[buddypress-trac] [BuddyPress Trac] #4646: Deleting profile fields - UX issue

buddypress-trac noreply at wordpress.org
Mon Nov 28 21:27:31 UTC 2016


#4646: Deleting profile fields - UX issue
----------------------------+------------------
 Reporter:  rogercoathup    |       Owner:
     Type:  enhancement     |      Status:  new
 Priority:  normal          |   Milestone:  2.8
Component:  Administration  |     Version:  1.5
 Severity:  normal          |  Resolution:
 Keywords:  needs-patch     |
----------------------------+------------------
Changes (by DJPaul):

 * keywords:  has-patch => needs-patch


Comment:

 Eeep, scary old code! :) Rather than tack a new part on the end, let's
 improve the whole thing. While there isn't an output escaping issue as
 such, the way it has been done already is less than perfect.

 We need to `esc_url` the entire value for the `href` attribute, and use
 either `add_query_arg` or `sprintf` to concatenate the hardcoded URL and
 the variables together. Think also about how to escape the values you're
 concatenating (strings would usually be passed through `urlencode` but it
 looks like these are integers, so you could do a simple cast to make that
 clear).

 I think you'd do this above the HTML part of the function, because trying
 to do all that inline would make the line length really long.

--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/4646#comment:5>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac


More information about the buddypress-trac mailing list