Ticket #3650: 3650.diff
| File 3650.diff, 19.4 KB (added by , 8 months ago) |
|---|
-
src/includes/forums/capabilities.php
81 81 82 82 // Post is public 83 83 if ( bbp_get_public_status_id() === $_post->post_status ) { 84 $caps = array( 'spectate' );85 84 85 // Anonymous users do not have caps, but can 'exist' 86 if ( bbp_is_anonymous() ) { 87 $caps = array( 'exist' ); 88 89 // Registered users need the 'spectate' cap 90 } else { 91 $caps = array( 'spectate' ); 92 } 93 86 94 // User is author so allow read 87 95 } elseif ( (int) $user_id === (int) $_post->post_author ) { 88 96 $caps = array( 'spectate' ); -
src/includes/forums/functions.php
186 186 187 187 /** Forum Parent **********************************************************/ 188 188 189 // Forum parent was passed (the norm)190 if ( ! empty( $_POST['bbp_forum_parent_id'] ) ) {189 // Forum parent is expected for theme-side submissions 190 if ( ! empty( $_POST['bbp_forum_parent_id'] ) && is_numeric( $_POST['bbp_forum_parent_id'] ) ) { 191 191 $forum_parent_id = bbp_get_forum_id( $_POST['bbp_forum_parent_id'] ); 192 192 } 193 193 194 194 // Filter and sanitize 195 195 $forum_parent_id = apply_filters( 'bbp_new_forum_pre_parent_id', $forum_parent_id ); 196 196 197 // No forum parent was passed (should never happen)197 // Forum parent was not passed (required for theme-side BuddyPress support) 198 198 if ( empty( $forum_parent_id ) ) { 199 199 bbp_add_error( 'bbp_new_forum_missing_parent', __( '<strong>Error</strong>: Your forum must have a parent.', 'bbpress' ) ); 200 200 201 // Forum exists201 // Forum parent exists 202 202 } elseif ( ! empty( $forum_parent_id ) ) { 203 203 204 // Forum is a category204 // Forum parent is a category 205 205 if ( bbp_is_forum_category( $forum_parent_id ) ) { 206 206 bbp_add_error( 'bbp_new_forum_forum_category', __( '<strong>Error</strong>: This forum is a category. No forums can be created in this forum.', 'bbpress' ) ); 207 207 } 208 208 209 // Forum is closed and user cannot access 210 if ( bbp_is_forum_closed( $forum_parent_id ) && ! current_user_can( 'edit_forum', $forum_parent_id ) ) { 211 bbp_add_error( 'bbp_new_forum_forum_closed', __( '<strong>Error</strong>: This forum has been closed to new forums.', 'bbpress' ) ); 212 } 209 // Forum parent not editable by user 210 if ( ! current_user_can( 'edit_forum', $forum_parent_id ) ) { 213 211 214 // Forum is private and user cannot access 215 if ( bbp_is_forum_private( $forum_parent_id ) && ! current_user_can( 'read_forum', $forum_parent_id ) ) { 216 bbp_add_error( 'bbp_new_forum_forum_private', __( '<strong>Error</strong>: This forum is private and you do not have the capability to read or create new forums in it.', 'bbpress' ) ); 212 // Forum parent is closed 213 if ( bbp_is_forum_closed( $forum_parent_id ) ) { 214 bbp_add_error( 'bbp_new_forum_forum_closed', __( '<strong>Error</strong>: This forum is closed to new forums.', 'bbpress' ) ); 215 } 217 216 } 218 217 219 // Forum is hidden and user cannot access220 if ( bbp_is_forum_hidden( $forum_parent_id ) &&! current_user_can( 'read_forum', $forum_parent_id ) ) {221 bbp_add_error( 'bbp_new_forum_forum_ hidden', __( '<strong>Error</strong>: This forum is hidden and you do not have the capability to read or create new forums in it.', 'bbpress' ) );218 // Forum parent not readable by user 219 if ( ! current_user_can( 