<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" /><style type="text/css"><!--
#msg dl { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fc0 solid; padding: 6px; }
#msg ul, pre { overflow: auto; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<title>[BuddyPress] [3252] trunk/bp-xprofile/bp-xprofile-filters.php: Fixes #2603
(trunk)</title>
</head>
<body>
<div id="msg">
<dl>
<dt>Revision</dt> <dd>3252</dd>
<dt>Author</dt> <dd>johnjamesjacoby</dd>
<dt>Date</dt> <dd>2010-09-10 23:57:02 +0000 (Fri, 10 Sep 2010)</dd>
</dl>
<h3>Log Message</h3>
<pre>Fixes #2603 (trunk)</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkbpxprofilebpxprofilefiltersphp">trunk/bp-xprofile/bp-xprofile-filters.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkbpxprofilebpxprofilefiltersphp"></a>
<div class="modfile"><h4>Modified: trunk/bp-xprofile/bp-xprofile-filters.php (3251 => 3252)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/bp-xprofile/bp-xprofile-filters.php 2010-09-10 23:54:27 UTC (rev 3251)
+++ trunk/bp-xprofile/bp-xprofile-filters.php 2010-09-10 23:57:02 UTC (rev 3252)
</span><span class="lines">@@ -1,46 +1,73 @@
</span><span class="cx"> <?php
</span><span class="cx">
</span><span class="cx"> /* Apply WordPress defined filters */
</span><del>-add_filter( 'bp_get_the_profile_field_value', 'wp_filter_kses', 1 );
-add_filter( 'bp_get_the_profile_field_name', 'wp_filter_kses', 1 );
</del><span class="cx">
</span><del>-add_filter( 'bp_get_the_site_member_profile_data', 'wp_filter_kses', 1 );
-add_filter( 'xprofile_get_field_data', 'wp_filter_kses', 1 );
-add_filter( 'xprofile_field_name_before_save', 'wp_filter_kses', 1 );
</del><ins>+add_filter( 'bp_get_the_profile_field_value', 'wp_filter_kses', 1 );
+add_filter( 'bp_get_the_profile_field_name', 'wp_filter_kses', 1 );
+add_filter( 'bp_get_the_profile_field_edit_value', 'wp_filter_kses', 1 );
+add_filter( 'bp_get_the_profile_field_description', 'wp_filter_kses', 1 );
+
+add_filter( 'bp_get_the_profile_field_value', 'wptexturize' );
+add_filter( 'bp_get_the_profile_field_value', 'convert_smilies', 2 );
+add_filter( 'bp_get_the_profile_field_value', 'convert_chars' );
+add_filter( 'bp_get_the_profile_field_value', 'wpautop' );
+add_filter( 'bp_get_the_profile_field_value', 'make_clickable' );
+add_filter( 'bp_get_the_profile_field_value', 'force_balance_tags' );
+
+add_filter( 'bp_get_the_profile_field_value', 'stripslashes' );
+add_filter( 'bp_get_the_profile_field_edit_value', 'stripslashes' );
+add_filter( 'bp_get_the_profile_field_name', 'stripslashes' );
+add_filter( 'bp_get_the_profile_field_description', 'stripslashes' );
+
+add_filter( 'xprofile_get_field_data', 'wp_filter_kses', 1 );
+add_filter( 'xprofile_field_name_before_save', 'wp_filter_kses', 1 );
</ins><span class="cx"> add_filter( 'xprofile_field_description_before_save', 'wp_filter_kses', 1 );
</span><span class="cx">
</span><del>-add_filter( 'bp_get_the_profile_field_edit_value', 'wp_filter_kses', 1 );
-add_filter( 'bp_get_the_profile_field_description', 'wp_filter_kses', 1 );
-
-add_filter( 'xprofile_field_name_before_save', 'force_balance_tags' );
</del><ins>+add_filter( 'xprofile_get_field_data', 'force_balance_tags' );
+add_filter( 'xprofile_field_name_before_save', 'force_balance_tags' );
</ins><span class="cx"> add_filter( 'xprofile_field_description_before_save', 'force_balance_tags' );
</span><span class="cx">
</span><del>-add_filter( 'bp_get_the_profile_field_value', 'wptexturize' );
-add_filter( 'bp_get_the_profile_field_value', 'convert_smilies', 2 );
-add_filter( 'bp_get_the_profile_field_value', 'convert_chars' );
-add_filter( 'bp_get_the_profile_field_value', 'wpautop' );
-add_filter( 'bp_get_the_profile_field_value', 'make_clickable' );
-add_filter( 'bp_get_the_profile_field_value', 'force_balance_tags' );
</del><ins>+add_filter( 'xprofile_get_field_data', 'stripslashes' );
</ins><span class="cx">
</span><del>-add_filter( 'bp_get_the_site_member_profile_data', 'wptexturize' );
-add_filter( 'bp_get_the_site_member_profile_data', 'convert_smilies', 2 );
-add_filter( 'bp_get_the_site_member_profile_data', 'convert_chars' );
-add_filter( 'bp_get_the_site_member_profile_data', 'make_clickable' );
-add_filter( 'bp_get_the_site_member_profile_data', 'force_balance_tags' );
</del><ins>+/* Custom BuddyPress filters */
</ins><span class="cx">
</span><del>-add_filter( 'bp_get_the_profile_field_value', 'xprofile_filter_format_field_value', 1, 2 );
-add_filter( 'bp_get_the_site_member_profile_data', 'xprofile_filter_format_field_value', 1, 2 );
-add_filter( 'bp_get_the_profile_field_value', 'xprofile_filter_link_profile_data', 50, 2 );
</del><ins>+add_filter( 'bp_get_the_profile_field_value', 'xprofile_filter_format_field_value', 1, 2 );
+add_filter( 'bp_get_the_site_member_profile_data', 'xprofile_filter_format_field_value', 1, 2 );
+add_filter( 'bp_get_the_profile_field_value', 'xprofile_filter_link_profile_data', 50, 2 );
</ins><span class="cx">
</span><del>-add_filter( 'bp_get_the_profile_field_edit_value', 'stripslashes' );
-add_filter( 'bp_get_the_profile_field_value', 'stripslashes' );
-add_filter( 'bp_get_the_profile_field_name', 'stripslashes' );
-add_filter( 'xprofile_get_field_data', 'stripslashes' );
-add_filter( 'bp_get_the_profile_field_description', 'stripslashes' );
-add_filter( 'bp_get_the_site_member_profile_data', 'stripslashes' );
</del><ins>+add_filter( 'xprofile_data_value_before_save', 'xprofile_sanitize_data_value_before_save', 1, 2 );
</ins><span class="cx">
</span><del>-/* Custom BuddyPress filters */
</del><ins>+/**
+ * xprofile_sanitize_data_value_before_save ( $field_value, $field_id )
+ *
+ * Safely runs profile field data through kses and force_balance_tags.
