Skip to:
Content

bbPress.org

Changeset 3135


Ignore:
Timestamp:
05/11/2011 04:13:41 AM (14 years ago)
Author:
johnjamesjacoby
Message:

First round of security sweeps and final code clean-up. Includes new/edit topic functions, topic merge, and some strtoupper() checks on REQUEST_METHOD. See #1514.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/plugin/bbp-includes/bbp-topic-functions.php

    r3129 r3135  
    4646 */
    4747function bbp_new_topic_handler() {
     48
    4849    // Only proceed if POST is a new topic
    49     if ( 'POST' == $_SERVER['REQUEST_METHOD'] && !empty( $_POST['action'] ) && 'bbp-new-topic' === $_POST['action'] ) {
     50    if ( 'POST' == strtoupper( $_SERVER['REQUEST_METHOD'] ) && !empty( $_POST['action'] ) && ( 'bbp-new-topic' === $_POST['action'] ) ) {
    5051        global $bbp;
    5152
     
    5354        check_admin_referer( 'bbp-new-topic' );
    5455
    55         // Prevent debug notices
    56         $forum_id = $topic_title = $topic_content = '';
    57 
    58         // Check users ability to create new topic
    59         if ( !bbp_is_anonymous() ) {
    60             if ( !current_user_can( 'publish_topics' ) )
     56        // Set defaults to prevent debug notices
     57        $forum_id = $topic_author = $anonymous_data = 0;
     58        $topic_title = $topic_content = '';
     59        $terms = array( $bbp->topic_tag_id => array() );
     60
     61        /** Topic Author ******************************************************/
     62
     63        // User is anonymous
     64        if ( bbp_is_anonymous() ) {
     65
     66            // Filter anonymous data
     67            $anonymous_data = bbp_filter_anonymous_post_data();
     68
     69            // Anonymous data checks out, so set cookies, etc...
     70            if ( !empty( $anonymous_data ) && is_array( $anonymous_data ) ) {
     71                bbp_set_current_anonymous_user_data( $anonymous_data );
     72            }
     73
     74        // User is logged in
     75        } else {
     76
     77            // User cannot create topics
     78            if ( !current_user_can( 'publish_topics' ) ) {
    6179                $bbp->errors->add( 'bbp_topic_permissions', __( '<strong>ERROR</strong>: You do not have permission to create new topics.', 'bbpress' ) );
    62 
    63             $anonymous_data = false;
    64             $topic_author   = bbp_get_current_user_id();
    65 
    66         // It is an anonymous post
    67         } else {
    68             $anonymous_data = bbp_filter_anonymous_post_data(); // Filter anonymous data
    69             $topic_author   = 0;
    70 
    71             if ( !empty( $anonymous_data ) && is_array( $anonymous_data ) )
    72                 bbp_set_current_anonymous_user_data( $anonymous_data );
     80            }
     81
     82            // Topic author is current user
     83            $topic_author = bbp_get_current_user_id();
     84
    7385        }
    7486
     
