' => $post_text, 'topic_id' => $topic_id ) ) ) {
</span><span class="cx"> $topic = bp_forums_get_topic_details( $topic_id );
</span><span class="cx">
</span><span class="cx"> $activity_content = sprintf( __( '%s posted on the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );
</span><del>- $activity_content .= '<blockquote>' . bp_create_excerpt( attribute_escape( $post_text ) ) . '</blockquote>';
</del><ins>+ $activity_content .= '<blockquote>' . bp_create_excerpt( $post_text ) . '</blockquote>';
</ins><span class="cx">
</span><span class="cx"> /* Record this in activity streams */
</span><span class="cx"> groups_record_activity( array(
</span><span class="lines">@@ -2110,11 +2113,16 @@
</span><span class="cx"> if ( empty( $topic_title ) || empty( $topic_text ) )
</span><span class="cx"> return false;
</span><span class="cx">
</span><ins>+ $topic_title = apply_filters( 'group_forum_topic_title_before_save', $topic_title );
+ $topic_text = apply_filters( 'group_forum_topic_text_before_save', $topic_text );
+ $topic_tags = apply_filters( 'group_forum_topic_tags_before_save', $topic_tags );
+ $forum_id = apply_filters( 'group_forum_topic_forum_id_before_save', $forum_id );
+
</ins><span class="cx"> if ( $topic_id = bp_forums_new_topic( array( 'topic_title' => $topic_title, 'topic_text' => $topic_text, 'topic_tags' => $topic_tags, 'forum_id' => $forum_id ) ) ) {
</span><span class="cx"> $topic = bp_forums_get_topic_details( $topic_id );
</span><span class="cx">
</span><span class="cx"> $activity_content = sprintf( __( '%s started the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $bp->loggedin_user->id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );
</span><del>- $activity_content .= '<blockquote>' . bp_create_excerpt( attribute_escape( $topic_text ) ) . '</blockquote>';
</del><ins>+ $activity_content .= '<blockquote>' . bp_create_excerpt( $topic_text ) . '</blockquote>';
</ins><span class="cx">
</span><span class="cx"> /* Record this in activity streams */
</span><span class="cx"> groups_record_activity( array(
</span><span class="lines">@@ -2136,13 +2144,16 @@
</span><span class="cx"> function groups_update_group_forum_topic( $topic_id, $topic_title, $topic_text ) {
</span><span class="cx"> global $bp;
</span><span class="cx">
</span><ins>+ $topic_title = apply_filters( 'group_forum_topic_title_before_save', $topic_title );
+ $topic_text = apply_filters( 'group_forum_topic_text_before_save', $topic_text );
+
</ins><span class="cx"> if ( $topic = bp_forums_update_topic( array( 'topic_title' => $topic_title, 'topic_text' => $topic_text, 'topic_id' => $topic_id ) ) ) {
</span><span class="cx"> /* Update the activity stream item */
</span><span class="cx"> if ( function_exists( 'bp_activity_delete_by_item_id' ) )
</span><span class="cx"> bp_activity_delete_by_item_id( array( 'item_id' => $bp->groups->current_group->id, 'secondary_item_id' => $topic_id, 'component_name' => $bp->groups->id, 'component_action' => 'new_forum_topic' ) );
</span><span class="cx">
</span><span class="cx"> $activity_content = sprintf( __( '%s started the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $topic->topic_poster ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'/">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );
</span><del>- $activity_content .= '<blockquote>' . bp_create_excerpt( attribute_escape( $topic_text ) ) . '</blockquote>';
</del><ins>+ $activity_content .= '<blockquote>' . bp_create_excerpt( $topic_text ) . '</blockquote>';
</ins><span class="cx">
</span><span class="cx"> /* Record this in activity streams */
</span><span class="cx"> groups_record_activity( array(
</span><span class="lines">@@ -2166,6 +2177,9 @@
</span><span class="cx"> function groups_update_group_forum_post( $post_id, $post_text, $topic_id ) {
</span><span class="cx"> global $bp;
</span><span class="cx">
</span><ins>+ $post_text = apply_filters( 'group_forum_post_text_before_save', $post_text );
+ $topic_id = apply_filters( 'group_forum_post_topic_id_before_save', $topic_id );
+
</ins><span class="cx"> $post = bp_forums_get_post( $post_id );
</span><span class="cx">
</span><span class="cx"> if ( $post_id = bp_forums_insert_post( array( 'post_id' => $post_id, 'post_text' => $post_text, 'post_time' => $post->post_time, 'topic_id' => $topic_id, 'poster_id' => $post->poster_id ) ) ) {
</span><span class="lines">@@ -2176,7 +2190,7 @@
</span><span class="cx"> bp_activity_delete_by_item_id( array( 'item_id' => $bp->groups->current_group->id, 'secondary_item_id' => $post_id, 'component_name' => $bp->groups->id, 'component_action' => 'new_forum_post' ) );
</span><span class="cx">
</span><span class="cx"> $activity_content = sprintf( __( '%s posted on the forum topic %s in the group %s:', 'buddypress'), bp_core_get_userlink( $post->poster_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . 'forum/topic/' . $topic->topic_slug .'">' . attribute_escape( $topic->topic_title ) . '</a>', '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . attribute_escape( $bp->groups->current_group->name ) . '</a>' );
</span><del>- $activity_content .= '<blockquote>' . bp_create_excerpt( attribute_escape( $post_text ) ) . '</blockquote>';
</del><ins>+ $activity_content .= '<blockquote>' . bp_create_excerpt( $post_text ) . '</blockquote>';
</ins><span class="cx">
</span><span class="cx"> /* Record this in activity streams */
</span><span class="cx"> groups_record_activity( array(
</span></span></pre>
</div>
</div>
</body>
</html>