+ *
+ * @param string $field_value
+ * @param int $field_id
+ * @return string
+ */
+function xprofile_sanitize_data_value_before_save ( $field_value, $field_id ) {
</ins><span class="cx">
</span><ins>+ // Return if empty
+ if ( empty( $field_value ) )
+ return;
+
+ // Filter single value
+ if ( !is_array( $field_value ) ) {
+ $kses_field_value = wp_filter_kses( $field_value );
+ $filtered_field_value = force_balance_tags( $kses_field_value );
+
+ // Filter each array item independently
+ } else {
+ foreach ( (array)$field_value as $value ) {
+ $kses_field_value = wp_filter_kses( $value );
+ $filtered_field_value[] = force_balance_tags( $kses_field_value );
+ }
+ }
+
+ return $filtered_field_value;
+}
+
</ins><span class="cx"> function xprofile_filter_format_field_value( $field_value, $field_type = '' ) {
</span><span class="cx"> if ( !isset( $field_value ) || empty( $field_value ) )
</span><span class="cx"> return false;
</span><span class="lines">@@ -50,12 +77,10 @@
</span><span class="cx"> else
</span><span class="cx"> $field_value = str_replace(']]>', ']]&gt;', $field_value );
</span><span class="cx">
</span><del>- return stripslashes( stripslashes( $field_value ) );
</del><ins>+ return stripslashes( $field_value );
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> function xprofile_filter_link_profile_data( $field_value, $field_type = 'textbox' ) {
</span><del>- global $bp;
-
</del><span class="cx"> if ( 'datebox' == $field_type )
</span><span class="cx"> return $field_value;
</span><span class="cx">
</span><span class="lines">@@ -65,17 +90,18 @@
</span><span class="cx"> $values = explode( ',', $field_value );
</span><span class="cx">
</span><span class="cx"> if ( $values ) {
</span><del>- foreach ( (array) $values as $value ) {
</del><ins>+ foreach ( (array)$values as $value ) {
</ins><span class="cx"> $value = trim( $value );
</span><span class="cx">
</span><del>- /* If the value is a URL, skip it and just make it clickable. */
</del><ins>+ // If the value is a URL, skip it and just make it clickable.
</ins><span class="cx"> if ( preg_match( '@(https?://([-\w\.]+)+(:\d+)?(/([\w/_\.]*(\?\S+)?)?)?)@', $value ) ) {
</span><span class="cx"> $new_values[] = make_clickable( $value );
</span><span class="cx"> } else {
</span><del>- if ( count( explode( ' ', $value ) ) > 5 )
</del><ins>+ if ( count( explode( ' ', $value ) ) > 5 ) {
</ins><span class="cx"> $new_values[] = $value;
</span><del>- else
- $new_values[] = '<a href="' . site_url( $bp->members->slug ) . '/?s=' . strip_tags( $value ) . '">' . $value . '</a>';
</del><ins>+ } else {
+ $new_values[] = '<a href="' . site_url( BP_MEMBERS_SLUG ) . '/?s=' . strip_tags( $value ) . '">' . $value . '</a>';
+ }
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -87,8 +113,9 @@
</span><span class="cx">
</span><span class="cx"> function xprofile_filter_comments( $comments, $post_id ) {
</span><span class="cx"> foreach( (array)$comments as $comment ) {
</span><del>- if ( $comment->user_id )
</del><ins>+ if ( $comment->user_id ) {
</ins><span class="cx"> $user_ids[] = $comment->user_id;
</span><ins>+ }
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if ( empty( $user_ids ) )
</span><span class="lines">@@ -102,8 +129,9 @@
</span><span class="cx">
</span><span class="cx"> foreach( (array)$comments as $i => $comment ) {
</span><span class="cx"> if ( !empty( $comment->user_id ) ) {
</span><del>- if ( !empty( $users[$comment->user_id] ) )
</del><ins>+ if ( !empty( $users[$comment->user_id] ) ) {
</ins><span class="cx"> $comments[$i]->comment_author = $users[$comment->user_id];
</span><ins>+ }
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -111,4 +139,4 @@
</span><span class="cx"> }
</span><span class="cx"> add_filter( 'comments_array', 'xprofile_filter_comments', 10, 2 );
</span><span class="cx">
</span><del>-?>
</del><span class="cx">\ No newline at end of file
</span><ins>+?>
</ins></span></pre>
</div>
</div>
</body>
</html>