    7991        }
    8092
    81         // Handle Title
    82         if ( isset( $_POST['bbp_topic_title'] ) && ( !$topic_title = esc_attr( strip_tags( $_POST['bbp_topic_title'] ) ) ) )
     93        /** Topic Title *******************************************************/
     94
     95        // Topic title
     96        if ( !empty( $_POST['bbp_topic_title'] ) ) {
     97
     98            // Sanitize and strip HTML tags
     99            $topic_title = esc_attr( strip_tags( $_POST['bbp_topic_title'] ) );
     100
     101            // Filter and sanitize
     102            $topic_title = apply_filters( 'bbp_new_topic_pre_title', $topic_title );
     103        }
     104
     105        // No topic title
     106        if ( empty( $topic_title ) )
    83107            $bbp->errors->add( 'bbp_topic_title', __( '<strong>ERROR</strong>: Your topic needs a title.', 'bbpress' ) );
    84108
    85         $topic_title = apply_filters( 'bbp_new_topic_pre_title', $topic_title );
    86 
    87         // Handle Content
    88         if ( isset( $_POST['bbp_topic_content'] ) && ( !$topic_content = $_POST['bbp_topic_content'] ) )
     109        /** Topic Content *****************************************************/
     110
     111        // Topic content
     112        if ( !empty( $_POST['bbp_topic_content'] ) ) {
     113
     114            // Set topic content
     115            $topic_content = $_POST['bbp_topic_content'];
     116
     117            // Filter and sanitize
     118            $topic_content = apply_filters( 'bbp_new_topic_pre_content', $topic_content );
     119        }
     120
     121        // No topic content
     122        if ( empty( $topic_content ) )
    89123            $bbp->errors->add( 'bbp_topic_content', __( '<strong>ERROR</strong>: Your topic needs some content.', 'bbpress' ) );
    90124
    91         $topic_content = apply_filters( 'bbp_new_topic_pre_content', $topic_content );
    92 
    93         // Handle Forum id to append topic to
    94         if ( isset( $_POST['bbp_forum_id'] ) && ( !$forum_id = $_POST['bbp_forum_id'] ) ) {
     125        /** Topic Forum *******************************************************/
     126
     127        // Forum id was not passed
     128        if ( empty( $_POST['bbp_forum_id'] ) )
    95129            $bbp->errors->add( 'bbp_topic_forum_id', __( '<strong>ERROR</strong>: Forum ID is missing.', 'bbpress' ) );
    96         } else {
     130
     131        // Forum id was passed
     132        elseif ( is_numeric( $_POST['bbp_forum_id'] ) )
     133            $forum_id = (int) $_POST['bbp_forum_id'];
     134
     135        // Forum exists
     136        if ( !empty( $forum_id ) ) {
     137
     138            // Forum is a category
    97139            if ( bbp_is_forum_category( $forum_id ) )
    98                 $bbp->errors->add( 'bbp_topic_forum_category', __( '<strong>ERROR</strong>: This forum is a category. No topics can be created in this forum!', 'bbpress' ) );
    99 
     140                $bbp->errors->add( 'bbp_edit_topic_forum_category', __( '<strong>ERROR</strong>: This forum is a category. No topics can be created in this forum.', 'bbpress' ) );
     141
     142            // Forum is closed and user cannot access
    100143            if ( bbp_is_forum_closed( $forum_id ) && !current_user_can( 'edit_forum', $forum_id ) )
    101                 $bbp->errors->add( 'bbp_topic_forum_closed', __( '<strong>ERROR</strong>: This forum has been closed to new topics!', 'bbpress' ) );
    102 
     144                $bbp->errors->add( 'bbp_edit_topic_forum_closed', __( '<strong>ERROR</strong>: This forum has been closed to new topics.', 'bbpress' ) );
     145
     146            // Forum is private and user cannot access
    103147            if ( bbp_is_forum_private( $forum_id ) && !current_user_can( 'read_private_forums' ) )
    104                 $bbp->errors->add( 'bbp_topic_forum_private', __( '<strong>ERROR</strong>: This forum is private and you do not have the capability to read or create new topics in this forum!', 'bbpress' ) );
    105         }
    106 
    107         // Check for flood
     148                $bbp->errors->add( 'bbp_edit_topic_forum_private', __( '<strong>ERROR</strong>: This forum is private and you do not have the capability to read or create new topics in it.', 'bbpress' ) );
     149
     150            // Forum is hidden and user cannot access
     151            if ( bbp_is_forum_hidden( $forum_id ) && !current_user_can( 'read_hidden_forums' ) )
     152                $bbp->errors->add( 'bbp_edit_topic_forum_hidden', __( '<strong>ERROR</strong>: This forum is hidden and you do not have the capability to read or create new topics in it.', 'bbpress' ) );
     153        }
     154
     155        /** Topic Flooding ****************************************************/
     156
    108157        if ( !bbp_check_for_flood( $anonymous_data, $topic_author ) )
    109158            $bbp->errors->add( 'bbp_topic_flood', __( '<strong>ERROR</strong>: Slow down; you move too fast.', 'bbpress' ) );
    110159
    111         // Check for duplicate
     160        /** Topic Duplicate ***************************************************/
     161
    112162        if ( !bbp_check_for_duplicate( array( 'post_type' => bbp_get_topic_post_type(), 'post_author' => $topic_author, 'post_content' => $topic_content, 'anonymous_data' => $anonymous_data ) ) )
    113163            $bbp->errors->add( 'bbp_topic_duplicate', __( '<strong>ERROR</strong>: Duplicate topic detected; it looks as though you&#8217;ve already said that!', 'bbpress' ) );
    114164
    115         // Handle Tags
     165        /** Topic Tags ********************************************************/
     166
    116167        if ( !empty( $_POST['bbp_topic_tags'] ) ) {
    117168
     
