[buddypress-trac] [BuddyPress] #4058: Updating bp_latest_update uses wp_filter_kses hard coded
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Thu Mar 1 12:20:12 UTC 2012
#4058: Updating bp_latest_update uses wp_filter_kses hard coded
-------------------------+--------------------------------------
Reporter: wpdennis | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Activity | Version: 1.5.4
Severity: normal | Keywords: 2nd-opinion dev-feedback
-------------------------+--------------------------------------
BuddyPress has the option to deactivate kses in activities by filtering
the content before it gets saved into the database. For example:
{{{
remove_filter('bp_activity_content_before_save',
'bp_activity_filter_kses', 1);
add_filter('bp_activity_content_before_save', function($content) {return
esc_html($content);}, 1);
}}}
That way I can disable html and use something like bbcode.
BUT during updating "bp_latest_update" in table `wp_usermeta` kses is
hardcoded and results in an unexpected "last update". That's inconsistent
and maybe unnecessary. Please see:
'''bp-activity-functions.php''' => '''bp_activity_post_update()'''
http://buddypress.trac.wordpress.org/browser/tags/1.5.4/bp-activity/bp-
activity-functions.php#L854
{{{
bp_update_user_meta( $bp->loggedin_user->id, 'bp_latest_update', array(
'id' => $activity_id, 'content' => wp_filter_kses( $content ) ) );
}}}
Wouldn't it be better to apply all filters from
"bp_activity_content_before_save" on $content in line 873:
{{{
$activity_content = apply_filters('bp_activity_content_before_save',
$content);
}}}
And remove the hard coded call to "wp_filter_kses" in line 854?
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/4058>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list