Skip to:
Content

bbPress.org

Ticket #3262: 3262.patch

File 3262.patch, 5.7 KB (added by pierlo, 7 weeks ago)
  • includes/core/actions.php

    diff --git includes/core/actions.php includes/core/actions.php
    index b6046e4..b79814e 100644
    add_action( 'make_ham_user', 'bbp_make_ham_user' ); 
    246246add_action( 'make_spam_user', 'bbp_make_spam_user' );
    247247
    248248// User role
    249 add_action( 'bbp_profile_update', 'bbp_profile_update_role' );
     249add_action( 'bbp_profile_update', 'bbp_profile_update_role', 10, 2 );
    250250
    251251// Hook WordPress admin actions to bbPress profiles on save
    252252add_action( 'bbp_user_edit_after', 'bbp_user_edit_after' );
    add_action( 'bbp_get_request', 'bbp_search_results_redirect', 10 ); 
    303303// Maybe convert the users password
    304304add_action( 'bbp_login_form_login', 'bbp_user_maybe_convert_pass' );
    305305
    306 add_action( 'bbp_activation', 'bbp_add_activation_redirect' );
    307  No newline at end of file
     306add_action( 'bbp_activation', 'bbp_add_activation_redirect' );
  • includes/users/capabilities.php

    diff --git includes/users/capabilities.php includes/users/capabilities.php
    index 77c5e41..2cb116a 100644
    function bbp_map_primary_meta_caps( $caps = array(), $cap = '', $user_id = 0, $a 
    5050 * @since bbPress (r3860)
    5151 *
    5252 * @param int $user_id
     53 * @param string $new_role
     54 * @param string $old_role
    5355 * @uses bbp_get_user_id() To get the user id
    5456 * @uses get_userdata() To get the user data
    5557 * @uses apply_filters() Calls 'bbp_set_user_role' with the role and user id
    5658 * @return string
    5759 */
    58 function bbp_set_user_role( $user_id = 0, $new_role = '' ) {
     60function bbp_set_user_role( $user_id = 0, $new_role = '', $old_role = '' ) {
     61
     62        $forum_role = bbp_get_user_role( $user_id );
     63        $old_role = $forum_role ?: $old_role;
    5964
    6065        // Validate user id
    6166        $user_id = bbp_get_user_id( $user_id, false, false );
    function bbp_set_user_role( $user_id = 0, $new_role = '' ) { 
    6469        // User exists
    6570        if ( !empty( $user ) ) {
    6671
    67                 // Get users forum role
    68                 $role = bbp_get_user_role( $user_id );
     72                $blocked_role = bbp_get_blocked_role();
     73
     74                // Prevent blocked users from logging in, which also invalidates their sessions
     75                if ( $blocked_role === $new_role ) {
     76                        bbp_break_password( $user_id, $user->data->user_pass );
     77                        // Allow a previously blocked user to login
     78                } elseif ( $blocked_role === $old_role ) {
     79                        bbp_fix_password( $user_id, $user->data->user_pass );
     80                }
     81
     82                // When a user is edited, Wordpress removes the custom role. If no change was
     83                // made to the role, we'll re-add it
     84                if ( $new_role === $old_role ) {
    6985
    70                 // User already has this role so no new role is set
    71                 if ( $new_role === $role ) {
    72                         $new_role = false;
     86                        $user->add_role($old_role);
    7387
    74                 // Users role is different than the new role
     88                // User's role is different than the new role
    7589                } else {
    7690
    77                         // Remove the old role
    78                         if ( ! empty( $role ) ) {
    79                                 $user->remove_role( $role );
     91                        // Remove the old role if there is one
     92                        if ( !empty($old_role) ) {
     93                                $user->remove_role( $old_role );
    8094                        }
    8195
    8296                        // Add the new role
    function bbp_set_user_role( $user_id = 0, $new_role = '' ) { 
    97111        return apply_filters( 'bbp_set_user_role', $new_role, $user_id, $user );
    98112}
    99113
     114function bbp_password_broken( $user_pass ) {
     115        return '_' === $user_pass[0];
     116}
     117
     118function bbp_break_password( $user_id, $user_pass ) {
     119        global $wpdb;
     120
     121        if ( !bbp_password_broken( $user_pass ) ) {
     122
     123                $wpdb->update(
     124                        $wpdb->users,
     125                        // Prefixing an underscore makes the hash invalid
     126                        array( 'user_pass' => "_{$user_pass}" ),
     127                        array( 'ID' => $user_id )
     128                );
     129
     130                clean_user_cache( $user_id );
     131
     132        }
     133}
     134
     135function bbp_fix_password( $user_id, $user_pass ) {
     136        global $wpdb;
     137
     138        if ( bbp_password_broken( $user_pass ) ) {
     139
     140                $wpdb->update(
     141                        $wpdb->users,
     142                        array( 'user_pass' => substr( $user_pass, 1 )  ),
     143                        array( 'ID' => $user_id )
     144                );
     145
     146                clean_user_cache( $user_id );
     147
     148        }
     149}
     150
    100151/**
    101152 * Return a user's forums role
    102153 *
    103154 * @since bbPress (r3860)
    104155 *
    105156 * @param int $user_id
     157 * @param WP_User|null $user
    106158 * @uses bbp_get_user_id() To get the user id
    107159 * @uses get_userdata() To get the user data
    108160 * @uses apply_filters() Calls 'bbp_get_user_role' with the role and user id
    109161 * @return string
    110162 */
    111 function bbp_get_user_role( $user_id = 0 ) {
     163function bbp_get_user_role( $user_id = 0, $user = null ) {
    112164
    113165        // Validate user id
    114166        $user_id = bbp_get_user_id( $user_id );
    115         $user    = get_userdata( $user_id );
     167        $user    = $user === null ? get_userdata( $user_id ) : $user;
    116168        $role    = false;
    117169
    118170        // User has roles so look for a bbPress one
    function bbp_get_user_blog_role( $user_id = 0 ) { 
    183235 * @since bbPress (r4235)
    184236 *
    185237 * @param int $user_id
     238 * @param WP_User|null $old_user
    186239 * @uses bbp_reset_user_caps() to reset caps
    187240 * @usse bbp_save_user_caps() to save caps
    188241 */
    189 function bbp_profile_update_role( $user_id = 0 ) {
     242function bbp_profile_update_role( $user_id = 0, $old_user = null ) {
    190243
    191244        // Bail if no user ID was passed
    192245        if ( empty( $user_id ) )
    193246                return;
    194247
     248        // Bail if no old user data was passed
     249        if ( null === $old_user )
     250                return;
     251
    195252        // Bail if no role
    196253        if ( ! isset( $_POST['bbp-forums-role'] ) )
    197254                return;
    198255
    199         // Fromus role we want the user to have
     256        // Forums role we want the user to have
    200257        $new_role    = sanitize_text_field( $_POST['bbp-forums-role'] );
    201         $forums_role = bbp_get_user_role( $user_id );
    202 
    203         // Bail if no role change
    204         if ( $new_role === $forums_role )
    205                 return;
     258        $forums_role = bbp_get_user_role( $user_id, $old_user );
    206259
    207260        // Bail if trying to set their own role
    208261        if ( bbp_is_user_home_edit() )
    function bbp_profile_update_role( $user_id = 0 ) { 
    213266                return;
    214267
    215268        // Set the new forums role
    216         bbp_set_user_role( $user_id, $new_role );
     269        bbp_set_user_role( $user_id, $new_role, $forums_role );
    217270}
    218271
    219272/**