[buddypress-trac] [BuddyPress Trac] #6990: Escape HTML in RSS Feeds
buddypress-trac
noreply at wordpress.org
Thu Mar 31 21:15:19 UTC 2016
#6990: Escape HTML in RSS Feeds
----------------------------------+-----------------------------
Reporter: danbrellis | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Component - Activity | Version: 2.5.0
Severity: normal | Keywords:
----------------------------------+-----------------------------
In my theme I have a filter that appends a query string (via
append_query_string()) to an activity's primary_link that is stored in the
database. As a result, when I visit www.example.org/groups/mygroup/feed, I
get an error:
{{{
error on line X at column X: EntityRef: expecting ';'
}}}
After some digging, this is caused as a result of the query string in the
<link> element that has unescaped ampersands. I've found that applying
this to my functions.php file fixes the problem.
{{{#!php
<?php
add_filter('bp_get_activity_thread_permalink',
'my_theme_bp_get_activity_thread_permalink');
function my_theme_bp_get_activity_thread_permalink($link){
return esc_url($link);
}
}}}
What I'm wondering is if esc_url() should be applied to
bp_get_activity_thread_permalink() or where the <link> is output in the
BP_Activity_Feed class or if it's just me.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6990>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list