'read_forum', $forum_parent_id ) ) { 220 bbp_add_error( 'bbp_new_forum_forum_read', __( '<strong>Error</strong>: You do not have the capability to create new forums in this forum.', 'bbpress' ) ); 222 221 } 223 222 } 224 223 … … 428 427 /** Forum Parent ***********************************************************/ 429 428 430 429 // Forum parent id was passed 431 if ( ! empty( $_POST['bbp_forum_parent_id'] ) ) {430 if ( ! empty( $_POST['bbp_forum_parent_id'] ) && is_numeric( $_POST['bbp_forum_parent_id'] ) ) { 432 431 $forum_parent_id = bbp_get_forum_id( $_POST['bbp_forum_parent_id'] ); 433 432 } 434 433 435 434 // Current forum this forum is in 436 435 $current_parent_forum_id = bbp_get_forum_parent_id( $forum_id ); 437 436 438 // Forum exists437 // Forum parent exists 439 438 if ( ! empty( $forum_parent_id ) && ( $forum_parent_id !== $current_parent_forum_id ) ) { 440 439 441 // Forum is closed and user cannot access 442 if ( bbp_is_forum_closed( $forum_parent_id ) && ! current_user_can( 'edit_forum', $forum_parent_id ) ) { 443 bbp_add_error( 'bbp_edit_forum_forum_closed', __( '<strong>Error</strong>: This forum has been closed to new forums.', 'bbpress' ) ); 444 } 440 // Forum parent not editable by user 441 if ( ! current_user_can( 'edit_forum', $forum_parent_id ) ) { 445 442 446 // Forum is private and user cannot access 447 if ( bbp_is_forum_private( $forum_parent_id ) && ! current_user_can( 'read_forum', $forum_parent_id ) ) { 448 bbp_add_error( 'bbp_edit_forum_forum_private', __( '<strong>Error</strong>: This forum is private and you do not have the capability to read or create new forums in it.', 'bbpress' ) ); 443 // Forum is closed 444 if ( bbp_is_forum_closed( $forum_parent_id ) ) { 445 bbp_add_error( 'bbp_edit_forum_forum_closed', __( '<strong>Error</strong>: This forum is closed to new forums.', 'bbpress' ) ); 446 } 449 447 } 450 448 451 // Forum is hidden and user cannot access452 if ( bbp_is_forum_hidden( $forum_parent_id ) &&! current_user_can( 'read_forum', $forum_parent_id ) ) {453 bbp_add_error( 'bbp_edit_forum_forum_ hidden', __( '<strong>Error</strong>: This forum is hidden and you do not have the capability to read or create new forums in it.', 'bbpress' ) );449 // Forum parent not readable by user 450 if ( ! current_user_can( 'read_forum', $forum_parent_id ) ) { 451 bbp_add_error( 'bbp_edit_forum_forum_read', __( '<strong>Error</strong>: You do not have the capability to create new forums in this forum.', 'bbpress' ) ); 454 452 } 455 453 } 456 454 -
src/includes/replies/functions.php
179 179 // Get the topic id 180 180 $posted_topic_id = intval( $_POST['bbp_topic_id'] ); 181 181 182 // Topic id is 0 183 if ( 0 === $posted_topic_id ) { 184 bbp_add_error( 'bbp_reply_topic_id', __( '<strong>Error</strong>: Topic ID is missing.', 'bbpress' ) ); 185 182 186 // Topic id is a negative number 183 if ( 0 > $posted_topic_id ) {187 } elseif ( 0 > $posted_topic_id ) { 184 188 bbp_add_error( 'bbp_reply_topic_id', __( '<strong>Error</strong>: Topic ID cannot be a negative number.', 'bbpress' ) ); 185 189 186 190 // Topic does not exist … … 193 197 } 194 198 } 195 199 200 // User cannot read parent topic ID 201 if ( ! current_user_can( 'read_topic', $topic_id ) ) { 202 bbp_add_error( 'bbp_new_reply_topic_public', __( '<strong>Error</strong>: You do not have the capability to read or create new replies