From 7c758d5f5ae001afa8dec3d075f10b2828738bd9 Mon Sep 17 00:00:00 2001
From: agata <automa@insicuri.net>
Date: Mon, 5 Aug 2019 19:39:27 +0200
Subject: [PATCH] [auto] plugin: buddypress 4.4.0

---
 .../bp-activity/bp-activity-filters.php       |  1 -
 .../bp-activity/bp-activity-functions.php     | 20 ++--
 .../buddypress/bp-blogs/bp-blogs-activity.php | 16 +--
 .../bp-friends/bp-friends-activity.php        |  4 +-
 .../bp-groups/bp-groups-activity.php          | 14 +--
 .../bp-groups/bp-groups-functions.php         |  2 +-
 .../bp-groups/bp-groups-template.php          |  2 +-
 wp-content/plugins/buddypress/bp-loader.php   |  2 +-
 .../bp-members/bp-members-activity.php        |  2 +-
 .../bp-members/bp-members-functions.php       |  2 +-
 .../bp-messages/bp-messages-functions.php     |  2 +-
 .../bp-nouveau/includes/groups/ajax.php       | 27 +++--
 .../includes/groups/template-tags.php         | 14 ++-
 .../bp-xprofile/bp-xprofile-activity.php      |  4 +-
 wp-content/plugins/buddypress/buddypress.pot  | 98 ++++++++++---------
 .../plugins/buddypress/class-buddypress.php   |  2 +-
 wp-content/plugins/buddypress/readme.txt      | 10 +-
 17 files changed, 127 insertions(+), 95 deletions(-)

diff --git a/wp-content/plugins/buddypress/bp-activity/bp-activity-filters.php b/wp-content/plugins/buddypress/bp-activity/bp-activity-filters.php
index a05c2eb16..3cacd64f6 100644
--- a/wp-content/plugins/buddypress/bp-activity/bp-activity-filters.php
+++ b/wp-content/plugins/buddypress/bp-activity/bp-activity-filters.php
@@ -13,7 +13,6 @@ defined( 'ABSPATH' ) || exit;
 /* Filters *******************************************************************/
 
 // Apply WordPress defined filters.
-add_filter( 'bp_get_activity_action',                'bp_activity_filter_kses', 1 );
 add_filter( 'bp_get_activity_content_body',          'bp_activity_filter_kses', 1 );
 add_filter( 'bp_get_activity_parent_content',        'bp_activity_filter_kses', 1 );
 add_filter( 'bp_get_activity_latest_update',         'bp_activity_filter_kses', 1 );
diff --git a/wp-content/plugins/buddypress/bp-activity/bp-activity-functions.php b/wp-content/plugins/buddypress/bp-activity/bp-activity-functions.php
index ddecd65b7..c6a3e693c 100644
--- a/wp-content/plugins/buddypress/bp-activity/bp-activity-functions.php
+++ b/wp-content/plugins/buddypress/bp-activity/bp-activity-functions.php
@@ -1523,7 +1523,7 @@ function bp_activity_generate_action_string( $activity ) {
  * @return string $action
  */
 function bp_activity_format_activity_action_activity_update( $action, $activity ) {
-	$action = sprintf( __( '%s posted an update', 'buddypress' ), bp_core_get_userlink( $activity->user_id ) );
+	$action = sprintf( esc_html__( '%s posted an update', 'buddypress' ), bp_core_get_userlink( $activity->user_id ) );
 
 	/**
 	 * Filters the formatted activity action update string.
@@ -1546,7 +1546,7 @@ function bp_activity_format_activity_action_activity_update( $action, $activity
  * @return string $action
  */
 function bp_activity_format_activity_action_activity_comment( $action, $activity ) {
-	$action = sprintf( __( '%s posted a new activity comment', 'buddypress' ), bp_core_get_userlink( $activity->user_id ) );
+	$action = sprintf( esc_html__( '%s posted a new activity comment', 'buddypress' ), bp_core_get_userlink( $activity->user_id ) );
 
 	/**
 	 * Filters the formatted activity action comment string.
@@ -1589,19 +1589,22 @@ function bp_activity_format_activity_action_custom_post_type_post( $action, $act
 		$post_url = $activity->post_url;
 	}
 
+	$post_link = '<a href="' . esc_url( $post_url ) . '">' . esc_html_x( 'item', 'Default text for the post type name', 'buddypress' ) . '</a>';
+
 	if ( is_multisite() ) {
-		$blog_link = '<a href="' . esc_url( $blog_url ) . '">' . get_blog_option( $activity->item_id, 'blogname' ) . '</a>';
+		$blog_link = '<a href="' . esc_url( $blog_url ) . '">' . esc_html( get_blog_option( $activity->item_id, 'blogname' ) ) . '</a>';
 
 		if ( ! empty( $bp->activity->track[ $activity->type ]->new_post_type_action_ms ) ) {
-			$action = sprintf( $bp->activity->track[ $activity->type ]->new_post_type_action_ms, $user_link, $post_url, $blog_link );
+			$action = sprintf( $bp->activity->track[ $activity->type ]->new_post_type_action_ms, $user_link, esc_url( $post_url ), $blog_link );
 		} else {
-			$action = sprintf( _x( '%1$s wrote a new <a href="%2$s">item</a>, on the site %3$s', 'Activity Custom Post Type post action', 'buddypress' ), $user_link, esc_url( $post_url ), $blog_link );
+
+			$action = sprintf( esc_html_x( '%1$s wrote a new %2$s, on the site %3$s', 'Activity Custom Post Type post action', 'buddypress' ), $user_link, $post_link, $blog_link );
 		}
 	} else {
 		if ( ! empty( $bp->activity->track[ $activity->type ]->new_post_type_action ) ) {
 			$action = sprintf( $bp->activity->track[ $activity->type ]->new_post_type_action, $user_link, $post_url );
 		} else {
-			$action = sprintf( _x( '%1$s wrote a new <a href="%2$s">item</a>', 'Activity Custom Post Type post action', 'buddypress' ), $user_link, esc_url( $post_url ) );
+			$action = sprintf( esc_html_x( '%1$s wrote a new %2$s', 'Activity Custom Post Type post action', 'buddypress' ), $user_link, $post_link );
 		}
 	}
 