    120171
    121172            // Explode by comma
    122             if ( strstr( $terms, ',' ) )
     173            if ( strstr( $terms, ',' ) ) {
    123174                $terms = explode( ',', $terms );
     175            }
    124176
    125177            // Add topic tag ID as main key
    126178            $terms = array( $bbp->topic_tag_id => $terms );
    127 
    128         // No tags
    129         } else {
    130             $terms = '';
    131         }
    132 
    133         // Handle insertion into posts table
     179        }
     180
     181        /** Additional Actions (Before Save) **********************************/
     182
     183        do_action( 'bbp_new_topic_pre_extras' );
     184
     185        /** No Errors *********************************************************/
     186
    134187        if ( !is_wp_error( $bbp->errors ) || !$bbp->errors->get_error_codes() ) {
     188
     189            /** Create new topic **********************************************/
    135190
    136191            // Add the content of the form to $post as an array
     
    145200            );
    146201
    147             // Insert reply
     202            // Insert topic
    148203            $topic_id = wp_insert_post( $topic_data );
    149204
    150             // Check for missing topic_id or error
     205            /** No Errors *****************************************************/
     206
    151207            if ( !empty( $topic_id ) && !is_wp_error( $topic_id ) ) {
    152208
    153                 // Stick status
     209                /** Stickies **************************************************/
     210
    154211                if ( !empty( $_POST['bbp_stick_topic'] ) && in_array( $_POST['bbp_stick_topic'], array( 'stick', 'super', 'unstick' ) ) ) {
    155212
     213                    // What's the haps?
    156214                    switch ( $_POST['bbp_stick_topic'] ) {
    157215
     216                        // Sticky in this forum
    158217                        case 'stick'   :
    159218                            bbp_stick_topic( $topic_id );
    160 
    161219                            break;
    162220
     221                        // Super sticky in all forums
    163222                        case 'super'   :
    164223                            bbp_stick_topic( $topic_id, true );
    165 
    166224                            break;
    167225
     226                        // We can avoid this as it is a new topic
    168227                        case 'unstick' :
    169228                        default        :
    170 
    171                             // We can avoid this as it is a new topic
    172                             // bbp_unstick_topic( $topic_id );
    173 
    174229                            break;
    175230                    }
     
    180235                do_action( 'bbp_new_topic', $topic_id, $forum_id, $anonymous_data, $topic_author );
    181236
     237                /** Successful Save *******************************************/
     238
    182239                // Redirect back to new reply
    183240                wp_redirect( bbp_get_topic_permalink( $topic_id ) . '#post-' . $topic_id );
     
    186243                exit();
    187244
    188             // Errors to report
     245            // Errors
    189246            } else {
    190247                $append_error = ( is_wp_error( $topic_id ) && $topic_id->get_error_message() ) ? $topic_id->get_error_message() . ' ' : '';
     
    230287 */
    231288function bbp_edit_topic_handler() {
     289
    232290    // Only proceed if POST is an edit topic request
    233     if ( 'POST' == $_SERVER['REQUEST_METHOD'] && !empty( $_POST['action'] ) && 'bbp-edit-topic' === $_POST['action'] ) {
     291    if ( ( 'POST' === strtoupper( $_SERVER['REQUEST_METHOD'] ) ) && ( !empty( $_POST['action'] ) && ( 'bbp-edit-topic' === $_POST['action'] ) ) ) {
    234292        global $bbp;
    235293
    236         if ( !$topic_id = (int) $_POST['bbp_topic_id'] ) {
    237             $bbp->errors->add( 'bbp_edit_topic_id', __( '<strong>ERROR</strong>: Topic ID not found!', 'bbpress' ) );
    238         } elseif ( !$topic = bbp_get_topic( $topic_id ) ) {
    239             $bbp->errors->add( 'bbp_edit_topic_not_found', __( '<strong>ERROR</strong>: The topic you want to edit was not found!', 'bbpress' ) );
     294        // Set defaults to prevent debug notices
     295        $topic_id = $forum_id = $anonymous_data = 0;
     296        $topic_title = $topic_content = $topic_edit_reason = '';
     297        $terms = array( $bbp->topic_tag_id => array() );
     298
     299        /** Topic *************************************************************/
     300
     301        // Topic id was not passed
     302        if ( empty( $_POST['bbp_topic_id'] ) )
     303            $bbp->errors->add( 'bbp_edit_topic_id', __( '<strong>ERROR</strong>: Topic ID not found.', 'bbpress' ) );
     304
     305        // Topic id was passed
     306        elseif ( is_numeric( $_POST['bbp_topic_id'] ) )
     307            $topic_id = (int) $_POST['bbp_topic_id'];
     308
     309        // Topic does not exist
     310        if ( !$topic = bbp_get_topic( $topic_id ) ) {
     311            $bbp->errors->add( 'bbp_edit_topic_not_found', __( '<strong>ERROR</strong>: The topic you want to edit was not found.', 'bbpress' ) );
     312
     313        // Topic exists
    240314        } else {
     315
    241316            // Nonce check
    242317            check_admin_referer( 'bbp-edit-topic_' . $topic_id );
     
