[buddypress-trac] [BuddyPress Trac] #9151: HTML tags are shown instead of being rendered within dismissible messages - Edit Group (bp-groups) screen/page.
buddypress-trac
noreply at wordpress.org
Wed May 8 15:59:09 UTC 2024
#9151: HTML tags are shown instead of being rendered within dismissible messages -
Edit Group (bp-groups) screen/page.
-------------------------+-------------------------------------------------
Reporter: emaralive | Owner: (none)
Type: defect | Status: new
(bug) |
Priority: normal | Milestone: 12.5.0
Component: | Version: 12.4.1
Administration | Keywords: has-screenshots needs-patch dev-
Severity: normal | feedback
-------------------------+-------------------------------------------------
==== !WordPress
**version**: 6.6-alpha-58113
==== Parent Theme
**name**: Twenty Eleven (twentyeleven)
**version**: 4.6
==== !BuddyPress
**version**: 12.4.1
**active_components**: Community Members, Extended Profiles, Account
Settings, Friend Connections, Private Messaging, Activity Streams,
Notifications, User Groups, Site Tracking
**template_packs**: !BuddyPress Nouveau & !BuddyPress Legacy
**url_parser**: BP Rewrites API
==== PHP
version: 7.4.33
----
When on **site.url/wp-admin/admin.php?page=bp-
groups&gid=<id>&action=edit**, enter either a valid or a non-existent user
into the **Add New Member** textbox and submit the entry. The 1st
screenshot represents the case of a non-existent user. The issue is that
the **<em>** tag pair are showing instead of being rendered (see
**screenshot** screenshot-win10-me-2024.05.07-15_13_34.png). The **<em>**
tag is used by 4 different status messages found in the file **{{{bp-
groups-admin.php}}}**:
Note:: Master branch is used to represent which lines use the **<em>**
tags and the line with the issue.
* [https://github.com/buddypress/buddypress/blob/master/src/bp-groups/bp-
groups-admin.php#L613 Line 613]
* [https://github.com/buddypress/buddypress/blob/master/src/bp-groups/bp-
groups-admin.php#L618 Line 618]
* [https://github.com/buddypress/buddypress/blob/master/src/bp-groups/bp-
groups-admin.php#L624 Line 624]
* [https://github.com/buddypress/buddypress/blob/master/src/bp-groups/bp-
groups-admin.php#L630 Line 638]
`The issue arises because the messages are further escaped using the
**{{{esc_html()}}}** function thus, for academic purposes, converts the
"**less than**" (**<**) symbol into the **<** Html entity and the
"**greater than**" (**>**) symbol into the **>** HTML entity, i.e.,
**<em&><user></em>**, which can be found on
**[https://github.com/buddypress/buddypress/blob/master/src/bp-groups/bp-
groups-admin.php#L668 Line 668]**. For instance, an example of the code
fragment from **Line 668**:
{{{
implode( "</p><p>", array_map( 'esc_html', $messages ) )
=> string(79) "The following users could not be added to the group:
<em>apple</em>"
}}}
Changing the **{{{esc_html}}}** to **{{{wp_kses_post}}}** will correct the
issue and allow the HTML to be rendered, for example (also, see
**screenshot** screenshot-win10-me-2024.05.07-15_24_57.png):
{{{
implode( "</p><p>", array_map( 'wp_kses_post', $messages ) )
=> string(67) "The following users could not be added to the group:
<em>apple</em>"
}}}
However, since there are a number of ways to patch this issue, I will
leave it to the discretion of whomever is assigned.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/9151>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list