[buddypress-trac] [BuddyPress] #4392: email Profile fields not formatting correctly

buddypress-trac at lists.automattic.com buddypress-trac at lists.automattic.com
Sun Aug 5 21:21:04 UTC 2012

#4392: email Profile fields not formatting correctly
 Reporter:  zkwc                       |       Owner:  zkwc
     Type:  defect (bug)               |      Status:  closed
 Priority:  normal                     |   Milestone:  1.6
Component:  Core                       |     Version:  1.5.7
 Severity:  normal                     |  Resolution:  fixed
 Keywords:  needs-patch needs-testing  |
Changes (by boonebgorges):

 * status:  new => closed
 * resolution:   => fixed


 (In [6224]) Cleanup of sanitization and formatting of xprofile output

 In r6202 and r6204, sanitization was introduced into the xprofile output
 functions, to protect against CSRF-style vulnerabilities. However, the
 sanitization (esc_html()) was run in such a way that some clickable items,
 such as email addresses, were double escaped, resulting in HTML tags being
 printed to the screen rather than parsed by the browser.

 This changeset reconfigures the sanitization procedure, so that output is
 sanitized by esc_html() before being run through the formatting filters
 as make_clickable() and xprofile_filter_link_profile_data().

 Fixes #4392

 Props rachelbaker, DJPaul

Ticket URL: <https://buddypress.trac.wordpress.org/ticket/4392#comment:2>
BuddyPress <http://buddypress.org/>

More information about the buddypress-trac mailing list