[buddypress-trac] [BuddyPress Trac] #7074: Templates should utilize esc_attr when setting a link title attribute to bp_group_name
buddypress-trac
noreply at wordpress.org
Wed May 18 21:29:30 UTC 2016
#7074: Templates should utilize esc_attr when setting a link title attribute to
bp_group_name
--------------------------------+-----------------------------
Reporter: garrett-eclipse | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Component - Groups | Version: 2.5.0
Severity: normal | Keywords:
--------------------------------+-----------------------------
Hello,
I noticed in group-header.php and I'm sure it's in several other places,
that the bp_group_name is being applied to the title attribute of a link
without any handling, should employ esc_attr.
https://github.com/buddypress/BuddyPress/blob/master/src/bp-templates/bp-
legacy/buddypress/groups/single/group-header.php#L61
{{{
<a href="<?php bp_group_permalink(); ?>" title="<?php bp_group_name();
?>">
}}}
Should be pushed through esc_attr either in the template by using
bp_get_group_name instead or by creating a new bp_group_name_attr
function.
Thanks
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7074>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list