Changeset 3125

Timestamp:

05/09/2011 06:51:40 AM (15 years ago)

Author:

johnjamesjacoby

Message:

Prevent forum and topic ID's from being poisoned by functions that attempt to make calculations out of turn. Also prevent incorrect assignment of parent topic and forum ID's when posting from admin area. Fixes #1433.

Location:

branches/plugin

Files:

• bbp-admin/bbp-replies.php (modified) (2 diffs)
• bbp-admin/bbp-topics.php (modified) (1 diff)
• bbp-includes/bbp-reply-functions.php (modified) (1 diff)
• bbp-includes/bbp-reply-template.php (modified) (2 diffs)
• bbp-includes/bbp-topic-functions.php (modified) (1 diff)
• bbp-includes/bbp-topic-template.php (modified) (1 diff)

branches/plugin/bbp-admin/bbp-replies.php

@@ -568 +568 @@
 
                 // Output forum name
-                bbp_topic_title( $topic_id );
-
-                // Link information
-                $actions = apply_filters( 'reply_topic_row_actions', array (
-                    'edit' => '<a href="' . add_query_arg( array( 'post' => $topic_id, 'action' => 'edit' ), admin_url( '/post.php' ) ) . '">' . __( 'Edit', 'bbpress' ) . '</a>',
-                    'view' => '<a href="' . bbp_get_topic_permalink( $topic_id ) . '">' . __( 'View', 'bbpress' ) . '</a>'
-                ) );
-
-                // Output forum post row links
-                foreach ( $actions as $action => $link )
-                    $formatted_actions[] = '<span class="' . $action . '">' . $link . '</span>';
-
-                //echo '<div class="row-actions">' . implode( ' | ', $formatted_actions ) . '</div>';
+                if ( !empty( $topic_id ) ) {
+                    bbp_topic_title( $topic_id );
+
+                    // Link information
+                    $actions = apply_filters( 'reply_topic_row_actions', array (
+                        'edit' => '<a href="' . add_query_arg( array( 'post' => $topic_id, 'action' => 'edit' ), admin_url( '/post.php' ) ) . '">' . __( 'Edit', 'bbpress' ) . '</a>',
+                        'view' => '<a href="' . bbp_get_topic_permalink( $topic_id ) . '">' . __( 'View', 'bbpress' ) . '</a>'
+                    ) );
+
+                    // Output forum post row links
+                    foreach ( $actions as $action => $link )
+                        $formatted_actions[] = '<span class="' . $action . '">' . $link . '</span>';
+
+                    if ( !empty( $topic_id ) )
+                        echo '<div class="row-actions">' . implode( ' | ', $formatted_actions ) . '</div>';
+
+                // Reply has no topic
+                } else {
+                    _e( '(No Topic)', 'bbpress' );
+                }
 
                 break;
@@ -591 +598 @@
 
                 // Output forum name
-                bbp_forum_title( $forum_id );
-
-                // Link information
-                $actions = apply_filters( 'reply_topic_forum_row_actions', array (
-                    'edit' => '<a href="' . add_query_arg( array( 'post' => $forum_id, 'action' => 'edit' ), admin_url( '/post.php' ) ) . '">' . __( 'Edit', 'bbpress' ) . '</a>',
-                    'view' => '<a href="' . bbp_get_forum_permalink( $forum_id ) . '">' . __( 'View', 'bbpress' ) . '</a>'
-                ) );
-
-                // Output forum post row links
-                foreach ( $actions as $action => $link )
-                    $formatted_actions[] = '<span class="' . $action . '">' . $link . '</span>';
-
-                //echo '<div class="row-actions">' . implode( ' | ', $formatted_actions ) . '</div>';
+                if ( !empty( $forum_id ) ) {
+                    bbp_forum_title( $forum_id );
+
+                    // Link information
+                    $actions = apply_filters( 'reply_topic_forum_row_actions', array (
+                        'edit' => '<a href="' . add_query_arg( array( 'post' => $forum_id, 'action' => 'edit' ), admin_url( '/post.php' ) ) . '">' . __( 'Edit', 'bbpress' ) . '</a>',
+                        'view' => '<a href="' . bbp_get_forum_permalink( $forum_id ) . '">' . __( 'View', 'bbpress' ) . '</a>'
+                    ) );
+
+                    // Output forum post row links
+                    foreach ( $actions as $action => $link )
+                        $formatted_actions[] = '<span class="' . $action . '">' . $link . '</span>';
+
+                    // Show forum actions
+                    if ( !empty( $forum_id ) )
+                        echo '<div class="row-actions">' . implode( ' | ', $formatted_actions ) . '</div>';
+
+                // Reply has no forum
+                } else {
+                    _e( '(No Forum)', 'bbpress' );
+                }
 
