Jump to content

Bold text within sprintf function


gresziu
Go to solution Solved by Psycho,

Recommended Posts

Hello!

 

I'm very new with php, I just have to update some functions in a wordpress site.

 

Having this:

$message .= sprintf(__('Your username is %s'), $user_login);

I would like to have the user login variable in bold.

 

Have tried many things, as

$user_login = '<strong>' . $user_login . '</strong>';

Or embedding the HTML tags inside sprintf function, however everything I tried always print the tags itself.

 

 

How this could be done?

Edited by gresziu
Link to comment
Share on other sites

It sounds as if that where $message is ultimately output the application may be using htmlentities() or htmlspecialchars().

 

Those functions are used to ensure content cannot be interpreted as HTML code. The reason is a user could potentially enter content into a forum post, for example, that would be interpreted as HTML. So, a user could do something potentially benign such as wrapping their name in bold tags. Or worse, they could put in HTML code that totally screws up the site layout. Or worst, they could put in JavaScript code creating a Cross site scripting vulnerability. You should never trust any data that was entered by a user. It should always be escaped/cleansed based upon the context of how it is being used (Using in a DB query, outputting to HTML page, etc.).

 

So, my guess is that Wordpress is automatically doing this where $message is used. If so, you would have to find where $message is actually output to the page and change the code to not escape the content. However, that would create a potential problem if a user entered HTML code into their username. So, you would need to implement one of those functions on the original value of $user_login where you are defining $message

Link to comment
Share on other sites

Thanks both for your answers.

But wrapping %s in strong tags didn't do the trick, it prints everything also.

 

The $message string is used as text to send an email

wp_mail($user_email, sprintf(__('Your New User Account on %s'), $blogname), $message);

Just the admin is allow to create the users, so there isn't risk to have dangerous code as username.

Link to comment
Share on other sites

What I was missing is add the headers to the mail function.

$headers  = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";

wp_mail($user_email, sprintf(__('Your New User Account on %s'), $blogname), $message, $headers);

Thanks for the guidance!

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.