@@ -1639,6 +1642,7 @@ function bp_activity_format_activity_action_custom_post_type_comment( $action, $
 	}
 
 	$user_link = bp_core_get_userlink( $activity->user_id );
+	$post_link = '<a href="' . esc_url( $activity->primary_link ) . '">' . esc_html_x( 'item', 'Default text for the post type name', 'buddypress' ) . '</a>';
 
 	if ( is_multisite() ) {
 		$blog_link = '<a href="' . esc_url( get_home_url( $activity->item_id ) ) . '">' . get_blog_option( $activity->item_id, 'blogname' ) . '</a>';
@@ -1646,13 +1650,13 @@ function bp_activity_format_activity_action_custom_post_type_comment( $action, $
 		if ( ! empty( $bp->activity->track[ $activity->type ]->new_post_type_comment_action_ms ) ) {
 			$action = sprintf( $bp->activity->track[ $activity->type ]->new_post_type_comment_action_ms, $user_link, $activity->primary_link, $blog_link );
 		} else {
-			$action = sprintf( _x( '%1$s commented on the <a href="%2$s">item</a>, on the site %3$s', 'Activity Custom Post Type comment action', 'buddypress' ), $user_link, $activity->primary_link, $blog_link );
+			$action = sprintf( esc_html_x( '%1$s commented on the %2$s, on the site %3$s', 'Activity Custom Post Type comment action', 'buddypress' ), $user_link, $post_link, $blog_link );
 		}
 	} else {
 		if ( ! empty( $bp->activity->track[ $activity->type ]->new_post_type_comment_action ) ) {
 			$action = sprintf( $bp->activity->track[ $activity->type ]->new_post_type_comment_action, $user_link, $activity->primary_link );
 		} else {
-			$action = sprintf( _x( '%1$s commented on the <a href="%2$s">item</a>', 'Activity Custom Post Type post comment action', 'buddypress' ), $user_link, $activity->primary_link );
+			$action = sprintf( esc_html_x( '%1$s commented on the %2$s', 'Activity Custom Post Type post comment action', 'buddypress' ), $user_link, $post_link );
 		}
 	}
 
diff --git a/wp-content/plugins/buddypress/bp-blogs/bp-blogs-activity.php b/wp-content/plugins/buddypress/bp-blogs/bp-blogs-activity.php
index 1b5524570..c514355f8 100644
--- a/wp-content/plugins/buddypress/bp-blogs/bp-blogs-activity.php
+++ b/wp-content/plugins/buddypress/bp-blogs/bp-blogs-activity.php
@@ -127,7 +127,7 @@ function bp_blogs_format_activity_action_new_blog( $action, $activity ) {
 	$blog_url  = bp_blogs_get_blogmeta( $activity->item_id, 'url' );
 	$blog_name = bp_blogs_get_blogmeta( $activity->item_id, 'name' );
 
-	$action = sprintf( __( '%s created the site %s', 'buddypress' ), bp_core_get_userlink( $activity->user_id ), '<a href="' . esc_url( $blog_url ) . '">' . esc_html( $blog_name ) . '</a>' );
+	$action = sprintf( esc_html__( '%s created the site %s', 'buddypress' ), bp_core_get_userlink( $activity->user_id ), '<a href="' . esc_url( $blog_url ) . '">' . esc_html( $blog_name ) . '</a>' );
 
 	// Legacy filter - requires the BP_Blogs_Blog object.
 	if ( has_filter( 'bp_blogs_activity_created_blog_action' ) ) {
@@ -209,7 +209,7 @@ function bp_blogs_format_activity_action_new_blog_post( $action, $activity ) {
 	 */
 	if ( empty( $post_title ) ) {
 		// Defaults to no title.
-		$post_title = esc_html__( '(no title)', 'buddypress' );
+		$post_title = __( '(no title)', 'buddypress' );
 
 		switch_to_blog( $activity->item_id );
 
@@ -230,15 +230,15 @@ function bp_blogs_format_activity_action_new_blog_post( $action, $activity ) {
 	}
 
 	// Build the 'post link' part of the activity action string.
-	$post_link  = '<a href="' . esc_url( $post_url ) . '">' . $post_title . '</a>';
+	$post_link  = '<a href="' . esc_url( $post_url ) . '">' . esc_html( $post_title ) . '</a>';
 
 	$user_link = bp_core_get_userlink( $activity->user_id );
 
 	// Build the complete activity action string.
 	if ( is_multisite() ) {
-		$action  = sprintf( __( '%1$s wrote a new post, %2$s, on the site %3$s', 'buddypress' ), $user_link, $post_link, '<a href="' . esc_url( $blog_url ) . '">' . esc_html( $blog_name ) . '</a>' );
+		$action  = sprintf( esc_html__( '%1$s wrote a new post, %2$s, on the site %3$s', 'buddypress' ), $user_link, $post_link, '<a href="' . esc_url( $blog_url ) . '">' . esc_html( $blog_name ) . '</a>' );
 	} else {
-		$action  = sprintf( __( '%1$s wrote a new post, %2$s', 'buddypress' ), $user_link, $post_link );
+		$action  = sprintf( esc_html__( '%1$s wrote a new post, %2$s', 'buddypress' ), $user_link, $post_link );
 	}
 
