[buddypress-trac] [BuddyPress Trac] #6106: Xprofile admin groups desc not stripping slashes
buddypress-trac
noreply at wordpress.org
Sun Jan 11 11:42:28 UTC 2015
#6106: Xprofile admin groups desc not stripping slashes
--------------------------+-----------------------
Reporter: hnla | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.2
Component: XProfile | Version:
Severity: minor | Keywords: has-patch
--------------------------+-----------------------
In the group description on an xprofile admin edit screen we are not
handling escapes, rendering back \'s etc
Patch wraps $group->description in stripslashes() before we esc_attr() it
(not sure esc_attr is correct here? rather than esc_html if we are pushing
out to an html element rather than to a html attr? )
Also to note in checking the field description for same issue, they are
handled differently in echoing a function `bp_the_profile_field_name`
which is handling the stripping elsewhere so we have a slight variance in
approaches here!
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6106>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list