                 break;

branches/plugin/bbp-admin/bbp-topics.php

@@ -653 +653 @@
                         $formatted_actions[] = '<span class="' . $action . '">' . $link . '</span>';
 
-                    //echo '<div class="row-actions">' . implode( ' | ', $formatted_actions ) . '</div>';
+                    echo '<div class="row-actions">' . implode( ' | ', $formatted_actions ) . '</div>';
                 } else {
                     _e( '(No Forum)', 'bbpress' );

branches/plugin/bbp-includes/bbp-reply-functions.php

@@ -383 +383 @@
             // Check that actions match what we need
             'editpost'                    === $_POST['action']           &&
+            'publish'                     === $_POST['post_status']      &&
             bbp_get_reply_post_type()     === $_POST['post_type']
+
     ) {
 

branches/plugin/bbp-includes/bbp-reply-template.php

@@ -1071 +1071 @@
     function bbp_get_reply_topic_id( $reply_id = 0 ) {
 
+        // Assume there is no topic id
+        $topic_id = 0;
+
         // Check that reply_id is valid
-        if ( $reply_id = bbp_get_reply_id( $reply_id ) ) {
+        if ( $reply_id = bbp_get_reply_id( $reply_id ) )
 
             // Get topic_id from reply
-            $topic_id = get_post_meta( $reply_id, '_bbp_topic_id', true );
-            $topic_id = bbp_get_topic_id( $topic_id );
-
-        // reply_id is not valid, so no topic exists
-        } else {
-            $topic_id = 0;
-        }
+            if ( $topic_id = get_post_meta( $reply_id, '_bbp_topic_id', true ) )
+
+                // Validate the topic_id
+                $topic_id = bbp_get_topic_id( $topic_id );
 
         return apply_filters( 'bbp_get_reply_topic_id', (int) $topic_id, $reply_id );
@@ -1111 +1111 @@
     function bbp_get_reply_forum_id( $reply_id = 0 ) {
 
+        // Assume there is no forum
+        $forum_id = 0;
+
         // Check that reply_id is valid
-        if ( $reply_id = bbp_get_reply_id( $reply_id ) ) {
+        if ( $reply_id = bbp_get_reply_id( $reply_id ) )
 
             // Get forum_id from reply
-            $forum_id = get_post_meta( $reply_id, '_bbp_forum_id', true );
-            $forum_id = bbp_get_forum_id( $forum_id );
-
-        // reply_id is not valid, so no forum exists
-        } else {
-            $forum_id = 0;
-        }
+            if ( $forum_id = get_post_meta( $reply_id, '_bbp_forum_id', true ) )
+
+                // Validate the forum_id
+                $forum_id = bbp_get_forum_id( $forum_id );
 
         return apply_filters( 'bbp_get_reply_forum_id', (int) $forum_id, $reply_id );

branches/plugin/bbp-includes/bbp-topic-functions.php

@@ -392 +392 @@
             // Check that actions match what we need
             'editpost'                    === $_POST['action']           &&
+            'publish'                     === $_POST['post_status']      &&
             bbp_get_topic_post_type()     === $_POST['post_type']
     ) {

branches/plugin/bbp-includes/bbp-topic-template.php

@@ -1265 +1265 @@
         $forum_id = get_post_meta( $topic_id, '_bbp_forum_id', true );
 
-        // Fallback to post_parent if no meta exists, and set post meta
-        if ( '' === $forum_id ) {
-            $forum_id = get_post_field( 'post_parent', $topic_id );
-            bbp_update_topic_forum_id( $topic_id, $forum_id );
-        }
-
         return apply_filters( 'bbp_get_topic_forum_id', (int) $forum_id, $topic_id );
     }