 	// Legacy filter - requires the post object.
@@ -358,13 +358,13 @@ function bp_blogs_format_activity_action_new_blog_comment( $action, $activity )
 		restore_current_blog();
 	}
 
-	$post_link = '<a href="' . esc_url( $post_url ) . '">' . $post_title . '</a>';
+	$post_link = '<a href="' . esc_url( $post_url ) . '">' . esc_html( $post_title ) . '</a>';
 	$user_link = bp_core_get_userlink( $activity->user_id );
 
 	if ( is_multisite() ) {
-		$action  = sprintf( __( '%1$s commented on the post, %2$s, on the site %3$s', 'buddypress' ), $user_link, $post_link, '<a href="' . esc_url( $blog_url ) . '">' . esc_html( $blog_name ) . '</a>' );
+		$action  = sprintf( esc_html__( '%1$s commented on the post, %2$s, on the site %3$s', 'buddypress' ), $user_link, $post_link, '<a href="' . esc_url( $blog_url ) . '">' . esc_html( $blog_name ) . '</a>' );
 	} else {
-		$action  = sprintf( __( '%1$s commented on the post, %2$s', 'buddypress' ), $user_link, $post_link );
+		$action  = sprintf( esc_html__( '%1$s commented on the post, %2$s', 'buddypress' ), $user_link, $post_link );
 	}
 
 	// Legacy filter - requires the comment object.
diff --git a/wp-content/plugins/buddypress/bp-friends/bp-friends-activity.php b/wp-content/plugins/buddypress/bp-friends/bp-friends-activity.php
index 26e009680..d0b51f65e 100644
--- a/wp-content/plugins/buddypress/bp-friends/bp-friends-activity.php
+++ b/wp-content/plugins/buddypress/bp-friends/bp-friends-activity.php
@@ -141,7 +141,7 @@ function bp_friends_format_activity_action_friendship_accepted( $action, $activi
 	$initiator_link = bp_core_get_userlink( $activity->user_id );
 	$friend_link    = bp_core_get_userlink( $activity->secondary_item_id );
 
-	$action = sprintf( __( '%1$s and %2$s are now friends', 'buddypress' ), $initiator_link, $friend_link );
+	$action = sprintf( esc_html__( '%1$s and %2$s are now friends', 'buddypress' ), $initiator_link, $friend_link );
 
 	// Backward compatibility for legacy filter
 	// The old filter has the $friendship object passed to it. We want to
@@ -175,7 +175,7 @@ function bp_friends_format_activity_action_friendship_created( $action, $activit
 	$initiator_link = bp_core_get_userlink( $activity->user_id );
 	$friend_link    = bp_core_get_userlink( $activity->secondary_item_id );
 
-	$action = sprintf( __( '%1$s and %2$s are now friends', 'buddypress' ), $initiator_link, $friend_link );
+	$action = sprintf( esc_html__( '%1$s and %2$s are now friends', 'buddypress' ), $initiator_link, $friend_link );
 
 	// Backward compatibility for legacy filter
 	// The old filter has the $friendship object passed to it. We want to
diff --git a/wp-content/plugins/buddypress/bp-groups/bp-groups-activity.php b/wp-content/plugins/buddypress/bp-groups/bp-groups-activity.php
index 85d2a8fc8..f45e131aa 100644
--- a/wp-content/plugins/buddypress/bp-groups/bp-groups-activity.php
+++ b/wp-content/plugins/buddypress/bp-groups/bp-groups-activity.php
@@ -78,7 +78,7 @@ function bp_groups_format_activity_action_created_group( $action, $activity ) {
 	$group      = groups_get_group( $activity->item_id );
 	$group_link = '<a href="' . esc_url( bp_get_group_permalink( $group ) ) . '">' . esc_html( $group->name ) . '</a>';
 
-	$action = sprintf( __( '%1$s created the group %2$s', 'buddypress'), $user_link, $group_link );
+	$action = sprintf( esc_html__( '%1$s created the group %2$s', 'buddypress'), $user_link, $group_link );
 
 	/**
 	 * Filters the 'created_group' activity actions.
@@ -106,7 +106,7 @@ function bp_groups_format_activity_action_joined_group( $action, $activity ) {
 	$group      = groups_get_group( $activity->item_id );
 	$group_link = '<a href="' . esc_url( bp_get_group_permalink( $group ) ) . '">' . esc_html( $group->name ) . '</a>';
 
-	$action = sprintf( __( '%1$s joined the group %2$s', 'buddypress' ), $user_link, $group_link );
+	$action = sprintf( esc_html__( '%1$s joined the group %2$s', 'buddypress' ), $user_link, $group_link );
 
 	// Legacy filters (do not follow parameter patterns of other activity
 	// action filters, and requires apply_filters_ref_array()).
@@ -153,22 +153,22 @@ function bp_groups_format_activity_action_group_details_updated( $action, $activ
 
 	// No changed details were found, so use a generic message.
 	if ( empty( $changed ) ) {
-		$action = sprintf( __( '%1$s updated details for the group %2$s', 'buddypress' ), $user_link, $group_link );
+		$action = sprintf( esc_html__( '%1$s updated details for the group %2$s', 'buddypress' ), $user_link, $group_link );
 
 	// Name and description changed - to keep things short, don't describe changes in detail.
 	} elseif ( isset( $changed['name'] ) && isset( $changed['description'] ) ) {
-		$action = sprintf( __( '%1$s changed the name and description of the group %2$s', 'buddypress' ), $user_link, $group_link );
+		$action = sprintf( esc_html__( '%1$s changed the name and description of the group %2$s', 'buddypress' ), $user_link, $group_link );
 
