Make WordPress Core


Ignore:
Timestamp:
09/14/2009 01:57:48 PM (15 years ago)
Author:
ryan
Message:

Filter fields through kses upon display. Introduce sanitize_user_object() and sanitize_user_field(). see #10751

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/user-edit.php

    r11830 r11929  
    285285<tr>
    286286    <th><label for="description"><?php _e('Biographical Info'); ?></label></th>
    287     <td><textarea name="description" id="description" rows="5" cols="30"><?php echo $profileuser->description ?></textarea><br />
     287    <td><textarea name="description" id="description" rows="5" cols="30"><?php echo esc_html($profileuser->description); ?></textarea><br />
    288288    <span class="description"><?php _e('Share a little biographical information to fill out your profile. This may be shown publicly.'); ?></span></td>
    289289</tr>
     
    312312?>
    313313
    314 <?php if (count($profileuser->caps) > count($profileuser->roles) && apply_filters('additional_capabilities_display', true, $profileuser)): ?>
     314<?php if ( count($profileuser->caps) > count($profileuser->roles) && apply_filters('additional_capabilities_display', true, $profileuser) ) { ?>
    315315<br class="clear" />
    316316    <table width="99%" style="border: none;" cellspacing="2" cellpadding="3" class="editform">
     
    319319            <td><?php
    320320            $output = '';
    321             foreach($profileuser->caps as $cap => $value) {
    322                 if(!$wp_roles->is_role($cap)) {
    323                     if($output != '') $output .= ', ';
     321            foreach ( $profileuser->caps as $cap => $value ) {
     322                if ( !$wp_roles->is_role($cap) ) {
     323                    if ( $output != '' )
     324                        $output .= ', ';
    324325                    $output .= $value ? $cap : "Denied: {$cap}";
    325326                }
     
    329330        </tr>
    330331    </table>
    331 <?php endif; ?>
     332<?php } ?>
    332333
    333334<p class="submit">
Note: See TracChangeset for help on using the changeset viewer.