Skip to:
Content

bbPress.org

Ticket #3114: 3114.03.patch

File 3114.03.patch, 4.6 KB (added by r-a-y, 8 years ago)

  • src/includes/common/ajax.php

     
    7676        // Disable content sniffing in browsers that support it
    7777        send_nosniff_header();
    7878
     79        // Everything is 200 OK.
     80        status_header( 200 );
     81
    7982        // Perform custom bbPress ajax
    8083        do_action( 'bbp_ajax_' . $_REQUEST['action'] );
    8184

  • src/includes/users/template.php

     
    12041204
    12051205                $url  = esc_url( wp_nonce_url( add_query_arg( $query_args, $permalink ), 'toggle-favorite_' . $topic_id ) );
    12061206                $sub  = $is_fav ? ' class="is-favorite"' : '';
    1207                 $html = sprintf( '%s<span id="favorite-%d"  %s><a href="%s" class="favorite-toggle" data-topic="%d">%s</a></span>%s', $r['before'], $topic_id, $sub, $url, $topic_id, $text, $r['after'] );
     1207                $html = sprintf( '%s<span id="favorite-%d"  %s><a href="%s" class="favorite-toggle" data-topic="%d" data-bbp-nonce="%s">%s</a></span>%s', $r['before'], $topic_id, $sub, $url, $topic_id, wp_create_nonce( 'toggle-favorite_' . $topic_id ), $text, $r['after'] );
    12081208
    12091209                // Initial output is wrapped in a span, ajax output is hooked to this
    12101210                if ( ! empty( $wrap ) ) {
     
    14121412
    14131413                        $url  = esc_url( wp_nonce_url( add_query_arg( $query_args, $permalink ), 'toggle-subscription_' . $forum_id ) );
    14141414                        $sub  = $is_subscribed ? ' class="is-subscribed"' : '';
    1415                         $html = sprintf( '%s<span id="subscribe-%d"  %s><a href="%s" class="subscription-toggle" data-forum="%d">%s</a></span>%s', $r['before'], $forum_id, $sub, $url, $forum_id, $text, $r['after'] );
     1415                        $html = sprintf( '%s<span id="subscribe-%d"  %s><a href="%s" class="subscription-toggle" data-forum="%d" data-bbp-nonce="%s">%s</a></span>%s', $r['before'], $forum_id, $sub, $url, $forum_id, wp_create_nonce( 'toggle-subscription_' . $forum_id ), $text, $r['after'] );
    14161416
    14171417                        // Initial output is wrapped in a span, ajax output is hooked to this
    14181418                        if ( ! empty( $wrap ) ) {
     
    14481448
    14491449                        $url  = esc_url( wp_nonce_url( add_query_arg( $query_args, $permalink ), 'toggle-subscription_' . $topic_id ) );
    14501450                        $sub  = $is_subscribed ? ' class="is-subscribed"' : '';
    1451                         $html = sprintf( '%s<span id="subscribe-%d"  %s><a href="%s" class="subscription-toggle" data-topic="%d">%s</a></span>%s', $r['before'], $topic_id, $sub, $url, $topic_id, $text, $r['after'] );
     1451                        $html = sprintf( '%s<span id="subscribe-%d"  %s><a href="%s" class="subscription-toggle" data-topic="%d" data-bbp-nonce="%s">%s</a></span>%s', $r['before'], $topic_id, $sub, $url, $topic_id, wp_create_nonce( 'toggle-subscription_' . $topic_id ), $text, $r['after'] );
    14521452
    14531453                        // Initial output is wrapped in a span, ajax output is hooked to this
    14541454                        if ( ! empty( $wrap ) ) {

  • src/templates/default/js/forum.js

     
    2121        }
    2222
    2323        $( '#subscription-toggle' ).on( 'click', 'span a.subscription-toggle', function( e ) {
     24                var nonce = bbpForumJS.forum_id == 0 ? $( this ).data( 'bbp-nonce' ) : bbpForumJS.subs_nonce;
     25
    2426                e.preventDefault();
    25                 bbp_ajax_call( 'forum_subscription', $( this ).attr( 'data-forum' ), bbpForumJS.subs_nonce, '#subscription-toggle' );
     27                bbp_ajax_call( 'forum_subscription', $( this ).attr( 'data-forum' ), nonce, '#subscription-toggle' );
    2628        } );
    2729} );

  • src/templates/default/js/topic.js

     
    2121        }
    2222
    2323        $( '#favorite-toggle' ).on( 'click', 'span a.favorite-toggle', function( e ) {
     24                var nonce = bbpTopicJS.topic_id == 0 ? $( this ).data( 'bbp-nonce' ) : bbpTopicJS.fav_nonce;
     25
    2426                e.preventDefault();
    25                 bbp_ajax_call( 'favorite', $( this ).attr( 'data-topic' ), bbpTopicJS.fav_nonce, '#favorite-toggle' );
     27                bbp_ajax_call( 'favorite', $( this ).attr( 'data-topic' ), nonce, '#favorite-toggle' );
    2628        } );
    2729
    2830        $( '#subscription-toggle' ).on( 'click', 'span a.subscription-toggle', function( e ) {
     31                var nonce = bbpTopicJS.topic_id == 0 ? $( this ).data( 'bbp-nonce' ) : bbpTopicJS.subs_nonce;
     32
    2933                e.preventDefault();
    30                 bbp_ajax_call( 'subscription', $( this ).attr( 'data-topic' ), bbpTopicJS.subs_nonce, '#subscription-toggle' );
     34                bbp_ajax_call( 'subscription', $( this ).attr( 'data-topic' ), nonce, '#subscription-toggle' );
    3135        } );
    3236
    3337        $( '.bbp-alert-outer' ).on( 'click', '.bbp-alert-close', function( e ) {