 	// Name only.
 	} elseif ( ! empty( $changed['name']['old'] ) && ! empty( $changed['name']['new'] ) ) {
-		$action = sprintf( __( '%1$s changed the name of the group %2$s from "%3$s" to "%4$s"', 'buddypress' ), $user_link, $group_link, esc_html( $changed['name']['old'] ), esc_html( $changed['name']['new'] ) );
+		$action = sprintf( esc_html__( '%1$s changed the name of the group %2$s from "%3$s" to "%4$s"', 'buddypress' ), $user_link, $group_link, esc_html( $changed['name']['old'] ), esc_html( $changed['name']['new'] ) );
 
 	// Description only.
 	} elseif ( ! empty( $changed['description']['old'] ) && ! empty( $changed['description']['new'] ) ) {
-		$action = sprintf( __( '%1$s changed the description of the group %2$s from "%3$s" to "%4$s"', 'buddypress' ), $user_link, $group_link, esc_html( $changed['description']['old'] ), esc_html( $changed['description']['new'] ) );
+		$action = sprintf( esc_html__( '%1$s changed the description of the group %2$s from "%3$s" to "%4$s"', 'buddypress' ), $user_link, $group_link, esc_html( $changed['description']['old'] ), esc_html( $changed['description']['new'] ) );
 
 	} elseif ( ! empty( $changed['slug']['old'] ) && ! empty( $changed['slug']['new'] ) ) {
-		$action = sprintf( __( '%1$s changed the permalink of the group %2$s.', 'buddypress' ), $user_link, $group_link );
+		$action = sprintf( esc_html__( '%1$s changed the permalink of the group %2$s.', 'buddypress' ), $user_link, $group_link );
 
 	}
 
diff --git a/wp-content/plugins/buddypress/bp-groups/bp-groups-functions.php b/wp-content/plugins/buddypress/bp-groups/bp-groups-functions.php
index 43240122a..bda437952 100644
--- a/wp-content/plugins/buddypress/bp-groups/bp-groups-functions.php
+++ b/wp-content/plugins/buddypress/bp-groups/bp-groups-functions.php
@@ -1312,7 +1312,7 @@ function groups_post_update( $args = '' ) {
 		return false;
 
 	// Record this in activity streams.
-	$activity_action  = sprintf( __( '%1$s posted an update in the group %2$s', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . bp_get_group_permalink( $bp->groups->current_group ) . '">' . esc_attr( $bp->groups->current_group->name ) . '</a>' );
+	$activity_action  = sprintf( esc_html__( '%1$s posted an update in the group %2$s', 'buddypress'), bp_core_get_userlink( $user_id ), '<a href="' . esc_url( bp_get_group_permalink( $bp->groups->current_group ) ) . '">' . esc_html( $bp->groups->current_group->name ) . '</a>' );
 	$activity_content = $content;
 
 	/**
diff --git a/wp-content/plugins/buddypress/bp-groups/bp-groups-template.php b/wp-content/plugins/buddypress/bp-groups/bp-groups-template.php
index c5c5a0465..f628dd54c 100644
--- a/wp-content/plugins/buddypress/bp-groups/bp-groups-template.php
+++ b/wp-content/plugins/buddypress/bp-groups/bp-groups-template.php
@@ -5865,7 +5865,7 @@ function bp_groups_activity_feed() {
 		return;
 	} ?>
 
-	<link rel="alternate" type="application/rss+xml" title="<?php bloginfo( 'name' ) ?> | <?php bp_current_group_name() ?> | <?php _e( 'Group Activity RSS Feed', 'buddypress' ) ?>" href="<?php bp_group_activity_feed_link() ?>" />
+	<link rel="alternate" type="application/rss+xml" title="<?php bloginfo( 'name' ) ?> | <?php echo esc_attr( bp_get_current_group_name() ); ?> | <?php _e( 'Group Activity RSS Feed', 'buddypress' ) ?>" href="<?php bp_group_activity_feed_link() ?>" />
 
 <?php
 }
diff --git a/wp-content/plugins/buddypress/bp-loader.php b/wp-content/plugins/buddypress/bp-loader.php
index 9bc6a745f..c44202b23 100644
--- a/wp-content/plugins/buddypress/bp-loader.php
+++ b/wp-content/plugins/buddypress/bp-loader.php
@@ -15,7 +15,7 @@
  * Description: BuddyPress adds community features to WordPress. Member Profiles, Activity Streams, Direct Messaging, Notifications, and more!
  * Author:      The BuddyPress Community
  * Author URI:  https://buddypress.org/
- * Version:     4.3.0
+ * Version:     4.4.0
  * Text Domain: buddypress
  * Domain Path: /bp-languages/
  * License:     GPLv2 or later (license.txt)
diff --git a/wp-content/plugins/buddypress/bp-members/bp-members-activity.php b/wp-content/plugins/buddypress/bp-members/bp-members-activity.php
index c6ed4958b..db445737f 100644
--- a/wp-content/plugins/buddypress/bp-members/bp-members-activity.php
+++ b/wp-content/plugins/buddypress/bp-members/bp-members-activity.php
@@ -47,7 +47,7 @@ add_action( 'bp_register_activity_actions', 'bp_members_register_activity_action
  */
 function bp_members_format_activity_action_new_member( $action, $activity ) {
 	$userlink = bp_core_get_userlink( $activity->user_id );
-	$action   = sprintf( __( '%s became a registered member', 'buddypress' ), $userlink );
+	$action   = sprintf( esc_html__( '%s became a registered member', 'buddypress' ), $userlink );
 
