gresziu Posted April 4, 2014 Share Posted April 4, 2014 (edited) Hello! I'm very new with php, I just have to update some functions in a wordpress site. Having this: $message .= sprintf(__('Your username is %s'), $user_login); I would like to have the user login variable in bold. Have tried many things, as $user_login = '<strong>' . $user_login . '</strong>'; Or embedding the HTML tags inside sprintf function, however everything I tried always print the tags itself. How this could be done? Edited April 4, 2014 by gresziu Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted April 4, 2014 Share Posted April 4, 2014 Try wrapping %s in strong tags instead. $message .= sprintf(__('Your username is <strong>%s</strong>'), $user_login); Quote Link to comment Share on other sites More sharing options...
Psycho Posted April 4, 2014 Share Posted April 4, 2014 It sounds as if that where $message is ultimately output the application may be using htmlentities() or htmlspecialchars(). Those functions are used to ensure content cannot be interpreted as HTML code. The reason is a user could potentially enter content into a forum post, for example, that would be interpreted as HTML. So, a user could do something potentially benign such as wrapping their name in bold tags. Or worse, they could put in HTML code that totally screws up the site layout. Or worst, they could put in JavaScript code creating a Cross site scripting vulnerability. You should never trust any data that was entered by a user. It should always be escaped/cleansed based upon the context of how it is being used (Using in a DB query, outputting to HTML page, etc.). So, my guess is that Wordpress is automatically doing this where $message is used. If so, you would have to find where $message is actually output to the page and change the code to not escape the content. However, that would create a potential problem if a user entered HTML code into their username. So, you would need to implement one of those functions on the original value of $user_login where you are defining $message Quote Link to comment Share on other sites More sharing options...
gresziu Posted April 4, 2014 Author Share Posted April 4, 2014 Thanks both for your answers. But wrapping %s in strong tags didn't do the trick, it prints everything also. The $message string is used as text to send an email wp_mail($user_email, sprintf(__('Your New User Account on %s'), $blogname), $message); Just the admin is allow to create the users, so there isn't risk to have dangerous code as username. Quote Link to comment Share on other sites More sharing options...
Solution Psycho Posted April 4, 2014 Solution Share Posted April 4, 2014 If this is being sent as an email, then you need to format the email as HTML - otherwise it will be sent in plain text format and HTML code will be displayed instead of parsed as code. Quote Link to comment Share on other sites More sharing options...
gresziu Posted April 10, 2014 Author Share Posted April 10, 2014 Thanks! I'll try do that and I'll come back with the code. Quote Link to comment Share on other sites More sharing options...
gresziu Posted April 10, 2014 Author Share Posted April 10, 2014 What I was missing is add the headers to the mail function. $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; wp_mail($user_email, sprintf(__('Your New User Account on %s'), $blogname), $message, $headers); Thanks for the guidance! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.