/**
* xprofile_sanitize_data_value_before_save ( $field_value, $field_id )
*
* Safely runs profile field data through kses and force_balance_tags.
*
* @param string $field_value
* @param int $field_id
* @param bool $reserialize Whether to reserialize arrays before returning. Defaults to true
* @return string
*/
function xprofile_sanitize_data_value_before_save($field_value, $field_id, $reserialize = true)
{
// Return if empty
if (empty($field_value)) {
return;
}
// Value might be serialized
$field_value = maybe_unserialize($field_value);
// Filter single value
if (!is_array($field_value)) {
$kses_field_value = xprofile_filter_kses($field_value);
$filtered_field_value = nxt_rel_nofollow(force_balance_tags($kses_field_value));
$filtered_field_value = apply_filters('xprofile_filtered_data_value_before_save', $filtered_field_value, $field_value);
// Filter each array item independently
} else {
$filtered_values = array();
foreach ((array) $field_value as $value) {
$kses_field_value = xprofile_filter_kses($value);
$filtered_value = nxt_rel_nofollow(force_balance_tags($kses_field_value));
$filtered_values[] = apply_filters('xprofile_filtered_data_value_before_save', $filtered_value, $value);
}
if ($reserialize) {
$filtered_field_value = serialize($filtered_values);
} else {
$filtered_field_value = $filtered_values;
}
}
return $filtered_field_value;
}
/**
* Escape field value for display.
*
* Most field values are simply run through esc_html(). Those that support rich text (by default, `textarea` only)
* are sanitized using kses, which allows a whitelist of HTML tags.
*
* @since 2.4.0
*
* @param string $value Field value.
* @param string $field_type Field type.
* @param int $field_id Field ID.
* @return string
*/
function bp_xprofile_escape_field_data($value, $field_type, $field_id)
{
if (bp_xprofile_is_richtext_enabled_for_field($field_id)) {
// The xprofile_filter_kses() expects a BP_XProfile_ProfileData object.
$data_obj = null;
if (bp_is_user()) {
$data_obj = new BP_XProfile_ProfileData($field_id, bp_displayed_user_id());
}
$value = xprofile_filter_kses($value, $data_obj);
} else {
$value = esc_html($value);
}
return $value;
}
/**
* Safely runs profile field data through kses and force_balance_tags.
*
* @param string $field_value
* @param int $field_id
* @param bool $reserialize Whether to reserialize arrays before returning. Defaults to true
* @param object $data_obj The BP_XProfile_ProfileData object
* @return string
*/
function xprofile_sanitize_data_value_before_save($field_value, $field_id = 0, $reserialize = true, $data_obj = null)
{
// Return if empty
if (empty($field_value)) {
return $field_value;
}
// Value might be serialized
$field_value = maybe_unserialize($field_value);
// Filter single value
if (!is_array($field_value)) {
$kses_field_value = xprofile_filter_kses($field_value, $data_obj);
$filtered_field_value = wp_rel_nofollow(force_balance_tags($kses_field_value));
/**
* Filters the kses-filtered data before saving to database.
*
* @since 1.5.0
*
* @param string $filtered_field_value The filtered value.
* @param string $field_value The original value before filtering.
* @param BP_XProfile_ProfileData $data_obj The BP_XProfile_ProfileData object.
*/
$filtered_field_value = apply_filters('xprofile_filtered_data_value_before_save', $filtered_field_value, $field_value, $data_obj);
// Filter each array item independently
} else {
$filtered_values = array();
foreach ((array) $field_value as $value) {
$kses_field_value = xprofile_filter_kses($value, $data_obj);
$filtered_value = wp_rel_nofollow(force_balance_tags($kses_field_value));
/** This filter is documented in bp-xprofile/bp-xprofile-filters.php */
$filtered_values[] = apply_filters('xprofile_filtered_data_value_before_save', $filtered_value, $value, $data_obj);
}
if (!empty($reserialize)) {
$filtered_field_value = serialize($filtered_values);
} else {
$filtered_field_value = $filtered_values;
}
}
return $filtered_field_value;
}
