[buddypress-trac] [BuddyPress Trac] #9221: [BP Legacy Template pack] A printf function is written incorrectly related to "mentions" count in src/bp-templates/bp-legacy/buddypress/activity/index.php

buddypress-trac noreply at wordpress.org
Tue Jul 30 05:52:21 UTC 2024 

#9221: [BP Legacy Template pack] A printf function is written incorrectly related
to "mentions" count in src/bp-templates/bp-
legacy/buddypress/activity/index.php
----------------------------------------------------+---------------------
 Reporter:  emaralive                               |       Owner:  (none)
     Type:  defect (bug)                            |      Status:  new
 Priority:  normal                                  |   Milestone:  14.1.0
Component:  Templates                               |     Version:  14.0.0
 Severity:  normal                                  |  Resolution:
 Keywords:  has-screenshots dev-feedback has-patch  |
----------------------------------------------------+---------------------

Comment (by emaralive):

 @espellcaste I figured out in order for me to see the failing of the
 original template file, I have to override the template within a child
 theme and the effects of line 164 can be seen for both PHP 7.4.33 and
 8.0.30. IOW, if I don't override the template file, then I see what is
 shown in the 1st screenshot.

 So, now the question is: Why must the template file be overridden to
 trigger the error?

 I added another screenshot, what if you made the "**Mentions**" tab look
 as what is indicated (IOW, drop the word "**new**": Would that be a
 problem?

 Additionally, I believe other improvements could be made, e.g., change
 **{{{printf()}}}** to **{{{sprintf()}}}** and then use
 **{{{esc_html_e()}}}** as the outer function and in the case where HTML is
 involved use **{{{wp_kses()}}}**as the outer function along with
 **{{{echo}}}**: Would this be a problem? I ask because it seems as though
 the escaping process isn't effective as written; meaning have another look
 at the entire file to make sure we are escaping properly.

 BTW, I tested your patch and it does not trigger an error.

-- 
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/9221#comment:3>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac

More information about the buddypress-trac mailing list