[buddypress-trac] [BuddyPress] #4392: email Profile fields not formatting correctly
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Sun Aug 5 21:21:04 UTC 2012
#4392: email Profile fields not formatting correctly
---------------------------------------+---------------------
Reporter: zkwc | Owner: zkwc
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 1.6
Component: Core | Version: 1.5.7
Severity: normal | Resolution: fixed
Keywords: needs-patch needs-testing |
---------------------------------------+---------------------
Changes (by boonebgorges):
* status: new => closed
* resolution: => fixed
Comment:
(In [6224]) Cleanup of sanitization and formatting of xprofile output
In r6202 and r6204, sanitization was introduced into the xprofile output
functions, to protect against CSRF-style vulnerabilities. However, the
sanitization (esc_html()) was run in such a way that some clickable items,
such as email addresses, were double escaped, resulting in HTML tags being
printed to the screen rather than parsed by the browser.
This changeset reconfigures the sanitization procedure, so that output is
sanitized by esc_html() before being run through the formatting filters
such
as make_clickable() and xprofile_filter_link_profile_data().
Fixes #4392
Props rachelbaker, DJPaul
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/4392#comment:2>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list