 	// Legacy filter - pass $user_id instead of $activity.
 	if ( has_filter( 'bp_core_activity_registered_member_action' ) ) {
diff --git a/wp-content/plugins/buddypress/bp-members/bp-members-functions.php b/wp-content/plugins/buddypress/bp-members/bp-members-functions.php
index 85d02d62a..e505432f0 100644
--- a/wp-content/plugins/buddypress/bp-members/bp-members-functions.php
+++ b/wp-content/plugins/buddypress/bp-members/bp-members-functions.php
@@ -415,7 +415,7 @@ function bp_core_get_userlink( $user_id, $no_anchor = false, $just_link = false
 	 * @param string $value   Link text based on passed parameters.
 	 * @param int    $user_id ID of the user to check.
 	 */
-	return apply_filters( 'bp_core_get_userlink', '<a href="' . $url . '">' . $display_name . '</a>', $user_id );
+	return apply_filters( 'bp_core_get_userlink', '<a href="' . esc_url( $url ) . '">' . $display_name . '</a>', $user_id );
 }
 
 /**
diff --git a/wp-content/plugins/buddypress/bp-messages/bp-messages-functions.php b/wp-content/plugins/buddypress/bp-messages/bp-messages-functions.php
index 387943d54..61ded106f 100644
--- a/wp-content/plugins/buddypress/bp-messages/bp-messages-functions.php
+++ b/wp-content/plugins/buddypress/bp-messages/bp-messages-functions.php
@@ -684,7 +684,7 @@ function bp_messages_personal_data_exporter( $email_address, $page ) {
 
 		foreach ( $thread->messages as $message_index => $message ) {
 			// Only include messages written by the user.
-			if ( $recipient->user_id !== $message->sender_id ) {
+			if ( $user->ID !== $message->sender_id ) {
 				continue;
 			}
 
diff --git a/wp-content/plugins/buddypress/bp-templates/bp-nouveau/includes/groups/ajax.php b/wp-content/plugins/buddypress/bp-templates/bp-nouveau/includes/groups/ajax.php
index e14c856c0..93167c69f 100644
--- a/wp-content/plugins/buddypress/bp-templates/bp-nouveau/includes/groups/ajax.php
+++ b/wp-content/plugins/buddypress/bp-templates/bp-nouveau/includes/groups/ajax.php
@@ -3,7 +3,7 @@
  * Groups Ajax functions
  *
  * @since 3.0.0
- * @version 3.1.0
+ * @version 4.4.0
  */
 
 // Exit if accessed directly.
@@ -384,15 +384,26 @@ function bp_nouveau_ajax_send_group_invites() {
 	}
 
 	// For feedback
-	$invited = array();
+	$invited           = array();
+	$is_friends_active = bp_is_active( 'friends' );
 
 	foreach ( (array) $_POST['users'] as $user_id ) {
-		$invited[ (int) $user_id ] = groups_invite_user(
-			array(
-				'user_id'  => $user_id,
-				'group_id' => $group_id,
-			)
-		);
+		$user_id = (int) $user_id;
+
+		if ( $is_friends_active && bp_nouveau_groups_get_group_invites_setting( $user_id ) && 'is_friend' !== BP_Friends_Friendship::check_is_friend( bp_loggedin_user_id(), $user_id ) ) {
+			continue;
+		} else {
+			$invited[ $user_id ] = groups_invite_user(
+				array(
+					'user_id'  => $user_id,
+					'group_id' => $group_id,
+				)
+			);
+		}
+	}
+
+	if ( ! $invited ) {
+		wp_send_json_error( $response );
 	}
 
 	if ( ! empty( $_POST['message'] ) ) {
diff --git a/wp-content/plugins/buddypress/bp-templates/bp-nouveau/includes/groups/template-tags.php b/wp-content/plugins/buddypress/bp-templates/bp-nouveau/includes/groups/template-tags.php
index 24f4f392d..e47743ad0 100644
--- a/wp-content/plugins/buddypress/bp-templates/bp-nouveau/includes/groups/template-tags.php
+++ b/wp-content/plugins/buddypress/bp-templates/bp-nouveau/includes/groups/template-tags.php
@@ -3,7 +3,7 @@
  * Groups Template tags
  *
  * @since 3.0.0
- * @version 3.2.0
+ * @version 4.4.0
  */
 
 // Exit if accessed directly.
@@ -192,11 +192,17 @@ function bp_nouveau_group_invites_interface() {
  * Gets the displayed user group invites preferences
  *
  * @since 3.0.0
+ * @since 4.4.0
  *
- * @return int Returns 1 if user chose to restrict to friends, 0 otherwise.
+ * @param  int $user_id The user ID to check group invites preference for.
+ * @return int          Returns 1 if user chose to restrict to friends, 0 otherwise.
  */
-function bp_nouveau_groups_get_group_invites_setting() {
-	return (int) bp_get_user_meta( bp_displayed_user_id(), '_bp_nouveau_restrict_invites_to_friends' );
+function bp_nouveau_groups_get_group_invites_setting( $user_id = 0 ) {
+	if ( ! $user_id ) {
+		$user_id = bp_displayed_user_id();
+	}
+
+	return (int) bp_get_user_meta( $user_id, '_bp_nouveau_restrict_invites_to_friends' );
 }
 
 /**
diff --git a/wp-content/plugins/buddypress/bp-xprofile/bp-xprofile-activity.php b/wp-content/plugins/buddypress/bp-xprofile/bp-xprofile-activity.php
index 1e2cfb821..e038186f4 100644
--- a/wp-content/plugins/buddypress/bp-xprofile/bp-xprofile-activity.php
+++ b/wp-content/plugins/buddypress/bp-xprofile/bp-xprofile-activity.php
@@ -60,7 +60,7 @@ add_action( 'bp_register_activity_actions', 'xprofile_register_activity_actions'
  */
 function bp_xprofile_format_activity_action_new_avatar( $action, $activity ) {
 	$userlink = bp_core_get_userlink( $activity->user_id );
-	$action   = sprintf( __( '%s changed their profile picture', 'buddypress' ), $userlink );
+	$action   = sprintf( esc_html__( '%s changed their profile picture', 'buddypress' ), $userlink );
 
