/** * xprofile_sanitize_data_value_before_save ( $field_value, $field_id ) * * Safely runs profile field data through kses and force_balance_tags. * * @param string $field_value * @param int $field_id * @param bool $reserialize Whether to reserialize arrays before returning. Defaults to true * @return string */ function xprofile_sanitize_data_value_before_save($field_value, $field_id, $reserialize = true) { // Return if empty if (empty($field_value)) { return; } // Value might be serialized $field_value = maybe_unserialize($field_value); // Filter single value if (!is_array($field_value)) { $kses_field_value = xprofile_filter_kses($field_value); $filtered_field_value = nxt_rel_nofollow(force_balance_tags($kses_field_value)); $filtered_field_value = apply_filters('xprofile_filtered_data_value_before_save', $filtered_field_value, $field_value); // Filter each array item independently } else { $filtered_values = array(); foreach ((array) $field_value as $value) { $kses_field_value = xprofile_filter_kses($value); $filtered_value = nxt_rel_nofollow(force_balance_tags($kses_field_value)); $filtered_values[] = apply_filters('xprofile_filtered_data_value_before_save', $filtered_value, $value); } if ($reserialize) { $filtered_field_value = serialize($filtered_values); } else { $filtered_field_value = $filtered_values; } } return $filtered_field_value; }
/** * Escape field value for display. * * Most field values are simply run through esc_html(). Those that support rich text (by default, `textarea` only) * are sanitized using kses, which allows a whitelist of HTML tags. * * @since 2.4.0 * * @param string $value Field value. * @param string $field_type Field type. * @param int $field_id Field ID. * @return string */ function bp_xprofile_escape_field_data($value, $field_type, $field_id) { if (bp_xprofile_is_richtext_enabled_for_field($field_id)) { // The xprofile_filter_kses() expects a BP_XProfile_ProfileData object. $data_obj = null; if (bp_is_user()) { $data_obj = new BP_XProfile_ProfileData($field_id, bp_displayed_user_id()); } $value = xprofile_filter_kses($value, $data_obj); } else { $value = esc_html($value); } return $value; }
/** * Safely runs profile field data through kses and force_balance_tags. * * @param string $field_value * @param int $field_id * @param bool $reserialize Whether to reserialize arrays before returning. Defaults to true * @param object $data_obj The BP_XProfile_ProfileData object * @return string */ function xprofile_sanitize_data_value_before_save($field_value, $field_id = 0, $reserialize = true, $data_obj = null) { // Return if empty if (empty($field_value)) { return $field_value; } // Value might be serialized $field_value = maybe_unserialize($field_value); // Filter single value if (!is_array($field_value)) { $kses_field_value = xprofile_filter_kses($field_value, $data_obj); $filtered_field_value = wp_rel_nofollow(force_balance_tags($kses_field_value)); /** * Filters the kses-filtered data before saving to database. * * @since 1.5.0 * * @param string $filtered_field_value The filtered value. * @param string $field_value The original value before filtering. * @param BP_XProfile_ProfileData $data_obj The BP_XProfile_ProfileData object. */ $filtered_field_value = apply_filters('xprofile_filtered_data_value_before_save', $filtered_field_value, $field_value, $data_obj); // Filter each array item independently } else { $filtered_values = array(); foreach ((array) $field_value as $value) { $kses_field_value = xprofile_filter_kses($value, $data_obj); $filtered_value = wp_rel_nofollow(force_balance_tags($kses_field_value)); /** This filter is documented in bp-xprofile/bp-xprofile-filters.php */ $filtered_values[] = apply_filters('xprofile_filtered_data_value_before_save', $filtered_value, $value, $data_obj); } if (!empty($reserialize)) { $filtered_field_value = serialize($filtered_values); } else { $filtered_field_value = $filtered_values; } } return $filtered_field_value; }