[buddypress-trac] [BuddyPress Trac] #5971: Usage of wp_filter_kses is inconsistent for XProfile fields

buddypress-trac noreply at wordpress.org
Wed Oct 29 11:53:17 UTC 2014

#5971: Usage of wp_filter_kses is inconsistent for XProfile fields
 Reporter:  thomaslhotta  |      Owner:
     Type:  enhancement   |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  XProfile      |    Version:  2.1
 Severity:  normal        |   Keywords:
 In bp-xprofile-admin.php on line 246 {{{ wp_filter_kses }}} is applied to
 the field description before saving. This is redundant as the
 {{{xprofile_field_description_before_save}}} filter already has {{{
 wp_filter_kses }}} attached. The same goes for the field name.

 On the other hand {{{fieldtype}}} and {{{required}}} are ksesed in bp-
 xprofile-admin.php but do not have {{{ wp_filter_kses }}} attached as a

 Wouldn't it be better from an encapsulation perspective to do all the
 input sanitizing in the {{{save}}} function of the {{{BP_XProfile_Field}}}

 Additionally this makes it just a little bit harder to use the
 {{{wp_kses_allowed_html}}} filter to allow more html in the description as
 one has to watch for 2 contexts.

Ticket URL: <https://buddypress.trac.wordpress.org/ticket/5971>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac

More information about the buddypress-trac mailing list