 	// Legacy filter - pass $user_id instead of $activity.
 	if ( has_filter( 'bp_xprofile_new_avatar_action' ) ) {
@@ -94,7 +94,7 @@ function bp_xprofile_format_activity_action_updated_profile( $action, $activity
 	// your language doesn't have this restriction, feel free to use a more
 	// natural translation.
 	$profile_link = trailingslashit( bp_core_get_user_domain( $activity->user_id ) . bp_get_profile_slug() );
-	$action	      = sprintf( __( "%s's profile was updated", 'buddypress' ), '<a href="' . $profile_link . '">' . bp_core_get_user_displayname( $activity->user_id ) . '</a>' );
+	$action	      = sprintf( esc_html__( "%s's profile was updated", 'buddypress' ), '<a href="' . esc_url( $profile_link ) . '">' . bp_core_get_user_displayname( $activity->user_id ) . '</a>' );
 
 	/**
 	 * Filters the formatted 'updated_profile' activity stream action.
diff --git a/wp-content/plugins/buddypress/buddypress.pot b/wp-content/plugins/buddypress/buddypress.pot
index 752700661..b6f2b2875 100644
--- a/wp-content/plugins/buddypress/buddypress.pot
+++ b/wp-content/plugins/buddypress/buddypress.pot
@@ -2,9 +2,9 @@
 # This file is distributed under the GPLv2 or later (license.txt).
 msgid ""
 msgstr ""
-"Project-Id-Version: BuddyPress 4.3.0\n"
+"Project-Id-Version: BuddyPress 4.4.0\n"
 "Report-Msgid-Bugs-To: https://buddypress.trac.wordpress.org\n"
-"POT-Creation-Date: 2019-04-25 16:09:52+00:00\n"
+"POT-Creation-Date: 2019-07-23 05:07:35+00:00\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"
@@ -486,19 +486,19 @@ msgstr ""
 msgid "Your browser does not support HTML5 audio"
 msgstr ""
 
-#: bp-activity/bp-activity-filters.php:435
+#: bp-activity/bp-activity-filters.php:434
 msgid "[Read more]"
 msgstr ""
 
-#: bp-activity/bp-activity-filters.php:439
+#: bp-activity/bp-activity-filters.php:438
 msgid "&hellip;"
 msgstr ""
 
-#: bp-activity/bp-activity-filters.php:645
+#: bp-activity/bp-activity-filters.php:644
 msgid "Load Newest"
 msgstr ""
 
-#: bp-activity/bp-activity-filters.php:828
+#: bp-activity/bp-activity-filters.php:827
 msgid "BuddyPress Activity Data"
 msgstr ""
 
@@ -526,37 +526,37 @@ msgstr ""
 msgid "%s posted a new activity comment"
 msgstr ""
 
-#: bp-activity/bp-activity-functions.php:2592
+#: bp-activity/bp-activity-functions.php:2596
 #: bp-templates/bp-legacy/buddypress-functions.php:1049
 #: bp-templates/bp-nouveau/includes/activity/ajax.php:334
 msgid "There was an error posting your reply. Please try again."
 msgstr ""
 
-#: bp-activity/bp-activity-functions.php:2620
+#: bp-activity/bp-activity-functions.php:2624
 msgid "The item you were replying to no longer exists."
 msgstr ""
 
-#: bp-activity/bp-activity-functions.php:3229
+#: bp-activity/bp-activity-functions.php:3233
 msgid "Thumbnail"
 msgstr ""
 
-#: bp-activity/bp-activity-functions.php:4187
+#: bp-activity/bp-activity-functions.php:4191
 msgid "Activity Date"
 msgstr ""
 
-#: bp-activity/bp-activity-functions.php:4191
+#: bp-activity/bp-activity-functions.php:4195
 msgid "Activity Description"
 msgstr ""
 
-#: bp-activity/bp-activity-functions.php:4195
+#: bp-activity/bp-activity-functions.php:4199
 msgid "Activity URL"
 msgstr ""
 
-#: bp-activity/bp-activity-functions.php:4202
+#: bp-activity/bp-activity-functions.php:4206
 msgid "Activity Content"
 msgstr ""
 
-#: bp-activity/bp-activity-functions.php:4223
+#: bp-activity/bp-activity-functions.php:4227
 #: bp-activity/bp-activity-notifications.php:389
 #: bp-activity/classes/class-bp-activity-oembed-extension.php:138
 #: bp-activity/classes/class-bp-activity-theme-compat.php:161
@@ -3486,7 +3486,7 @@ msgstr ""
 #: bp-core/deprecated/2.1.php:391 bp-groups/bp-groups-admin.php:1065
 #: bp-templates/bp-legacy/buddypress/groups/single/admin/delete-group.php:12
 #: bp-templates/bp-legacy/buddypress/groups/single/admin/delete-group.php:39
-#: bp-templates/bp-nouveau/includes/groups/template-tags.php:367
+#: bp-templates/bp-nouveau/includes/groups/template-tags.php:373
 msgid "Delete Group"
 msgstr ""
 
@@ -4245,7 +4245,7 @@ msgstr ""
 #: bp-templates/bp-nouveau/includes/functions.php:1301
 #: bp-templates/bp-nouveau/includes/functions.php:1312
 #: bp-templates/bp-nouveau/includes/functions.php:1323
-#: bp-templates/bp-nouveau/includes/groups/template-tags.php:359
+#: bp-templates/bp-nouveau/includes/groups/template-tags.php:365
 msgid "Save Changes"
 msgstr ""
 
