Skip to:
Content

bbPress.org

Opened 6 years ago

Closed 6 years ago

#3209 closed defect (bug) (fixed)

bbp_is_topic_form_post_request() always returns false while editing a topic

Reported by: wpdennis's profile wpdennis Owned by: johnjamesjacoby's profile johnjamesjacoby
Milestone: 2.6 Priority: high
Severity: normal Version: 2.5
Component: General - UI/UX Keywords: commit
Cc:

Description

While editing a topic bbp_is_topic_form_post_request() always returns false, because it checks a wrong nonce action:

<?php
// Editing an existing topic
if ( bbp_verify_nonce_request( 'bbp-edit-topic' ) ) {
        return true;
}

The actual nonce action from bbp_topic_form_fields() contains the topic id:

<?php
if ( bbp_is_topic_edit() ) : ?>
...
      <?php wp_nonce_field( 'bbp-edit-topic_' . bbp_get_topic_id() );

I put this at a high priority because if someone edits an existing topic and there is an error (e.g. forum id or title empty), he loses all changes he made in the editor. That's a real downer.

The solution is probably to change bbp_is_topic_form_post_request() to:

<?php
function bbp_is_topic_form_post_request() {

        // Bail if not a post request
        if ( ! bbp_is_post_request() ) {
                return false;
        }

        // Creating a new topic
        if ( bbp_verify_nonce_request( 'bbp-new-topic' ) ) {
                return true;
        }

        // Editing an existing topic
        if ( bbp_verify_nonce_request( 'bbp-edit-topic_' . bbp_get_topic_id() ) ) {
                return true;
        }

        return false;
}

Change History (3)

#1 @johnjamesjacoby
6 years ago

  • Keywords commit added; dev-feedback removed
  • Milestone changed from Awaiting Review to 2.6
  • Owner set to johnjamesjacoby
  • Version set to 2.5

Forums also. Will fix immediately.

Thanks for catching this.

#2 @johnjamesjacoby
6 years ago

  • Component changed from Component - Topics to General - UI/UX

#3 @johnjamesjacoby
6 years ago

  • Resolution set to fixed
  • Status changed from new to closed

In 6837:

Forms: include forum/topic ID in nonce checks.

This change adds in missing object IDs, fixing a bug causing form content to be lost when an error had occurred.

Props wpdennis. Fixes #3209.

Note: See TracTickets for help on using tickets.