    244319            // Check users ability to create new topic
    245320            if ( !bbp_is_topic_anonymous( $topic_id ) ) {
    246                 if ( !current_user_can( 'edit_topic', $topic_id ) )
    247                     $bbp->errors->add( 'bbp_edit_topic_permissions', __( '<strong>ERROR</strong>: You do not have permission to edit that topic!', 'bbpress' ) );
    248 
    249                 $anonymous_data = false;
     321
     322                // User cannot edit this topic
     323                if ( !current_user_can( 'edit_topic', $topic_id ) ) {
     324                    $bbp->errors->add( 'bbp_edit_topic_permissions', __( '<strong>ERROR</strong>: You do not have permission to edit that topic.', 'bbpress' ) );
     325                }
    250326
    251327            // It is an anonymous post
    252328            } else {
    253                 $anonymous_data = bbp_filter_anonymous_post_data( array(), true ); // Filter anonymous data
     329
     330                // Filter anonymous data
     331                $anonymous_data = bbp_filter_anonymous_post_data( array(), true );
    254332            }
    255333        }
    256334
    257335        // Remove wp_filter_kses filters from title and content for capable users and if the nonce is verified
    258         if ( current_user_can( 'unfiltered_html' ) && !empty( $_POST['_bbp_unfiltered_html_topic'] ) && wp_create_nonce( 'bbp-unfiltered-html-topic_' . $topic_id ) == $_POST['_bbp_unfiltered_html_topic'] ) {
     336        if ( current_user_can( 'unfiltered_html' ) && !empty( $_POST['_bbp_unfiltered_html_topic'] ) && ( wp_create_nonce( 'bbp-unfiltered-html-topic_' . $topic_id ) == $_POST['_bbp_unfiltered_html_topic'] ) ) {
    259337            remove_filter( 'bbp_edit_topic_pre_title',   'wp_filter_kses' );
    260338            remove_filter( 'bbp_edit_topic_pre_content', 'wp_filter_kses' );
    261339        }
    262340
    263         // Handle Forum id to append topic to
    264         if ( isset( $_POST['bbp_forum_id'] ) && ( !$forum_id = $_POST['bbp_forum_id'] ) ) {
     341        /** Topic Forum *******************************************************/
     342
     343        // Forum id was not passed
     344        if ( empty( $_POST['bbp_forum_id'] ) )
    265345            $bbp->errors->add( 'bbp_topic_forum_id', __( '<strong>ERROR</strong>: Forum ID is missing.', 'bbpress' ) );
    266         } elseif ( $forum_id != $topic->post_parent ) {
     346
     347        // Forum id was passed
     348        elseif ( is_numeric( $_POST['bbp_forum_id'] ) )
     349            $forum_id = (int) $_POST['bbp_forum_id'];
     350
     351        // Forum exists
     352        if ( !empty( $forum_id ) && ( $forum_id != $topic->post_parent ) ) {
     353
     354            // Forum is a category
    267355            if ( bbp_is_forum_category( $forum_id ) )
    268                 $bbp->errors->add( 'bbp_edit_topic_forum_category', __( '<strong>ERROR</strong>: This forum is a category. No topics can be created in this forum!', 'bbpress' ) );
    269 
     356                $bbp->errors->add( 'bbp_edit_topic_forum_category', __( '<strong>ERROR</strong>: This forum is a category. No topics can be created in this forum.', 'bbpress' ) );
     357
     358            // Forum is closed and user cannot access
    270359            if ( bbp_is_forum_closed( $forum_id ) && !current_user_can( 'edit_forum', $forum_id ) )
    271                 $bbp->errors->add( 'bbp_edit_topic_forum_closed', __( '<strong>ERROR</strong>: This forum has been closed to new topics!', 'bbpress' ) );
    272 
     360                $bbp->errors->add( 'bbp_edit_topic_forum_closed', __( '<strong>ERROR</strong>: This forum has been closed to new topics.', 'bbpress' ) );
     361
     362            // Forum is private and user cannot access
    273363            if ( bbp_is_forum_private( $forum_id ) && !current_user_can( 'read_private_forums' ) )
    274                 $bbp->errors->add( 'bbp_edit_topic_forum_private', __( '<strong>ERROR</strong>: This forum is private and you do not have the capability to read or create new topics in this forum!', 'bbpress' ) );
    275         }
    276 
    277         // Handle Title
    278         if ( isset( $_POST['bbp_topic_title'] ) && ( !$topic_title = esc_attr( strip_tags( $_POST['bbp_topic_title'] ) ) ) )
     364                $bbp->errors->add( 'bbp_edit_topic_forum_private', __( '<strong>ERROR</strong>: This forum is private and you do not have the capability to read or create new topics in it.', 'bbpress' ) );
     365
     366            // Forum is hidden and user cannot access
     367            if ( bbp_is_forum_hidden( $forum_id ) && !current_user_can( 'read_hidden_forums' ) )
     368                $bbp->errors->add( 'bbp_edit_topic_forum_hidden', __( '<strong>ERROR</strong>: This forum is hidden and you do not have the capability to read or create new topics in it.', 'bbpress' ) );
     369        }
     370
     371        /** Topic Title *******************************************************/
     372
     373        // Topic title
     374        if ( !empty( $_POST['bbp_topic_title'] ) ) {
     375
     376            // Sanitize and strip HTML tags
     377            $topic_title = esc_attr( strip_tags( $_POST['bbp_topic_title'] ) );
     378
     379            // Filter and sanitize
     380            $topic_title = apply_filters( 'bbp_edit_topic_pre_title', $topic_title, $topic_id );
     381        }
     382
     383        // No topic title
     384        if ( empty( $topic_title ) )
    279385            $bbp->errors->add( 'bbp_edit_topic_title', __( '<strong>ERROR</strong>: Your topic needs a title.', 'bbpress' ) );
    280386
    281         $topic_title = apply_filters( 'bbp_edit_topic_pre_title', $topic_title, $topic_id );
    282 
    283         // Handle Content
    284         if ( isset( $_POST['bbp_topic_content'] ) && ( !$topic_content = $_POST['bbp_topic_content'] ) )
     387        /** Topic Content *****************************************************/
     388
     389        // Topic content
     390        if ( !empty( $_POST['bbp_topic_content'] ) ) {
     391
     392            // Set topic content
     393            $topic_content = $_POST['bbp_topic_content'];
     394
     395            // Filter and sanitize
     396            $topic_content = apply_filters( 'bbp_edit_topic_pre_content', $topic_content, $topic_id );
     397        }
     398
     399        // No topic content
     400        if ( empty( $topic_content ) )
    285401            $bbp->errors->add( 'bbp_edit_topic_content', __( '<strong>ERROR</strong>: Your topic cannot be empty.', 'bbpress' ) );
    286402
    287         $topic_content = apply_filters( 'bbp_edit_topic_pre_content', $topic_content, $topic_id );
    288 
    289         // Handle Tags
     403        /** Topic Tags ********************************************************/
     404
     405        // Tags
    290406        if ( !empty( $_POST['bbp_topic_tags'] ) ) {
    291407
     