in this topic.', 'bbpress' ) ); 203 } 204 196 205 /** Forum ID **************************************************************/ 197 206 198 207 // Try to use the forum id of the topic … … 216 225 // Get the forum id 217 226 $posted_forum_id = intval( $_POST['bbp_forum_id'] ); 218 227 219 // Forum id is empty228 // Forum id is 0 220 229 if ( 0 === $posted_forum_id ) { 221 bbp_add_error( 'bbp_ topic_forum_id', __( '<strong>Error</strong>: Forum ID is missing.', 'bbpress' ) );230 bbp_add_error( 'bbp_reply_forum_id', __( '<strong>Error</strong>: Forum ID is missing.', 'bbpress' ) ); 222 231 223 232 // Forum id is a negative number 224 233 } elseif ( 0 > $posted_forum_id ) { 225 bbp_add_error( 'bbp_ topic_forum_id', __( '<strong>Error</strong>: Forum ID cannot be a negative number.', 'bbpress' ) );234 bbp_add_error( 'bbp_reply_forum_id', __( '<strong>Error</strong>: Forum ID cannot be a negative number.', 'bbpress' ) ); 226 235 227 236 // Forum does not exist 228 237 } elseif ( ! bbp_get_forum( $posted_forum_id ) ) { 229 bbp_add_error( 'bbp_ topic_forum_id', __( '<strong>Error</strong>: Forum does not exist.', 'bbpress' ) );238 bbp_add_error( 'bbp_reply_forum_id', __( '<strong>Error</strong>: Forum does not exist.', 'bbpress' ) ); 230 239 231 240 // Use the POST'ed forum id 232 241 } else { … … 245 254 // Forum is not a category 246 255 } else { 247 256 248 // Forum is closed and user cannot access 249 if ( bbp_is_forum_closed( $forum_id ) && ! current_user_can( 'edit_forum', $forum_id ) ) { 250 bbp_add_error( 'bbp_new_reply_forum_closed', __( '<strong>Error</strong>: This forum has been closed to new replies.', 'bbpress' ) ); 257 // Forum not editable by user 258 if ( ! current_user_can( 'edit_forum', $forum_id ) ) { 259 260 // Forum is closed 261 if ( bbp_is_forum_closed( $forum_id ) ) { 262 bbp_add_error( 'bbp_new_reply_forum_closed', __( '<strong>Error</strong>: This forum is closed to new replies.', 'bbpress' ) ); 263 } 251 264 } 252 265 253 // Forum is private and user cannot access 254 if ( bbp_is_forum_private( $forum_id ) && ! current_user_can( 'read_forum', $forum_id ) ) { 255 bbp_add_error( 'bbp_new_reply_forum_private', __( '<strong>Error</strong>: This forum is private and you do not have the capability to read or create new replies in it.', 'bbpress' ) ); 256 257 // Forum is hidden and user cannot access 258 } elseif ( bbp_is_forum_hidden( $forum_id ) && ! current_user_can( 'read_forum', $forum_id ) ) { 259 bbp_add_error( 'bbp_new_reply_forum_hidden', __( '<strong>Error</strong>: This forum is hidden and you do not have the capability to read or create new replies in it.', 'bbpress' ) ); 266 // Forum not readable by user 267 if ( ! current_user_can( 'read_forum', $forum_id ) ) { 268 bbp_add_error( 'bbp_new_reply_forum_read', __( '<strong>Error</strong>: You do not have the capability to read or create new replies in this forum.', 'bbpress' ) ); 260 269 } 261 270 } 262 271 } … … 270 279 remove_filter( 'bbp_new_reply_pre_content', 'bbp_filter_kses', 30 ); 271 280 } 272 281 282 /** Reply To **************************************************************/ 283 284 // Handle Reply To of the reply; $_REQUEST for non-JS submissions 285 if ( isset( $_REQUEST['bbp_reply_to'] ) && is_numeric( $_REQUEST['bbp_reply_to'] ) ) { 286 $reply_to = bbp_validate_reply_to( $_REQUEST['bbp_reply_to'] ); 287 } 288 289 // Check