@@ -4500,7 +4500,7 @@ msgstr ""
 #: bp-templates/bp-legacy/buddypress/groups/single/admin/manage-members.php:168
 #: bp-templates/bp-legacy/buddypress/groups/single/admin/manage-members.php:277
 #: bp-templates/bp-nouveau/buddypress/groups/single/admin/manage-members.php:64
-#: bp-templates/bp-nouveau/includes/groups/template-tags.php:895
+#: bp-templates/bp-nouveau/includes/groups/template-tags.php:901
 msgid "Promote to Admin"
 msgstr ""
 
@@ -6764,22 +6764,22 @@ msgid ""
 msgstr ""
 
 #: bp-templates/bp-legacy/buddypress/groups/create.php:441
-#: bp-templates/bp-nouveau/includes/groups/template-tags.php:388
+#: bp-templates/bp-nouveau/includes/groups/template-tags.php:394
 msgid "Back to Previous Step"
 msgstr ""
 
 #: bp-templates/bp-legacy/buddypress/groups/create.php:448
-#: bp-templates/bp-nouveau/includes/groups/template-tags.php:396
+#: bp-templates/bp-nouveau/includes/groups/template-tags.php:402
 msgid "Next Step"
 msgstr ""
 
 #: bp-templates/bp-legacy/buddypress/groups/create.php:455
-#: bp-templates/bp-nouveau/includes/groups/template-tags.php:403
+#: bp-templates/bp-nouveau/includes/groups/template-tags.php:409
 msgid "Create Group and Continue"
 msgstr ""
 
 #: bp-templates/bp-legacy/buddypress/groups/create.php:462
-#: bp-templates/bp-nouveau/includes/groups/template-tags.php:410
+#: bp-templates/bp-nouveau/includes/groups/template-tags.php:416
 msgid "Finish"
 msgstr ""
 
@@ -6832,7 +6832,7 @@ msgid "Manage Group Details"
 msgstr ""
 
 #: bp-templates/bp-legacy/buddypress/groups/single/admin/edit-details.php:40
-#: bp-templates/bp-nouveau/includes/groups/template-tags.php:1415
+#: bp-templates/bp-nouveau/includes/groups/template-tags.php:1421
 msgid "Notify group members of these changes via email"
 msgstr ""
 
@@ -6859,22 +6859,22 @@ msgid "(banned)"
 msgstr ""
 
 #: bp-templates/bp-legacy/buddypress/groups/single/admin/manage-members.php:271
-#: bp-templates/bp-nouveau/includes/groups/template-tags.php:838
+#: bp-templates/bp-nouveau/includes/groups/template-tags.php:844
 msgid "Remove Ban"
 msgstr ""
 
 #: bp-templates/bp-legacy/buddypress/groups/single/admin/manage-members.php:275
-#: bp-templates/bp-nouveau/includes/groups/template-tags.php:857
+#: bp-templates/bp-nouveau/includes/groups/template-tags.php:863
 msgid "Kick &amp; Ban"
 msgstr ""
 
 #: bp-templates/bp-legacy/buddypress/groups/single/admin/manage-members.php:276
-#: bp-templates/bp-nouveau/includes/groups/template-tags.php:886
+#: bp-templates/bp-nouveau/includes/groups/template-tags.php:892
 msgid "Promote to Mod"
 msgstr ""
 
 #: bp-templates/bp-legacy/buddypress/groups/single/admin/manage-members.php:281
-#: bp-templates/bp-nouveau/includes/groups/template-tags.php:915
+#: bp-templates/bp-nouveau/includes/groups/template-tags.php:921
 msgid "Remove from group"
 msgstr ""
 
@@ -6928,16 +6928,16 @@ msgstr ""
 #: bp-templates/bp-legacy/buddypress/groups/single/requests-loop.php:58
 #: bp-templates/bp-legacy/buddypress/members/single/friends/requests.php:63
 #: bp-templates/bp-legacy/buddypress/members/single/groups/invites.php:51
-#: bp-templates/bp-nouveau/includes/groups/template-tags.php:721
-#: bp-templates/bp-nouveau/includes/groups/template-tags.php:777
+#: bp-templates/bp-nouveau/includes/groups/template-tags.php:727
+#: bp-templates/bp-nouveau/includes/groups/template-tags.php:783
 msgid "Accept"
 msgstr ""
 
 #: bp-templates/bp-legacy/buddypress/groups/single/requests-loop.php:60
 #: bp-templates/bp-legacy/buddypress/members/single/friends/requests.php:64
 #: bp-templates/bp-legacy/buddypress/members/single/groups/invites.php:52
-#: bp-templates/bp-nouveau/includes/groups/template-tags.php:748
-#: bp-templates/bp-nouveau/includes/groups/template-tags.php:804
+#: bp-templates/bp-nouveau/includes/groups/template-tags.php:754
+#: bp-templates/bp-nouveau/includes/groups/template-tags.php:810
 msgid "Reject"
 msgstr ""
 
@@ -8532,27 +8532,27 @@ msgstr ""
 msgid "You are not allowed to send invitations for this group."
 msgstr ""
 
-#: bp-templates/bp-nouveau/includes/groups/ajax.php:419
+#: bp-templates/bp-nouveau/includes/groups/ajax.php:430
 #. translators: count of users affected
 msgid "Invitation failed for %s user."
 msgid_plural "Invitation failed for %s users."
 msgstr[0] ""
 msgstr[1] ""
 