    294410
    295411            // Explode by comma
    296             if ( strstr( $terms, ',' ) )
     412            if ( strstr( $terms, ',' ) ) {
    297413                $terms = explode( ',', $terms );
     414            }
    298415
    299416            // Add topic tag ID as main key
    300417            $terms = array( $bbp->topic_tag_id => $terms );
    301 
    302         // No tags
    303         } else {
    304             $terms = array( $bbp->topic_tag_id => array() );
    305         }
    306 
    307         // Handle insertion into posts table
     418        }
     419
     420        /** Additional Actions (Before Save) **********************************/
     421
     422        do_action( 'bbp_edit_topic_pre_extras', $topic_id );
     423
     424        /** No Errors *********************************************************/
     425
    308426        if ( !is_wp_error( $bbp->errors ) || !$bbp->errors->get_error_codes() ) {
    309427
    310             // Stick status
     428            /** Stickies ******************************************************/
     429
    311430            if ( !empty( $_POST['bbp_stick_topic'] ) && in_array( $_POST['bbp_stick_topic'], array( 'stick', 'super', 'unstick' ) ) ) {
     431
     432                // What's the dilly?
    312433                switch ( $_POST['bbp_stick_topic'] ) {
    313434
     435                    // Sticky in forum
    314436                    case 'stick'   :
    315437                        bbp_stick_topic( $topic_id );
    316438                        break;
    317439
     440                    // Sticky in all forums
    318441                    case 'super'   :
    319442                        bbp_stick_topic( $topic_id, true );
    320443                        break;
    321444
     445                    // Normal
    322446                    case 'unstick' :
    323447                    default        :
     