the Reply To ID 290 if ( ! empty( $reply_to ) ) { 291 292 // User cannot read parent reply ID 293 if ( ! current_user_can( 'read_reply', $reply_to ) ) { 294 bbp_add_error( 'bbp_new_reply_reply_to', __( '<strong>Error</strong>: You do not have the capability to read or create new replies to this reply.', 'bbpress' ) ); 295 } 296 } 297 273 298 /** Reply Title ***********************************************************/ 274 299 275 300 if ( ! empty( $_POST['bbp_reply_title'] ) ) { … … 334 359 $reply_status = bbp_get_pending_status_id(); 335 360 } 336 361 337 /** Reply To **************************************************************/338 339 // Handle Reply To of the reply; $_REQUEST for non-JS submissions340 if ( isset( $_REQUEST['bbp_reply_to'] ) ) {341 $reply_to = bbp_validate_reply_to( $_REQUEST['bbp_reply_to'] );342 }343 344 362 /** Topic Closed **********************************************************/ 345 363 346 364 // If topic is closed, moderators can still reply … … 574 592 575 593 $topic_id = bbp_get_reply_topic_id( $reply_id ); 576 594 595 // User cannot read parent topic ID 596 if ( ! current_user_can( 'read_topic', $topic_id ) ) { 597 bbp_add_error( 'bbp_edit_reply_topic', __( '<strong>Error</strong>: You do not have the capability to read or create new replies in this topic.', 'bbpress' ) ); 598 } 599 577 600 /** Topic Forum ***********************************************************/ 578 601 579 602 $forum_id = bbp_get_topic_forum_id( $topic_id ); … … 588 611 // Forum is not a category 589 612 } else { 590 613 591 // Forum is closed and user cannot access 592 if ( bbp_is_forum_closed( $forum_id ) && ! current_user_can( 'edit_forum', $forum_id ) ) { 593 bbp_add_error( 'bbp_edit_reply_forum_closed', __( '<strong>Error</strong>: This forum has been closed to new replies.', 'bbpress' ) ); 614 // Forum not editable by user 615 if ( ! current_user_can( 'edit_forum', $forum_id ) ) { 616 617 // Forum is closed 618 if ( bbp_is_forum_closed( $forum_id ) ) { 619 bbp_add_error( 'bbp_edit_reply_forum_closed', __( '<strong>Error</strong>: This forum is closed to new replies.', 'bbpress' ) ); 620 } 594 621 } 595 622 596 // Forum is private and user cannot access 597 if ( bbp_is_forum_private( $forum_id ) && ! current_user_can( 'read_forum', $forum_id ) ) { 598 bbp_add_error( 'bbp_edit_reply_forum_private', __( '<strong>Error</strong>: This forum is private and you do not have the capability to read or create new replies in it.', 'bbpress' ) ); 599 600 // Forum is hidden and user cannot access 601 } elseif ( bbp_is_forum_hidden( $forum_id ) && ! current_user_can( 'read_forum', $forum_id ) ) { 602 bbp_add_error( 'bbp_edit_reply_forum_hidden', __( '<strong>Error</strong>: This forum is hidden and you do not have the capability to read or create new replies in it.', 'bbpress' ) ); 623 // Forum not readable by user 624 if ( ! current_user_can( 'read_forum', $forum_id ) ) { 625 bbp_add_error( 'bbp_edit_reply_forum_read', __( '<strong>Error</strong>: You do not have the capability to read or create new topics in this forum.', 'bbpress' ) ); 603 626 } 604 627 } 605 628 } 606 629 630 /** Reply To **************************************************************/ 631 632 $reply_to = bbp_get_reply_to( $reply_id ); 633 634 // Maybe sanitize Reply To, using $_REQUEST for non-JS submissions 635 if ( isset( $_REQUEST['bbp_reply_to'] ) && is_numeric( $_REQUEST['bbp_reply_to'] ) ) { 636 $reply_to = intval( $_REQUEST['bbp_reply_to'] ); 637 } 638 639 // Validate Reply To 640 $reply_to = bbp_validate_reply_to( $reply_to, $reply_id ); 641 642 // Check the Reply To ID 643 if ( ! empty( $reply_to ) ) { 644 645 // User cannot read parent reply ID 646 if ( ! current_user_can( 'read_reply', $reply_to ) ) { 647 bbp_add_error( 'bbp_edit_reply_reply_to', __( '<strong>Error</strong>: You do not have the capability to read or create new replies to this reply.', 'bbpress' ) ); 648 } 649 } 650 607 651 /** Reply Title ***********************************************************/ 608 652 609 653 if ( ! empty( $_POST['bbp_reply_title'] ) ) { … … 663 707 } 664 708 } 665 709 666 /** Reply To **************************************************************/667 668 // Handle Reply To of the reply; $_REQUEST for non-JS submissions669 if ( isset( $_REQUEST['bbp_reply_to'] ) && current_user_can( 'moderate', $reply_id ) ) {670 $reply_to = bbp_validate_reply_to( $_REQUEST['bbp_reply_to'], $reply_id );671 } elseif ( bbp_thread_replies() ) {672 $reply_to = bbp_get_reply_to( $reply_id );673 }674 675 710 /** Topic Tags ************************************************************/ 676 711 677 712 // Either replace terms -
src/includes/topics/functions.php
196 196 // Get the forum id 197 197 $posted_forum_id = intval( $_POST['bbp_forum_id'] ); 198 198 199 // Forum id is empty199 // Forum id is 0 200 200 if ( 0 === $posted_forum_id ) { 201 201 bbp_add_error( 'bbp_topic_forum_id', __( '<strong>Error</strong>: Forum ID is missing.', 'bbpress' ) ); 202 202 … … 225 225 // Forum is not a category 226 226 } else { 227 227 228 // Forum is closed and user cannot access 229 if ( bbp_is_forum_closed( $forum_id ) && ! current_user_can( 'edit_forum', $forum_id ) ) { 230 bbp_add_error( 'bbp_new_topic_forum_closed', __( '<strong>Error</strong>: This forum has been closed to new topics.', 'bbpress' ) ); 228 // Forum not editable by user 229 if ( ! current_user_can( 'edit_forum', $forum_id ) ) { 230 231 // Forum is closed 232 if ( bbp_is_forum_closed( $forum_id ) ) { 233 bbp_add_error( 'bbp_new_topic_forum_closed', __( '<strong>Error</strong>: This forum is closed to new topics.', 'bbpress' ) ); 234 } 231 235 } 232 236 233 // Forum is private and user cannot access 234 if ( bbp_is_forum_private( $forum_id ) && ! current_user_can( 'read_forum', $forum_id ) ) { 235 bbp_add_error( 'bbp_new_topic_forum_private', __( '<strong>Error</strong>: This forum is private and you do not have the capability to read or create new topics in it.', 'bbpress' ) ); 236 237 // Forum is hidden and user cannot access 238 } elseif ( bbp_is_forum_hidden( $forum_id ) && ! current_user_can( 'read_forum', $forum_id ) ) { 239 bbp_add_error( 'bbp_new_topic_forum_hidden', __( '<strong>Error</strong>: This forum is hidden and you do not have the capability to read or create new topics in it.', 'bbpress' ) ); 237 // Forum not readable by user 238 if ( ! current_user_can( 'read_forum', $forum_id ) ) { 239 bbp_add_error( 'bbp_new_topic_forum_read', __( '<strong>Error</strong>: You do not have the capability to read or create new topics in this forum.', 'bbpress' ) ); 240 240 } 241 241 } 242 242 } … … 499 499 500 500 // Forum id was passed 501 501 } elseif ( is_numeric( $_POST['bbp_forum_id'] ) ) { 502 $forum_id = (int) $_POST['bbp_forum_id']; 502 503 // Get the forum id 504 $posted_forum_id = intval( $_POST['bbp_forum_id'] ); 505 506 // Forum id is 0 507 if ( 0 === $posted_forum_id ) { 508 bbp_add_error( 'bbp_topic_forum_id', __( '<strong>Error</strong>: Forum ID is missing.', 'bbpress' ) ); 509 510 // Forum id is a negative number 511 } elseif ( 0 > $posted_forum_id ) { 512 bbp_add_error( 'bbp_topic_forum_id', __( '<strong>Error</strong>: Forum ID cannot be a negative number.', 'bbpress' ) ); 513 514 // Forum does not exist 515 } elseif ( ! bbp_get_forum( $posted_forum_id ) ) { 516 bbp_add_error( 'bbp_topic_forum_id', __( '<strong>Error</strong>: Forum does not exist.', 'bbpress' ) ); 517 518 // Use the POST'ed forum id 519 } else { 520 $forum_id = $posted_forum_id; 521 } 503 522 } 504 523 505 524 // Current forum this topic is in 506 525 $current_forum_id = bbp_get_topic_forum_id( $topic_id ); 507 526 527 // Forum change 528 if ( $forum_id !== $current_forum_id ) { 529 530 // User cannot edit current forum 531 if ( ! current_user_can( 'edit_forum', $current_forum_id ) ) { 532 bbp_add_error( 'bbp_edit_topic_forum_move_old', __( '<strong>Error</strong>: You do not have the capability to move topics out of this forum.', 'bbpress' ) ); 533 534 // User cannot read new forum 535 } elseif ( ! current_user_can( 'read_forum', $forum_id ) ) { 536 bbp_add_error( 'bbp_edit_topic_forum_move_new', __( '<strong>Error</strong>: You do not have the capability to move topics into this forum.', 'bbpress' ) ); 537 } 538 } 539 508 540 // Forum exists 509 if ( ! empty( $forum_id ) && ( $forum_id !== $current_forum_id )) {541 if ( ! empty( $forum_id ) ) { 510 542 511 543 // Forum is a category 512 544 if ( bbp_is_forum_category( $forum_id ) ) { … … 515 547 // Forum is not a category 516 548 } else { 517 549 518 // Forum is closed and user cannot access 519 if ( bbp_is_forum_closed( $forum_id ) && ! current_user_can( 'edit_forum', $forum_id ) ) { 520 bbp_add_error( 'bbp_edit_topic_forum_closed', __( '<strong>Error</strong>: This forum has been closed to new topics.', 'bbpress' ) ); 550 // Forum not editable by user 551 if ( ! current_user_can( 'edit_forum', $forum_id ) ) { 552 553 // Forum is closed 554 if ( bbp_is_forum_closed( $forum_id ) ) { 555 bbp_add_error( 'bbp_edit_topic_forum_closed', __( '<strong>Error</strong>: This forum is closed to new topics.', 'bbpress' ) ); 556 } 521 557 } 522 558 523 // Forum is private and user cannot access 524 if ( bbp_is_forum_private( $forum_id ) && ! current_user_can( 'read_forum', $forum_id ) ) { 525 bbp_add_error( 'bbp_edit_topic_forum_private', __( '<strong>Error</strong>: This forum is private and you do not have the capability to read or create new topics in it.', 'bbpress' ) ); 526 527 // Forum is hidden and user cannot access 528 } elseif ( bbp_is_forum_hidden( $forum_id ) && ! current_user_can( 'read_forum', $forum_id ) ) { 529 bbp_add_error( 'bbp_edit_topic_forum_hidden', __( '<strong>Error</strong>: This forum is hidden and you do not have the capability to read or create new topics in it.', 'bbpress' ) ); 559 // Forum not readable by user 560 if ( ! current_user_can( 'read_forum', $forum_id ) ) { 561 bbp_add_error( 'bbp_edit_topic_forum_read', __( '<strong>Error</strong>: You do not have the capability to read or create new topics in this forum.', 'bbpress' ) ); 530 562 } 531 563 } 532 564 }