-#: bp-templates/bp-nouveau/includes/groups/ajax.php:438
+#: bp-templates/bp-nouveau/includes/groups/ajax.php:449
 msgid "Invitations sent."
 msgstr ""
 
-#: bp-templates/bp-nouveau/includes/groups/ajax.php:452
-#: bp-templates/bp-nouveau/includes/groups/ajax.php:491
+#: bp-templates/bp-nouveau/includes/groups/ajax.php:463
+#: bp-templates/bp-nouveau/includes/groups/ajax.php:502
 msgid "Group invitation could not be removed."
 msgstr ""
 
-#: bp-templates/bp-nouveau/includes/groups/ajax.php:480
+#: bp-templates/bp-nouveau/includes/groups/ajax.php:491
 msgid "The member is already a member of the group."
 msgstr ""
 
-#: bp-templates/bp-nouveau/includes/groups/ajax.php:500
+#: bp-templates/bp-nouveau/includes/groups/ajax.php:511
 msgid "There are no more pending invitations for the group."
 msgstr ""
 
@@ -8680,11 +8680,11 @@ msgstr ""
 msgid "Group Moderator promotions"
 msgstr ""
 
-#: bp-templates/bp-nouveau/includes/groups/template-tags.php:1301
+#: bp-templates/bp-nouveau/includes/groups/template-tags.php:1307
 msgid "Groups default front page"
 msgstr ""
 
-#: bp-templates/bp-nouveau/includes/groups/template-tags.php:1319
+#: bp-templates/bp-nouveau/includes/groups/template-tags.php:1325
 #: bp-templates/bp-nouveau/includes/members/template-tags.php:711
 msgid "(BuddyPress) Widgets"
 msgstr ""
@@ -9367,24 +9367,30 @@ msgctxt "Post Type generic comments activity front filter"
 msgid "Item comments"
 msgstr ""
 
-#: bp-activity/bp-activity-functions.php:1598
+#: bp-activity/bp-activity-functions.php:1592
+#: bp-activity/bp-activity-functions.php:1645
+msgctxt "Default text for the post type name"
+msgid "item"
+msgstr ""
+
+#: bp-activity/bp-activity-functions.php:1601
 msgctxt "Activity Custom Post Type post action"
-msgid "%1$s wrote a new <a href=\"%2$s\">item</a>, on the site %3$s"
+msgid "%1$s wrote a new %2$s, on the site %3$s"
 msgstr ""
 
-#: bp-activity/bp-activity-functions.php:1604
+#: bp-activity/bp-activity-functions.php:1607
 msgctxt "Activity Custom Post Type post action"
-msgid "%1$s wrote a new <a href=\"%2$s\">item</a>"
+msgid "%1$s wrote a new %2$s"
 msgstr ""
 
-#: bp-activity/bp-activity-functions.php:1649
+#: bp-activity/bp-activity-functions.php:1653
 msgctxt "Activity Custom Post Type comment action"
-msgid "%1$s commented on the <a href=\"%2$s\">item</a>, on the site %3$s"
+msgid "%1$s commented on the %2$s, on the site %3$s"
 msgstr ""
 
-#: bp-activity/bp-activity-functions.php:1655
+#: bp-activity/bp-activity-functions.php:1659
 msgctxt "Activity Custom Post Type post comment action"
-msgid "%1$s commented on the <a href=\"%2$s\">item</a>"
+msgid "%1$s commented on the %2$s"
 msgstr ""
 
 #: bp-activity/classes/class-bp-activity-component.php:224
diff --git a/wp-content/plugins/buddypress/class-buddypress.php b/wp-content/plugins/buddypress/class-buddypress.php
index ed2ac2209..560a85a09 100644
--- a/wp-content/plugins/buddypress/class-buddypress.php
+++ b/wp-content/plugins/buddypress/class-buddypress.php
@@ -303,7 +303,7 @@ class BuddyPress {
 
 		/** Versions **********************************************************/
 
-		$this->version    = '4.3.0';
+		$this->version    = '4.4.0';
 		$this->db_version = 11105;
 
 		/** Loading ***********************************************************/
diff --git a/wp-content/plugins/buddypress/readme.txt b/wp-content/plugins/buddypress/readme.txt
index 3e3d6644e..03e8d0909 100644
--- a/wp-content/plugins/buddypress/readme.txt
+++ b/wp-content/plugins/buddypress/readme.txt
@@ -2,9 +2,9 @@
 Contributors: johnjamesjacoby, DJPaul, boonebgorges, r-a-y, imath, mercime, tw2113, dcavins, hnla, karmatosed, slaFFik, dimensionmedia, henrywright, netweb, offereins, espellcaste, modemlooper, danbp, Venutius, apeatling, shanebp
 Tags: user profiles, activity streams, messaging, friends, user groups, notifications, community, social networking
 Requires at least: 4.6
-Tested up to: 5.1
+Tested up to: 5.2
 Requires PHP: 5.3
-Stable tag: 4.3.0
+Stable tag: 4.4.0
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
 
@@ -126,6 +126,9 @@ Try <a href="https://wordpress.org/plugins/bbpress/">bbPress</a>. It integrates
 
 == Upgrade Notice ==
 
+= 4.4.0 =
+See: https://codex.buddypress.org/releases/version-4-4-0/
+
 = 4.3.0 =
 See: https://codex.buddypress.org/releases/version-4-3-0/
 
@@ -140,6 +143,9 @@ See: https://codex.buddypress.org/releases/version-4-0-0/
 
 == Changelog ==
 
+= 4.4.0 =
+See: https://codex.buddypress.org/releases/version-4-4-0/
+
 = 4.3.0 =
 See: https://codex.buddypress.org/releases/version-4-3-0/
 
-- 
GitLab