    326450                }
    327451            }
     452
     453            /** Update the topic **********************************************/
    328454
    329455            // Add the content of the form to $post as an array
     
    339465            $topic_id = wp_update_post( $topic_data );
    340466
    341             // Revisions
    342             $topic_edit_reason = !empty( $_POST['bbp_topic_edit_reason'] ) ? esc_attr( strip_tags( $_POST['bbp_topic_edit_reason'] ) ) : '';
    343 
    344             if ( !empty( $_POST['bbp_log_topic_edit'] ) && 1 == $_POST['bbp_log_topic_edit'] && $revision_id = wp_save_post_revision( $topic_id ) )
    345                 bbp_update_topic_revision_log( array( 'topic_id' => $topic_id, 'revision_id' => $revision_id, 'author_id' => bbp_get_current_user_id(), 'reason' => $topic_edit_reason ) );
    346 
    347             // Check for missing topic_id or error
     467            /** Revisions *****************************************************/
     468
     469            // Revision Reason
     470            if ( !empty( $_POST['bbp_topic_edit_reason'] ) ) {
     471                $topic_edit_reason = esc_attr( strip_tags( $_POST['bbp_topic_edit_reason'] ) );
     472            }
     473
     474            // Update revision log
     475            if ( !empty( $_POST['bbp_log_topic_edit'] ) && ( 1 == $_POST['bbp_log_topic_edit'] ) && ( $revision_id = wp_save_post_revision( $topic_id ) ) ) {
     476                bbp_update_topic_revision_log( array(
     477                    'topic_id'    => $topic_id,
     478                    'revision_id' => $revision_id,
     479                    'author_id'   => bbp_get_current_user_id(),
     480                    'reason'      => $topic_edit_reason
     481                ) );
     482            }
     483
     484            /** No Errors *****************************************************/
     485
    348486            if ( !empty( $topic_id ) && !is_wp_error( $topic_id ) ) {
    349487
     
    357495                    bbp_move_topic_handler( $topic_id, $topic->post_parent, $forum_id );
    358496
     497                /** Additional Actions (After Save) ***************************/
     498
     499                do_action( 'bbp_edit_topic_post_extras', $topic_id );
     500
     501                /** Successful Edit *******************************************/
     502
    359503                // Redirect back to new topic
    360504                wp_redirect( bbp_get_topic_permalink( $topic_id ) );
     
    363507                exit();
    364508
    365             // Errors to report
     509            /** Errors ********************************************************/
    366510            } else {
    367511                $append_error = ( is_wp_error( $topic_id ) && $topic_id->get_error_message() ) ? $topic_id->get_error_message() . ' ' : '';
     
    384528
    385529    if (    // Check if POST action
    386             'POST'                        === $_SERVER['REQUEST_METHOD'] &&
     530            'POST' === strtoupper( $_SERVER['REQUEST_METHOD'] ) &&
    387531
    388532            // Check Actions exist in POST
    389             !empty( $_POST['action']    )                                &&
    390             !empty( $_POST['post_type'] )                                &&
     533            !empty( $_POST['action']    )                       &&
     534            !empty( $_POST['post_type'] )                       &&
    391535
    392536            // Check that actions match what we need
    393             'editpost'                    === $_POST['action']           &&
    394             'publish'                     === $_POST['post_status']      &&
    395             bbp_get_topic_post_type()     === $_POST['post_type']
     537            'editpost'                === $_POST['action']      &&
     538            'publish'                 === $_POST['post_status'] &&
     539            bbp_get_topic_post_type() === $_POST['post_type']
    396540    ) {
    397541
    398542        // Update the topic meta bidness
    399         bbp_update_topic( $topic_id, (int) $_POST['parent_id'] );
     543        $parent_id = !empty( $_POST['parent_id'] ) ? (int) $_POST['parent_id'] : 0;
     544        bbp_update_topic( $topic_id, $parent_id );
    400545    }
    401546}
     
    470615    if ( bbp_is_subscriptions_active() && !empty( $author_id ) ) {
    471616        $subscribed = bbp_is_user_subscribed( $author_id, $topic_id );
    472         $subscheck  = ( !empty( $_POST['bbp_topic_subscription'] ) && 'bbp_subscribe' == $_POST['bbp_topic_subscription'] ) ? true : false;
     617        $subscheck  = ( !empty( $_POST['bbp_topic_subscription'] ) && ( 'bbp_subscribe' == $_POST['bbp_topic_subscription'] ) ) ? true : false;
    473618
    474619        // Subscribed and unsubscribing
     
    673818 */
    674819function bbp_merge_topic_handler() {
     820
    675821    // Only proceed if POST is an merge topic request
    676     if ( 'POST' == $_SERVER['REQUEST_METHOD'] && !empty( $_POST['action'] ) && 'bbp-merge-topic' === $_POST['action'] ) {
     822    if ( 'POST' == strtoupper( $_SERVER['REQUEST_METHOD'] ) && !empty( $_POST['action'] ) && ( 'bbp-merge-topic' === $_POST['action'] ) ) {
    677823        global $bbp;
    678824
    679         if ( !$source_topic_id = (int) $_POST['bbp_topic_id'] )
    680             $bbp->errors->add( 'bbp_merge_topic_source_id', __( '<strong>ERROR</strong>: Topic ID not found!', 'bbpress' ) );
     825        // Prevent debug notices
     826        $source_topic_id = $destination_topic_id = 0;
     827        $source_topic = $destination_topic = 0;
     828        $subscribers = $favoriters = $replies = array();
     829
     830        /** Source Topic ******************************************************/
     831
     832        // Topic id
     833        if ( empty( $_POST['bbp_topic_id'] ) )
     834            $bbp->errors->add( 'bbp_merge_topic_source_id', __( '<strong>ERROR</strong>: Topic ID not found.', 'bbpress' ) );
     835        else
     836            $source_topic_id = (int) $_POST['bbp_topic_id'];
    681837
    682838        // Nonce check
    683839        check_admin_referer( 'bbp-merge-topic_' . $source_topic_id );
    684840
     841        // Source topic not found
    685842        if ( !$source_topic = bbp_get_topic( $source_topic_id ) )
    686             $bbp->errors->add( 'bbp_merge_topic_source_not_found', __( '<strong>ERROR</strong>: The topic you want to merge was not found!', 'bbpress' ) );
    687 
     843            $bbp->errors->add( 'bbp_merge_topic_source_not_found', __( '<strong>ERROR</strong>: The topic you want to merge was not found.', 'bbpress' ) );
     844
     845        // Cannot edit source topic
    688846        if ( !current_user_can( 'edit_topic', $source_topic->ID ) )
    689             $bbp->errors->add( 'bbp_merge_topic_source_permission', __( '<strong>ERROR</strong>: You do not have the permissions to edit the source topic!', 'bbpress' ) );
    690 
    691         if ( !$destination_topic_id = (int) $_POST['bbp_destination_topic'] )
    692             $bbp->errors->add( 'bbp_merge_topic_destination_id', __( '<strong>ERROR</strong>: Destination topic ID not found!', 'bbpress' ) );
    693 
     847            $bbp->errors->add( 'bbp_merge_topic_source_permission', __( '<strong>ERROR</strong>: You do not have the permissions to edit the source topic.', 'bbpress' ) );
     848
     849        /** Destination Topic *************************************************/
     850
     851        // Topic id
     852        if ( empty( $_POST['bbp_destination_topic'] ) )
     853            $bbp->errors->add( 'bbp_merge_topic_destination_id', __( '<strong>ERROR</strong>: Destination topic ID not found.', 'bbpress' ) );
     854        else
     855            $destination_topic_id = (int) $_POST['bbp_destination_topic'];
     856
     857        // Destination topic not found
    694858        if ( !$destination_topic = bbp_get_topic( $destination_topic_id ) )
    695             $bbp->errors->add( 'bbp_merge_topic_destination_not_found', __( '<strong>ERROR</strong>: The topic you want to merge to was not found!', 'bbpress' ) );
    696 
     859            $bbp->errors->add( 'bbp_merge_topic_destination_not_found', __( '<strong>ERROR</strong>: The topic you want to merge to was not found.', 'bbpress' ) );
     860
     861        // Cannot edit destination topic
    697862        if ( !current_user_can( 'edit_topic', $destination_topic->ID ) )
    698             $bbp->errors->add( 'bbp_merge_topic_destination_permission', __( '<strong>ERROR</strong>: You do not have the permissions to edit the destination topic!', 'bbpress' ) );
    699 
    700         // Handle the merge
     863            $bbp->errors->add( 'bbp_merge_topic_destination_permission', __( '<strong>ERROR</strong>: You do not have the permissions to edit the destination topic.', 'bbpress' ) );
     864
     865        /** No Errors *********************************************************/
     866
    701867        if ( !is_wp_error( $bbp->errors ) || !$bbp->errors->get_error_codes() ) {
    702868
    703869            // Update counts, etc...
    704870            do_action( 'bbp_merge_topic', $destination_topic->ID, $source_topic->ID );
     871
     872            /** Date Check ****************************************************/
    705873
    706874            // Check if the destination topic is older than the source topic
     
    720888            }
    721889
     890            /** Subscriptions *************************************************/
     891
    722892            // Remove the topic from everybody's subscriptions
    723             $subscribers = bbp_get_topic_subscribers( $source_topic->ID );
    724             foreach ( (array) $subscribers as $subscriber ) {
    725 
    726                 // Shift the subscriber if told to
    727                 if ( !empty( $_POST['bbp_topic_subscribers'] ) && 1 == $_POST['bbp_topic_subscribers'] && bbp_is_subscriptions_active() )
    728                     bbp_add_user_subscription( $subscriber, $destination_topic->ID );
    729 
    730                 bbp_remove_user_subscription( $subscriber, $source_topic->ID );
     893            if ( $subscribers = bbp_get_topic_subscribers( $source_topic->ID ) ) {
     894
     895                // Loop through each user
     896                foreach ( (array) $subscribers as $subscriber ) {
     897
     898                    // Shift the subscriber if told to
     899                    if ( !empty( $_POST['bbp_topic_subscribers'] ) && ( 1 == $_POST['bbp_topic_subscribers'] ) && bbp_is_subscriptions_active() )
     900                        bbp_add_user_subscription( $subscriber, $destination_topic->ID );
     901
     902                    // Remove old subscription
     903                    bbp_remove_user_subscription( $subscriber, $source_topic->ID );
     904                }
    731905            }
    732906
     907            /** Favorites *****************************************************/
     908
    733909            // Remove the topic from everybody's favorites
    734             $favoriters = bbp_get_topic_favoriters( $source_topic->ID );
    735             foreach ( (array) $favoriters as $favoriter ) {
    736 
    737                 // Shift the favoriter if told to
    738                 if ( !empty( $_POST['bbp_topic_favoriters'] ) && 1 == $_POST['bbp_topic_favoriters'] )
    739                     bbp_add_user_favorite( $favoriter, $destination_topic->ID );
    740 
    741                 bbp_remove_user_favorite( $favoriter, $source_topic->ID );
     910            if ( $favoriters = bbp_get_topic_favoriters( $source_topic->ID ) ) {
     911
     912                // Loop through each user
     913                foreach ( (array) $favoriters as $favoriter ) {
     914
     915                    // Shift the favoriter if told to
     916                    if ( !empty( $_POST['bbp_topic_favoriters'] ) && 1 == $_POST['bbp_topic_favoriters'] )
     917                        bbp_add_user_favorite( $favoriter, $destination_topic->ID );
     918
     919                    // Remove old favorite
     920                    bbp_remove_user_favorite( $favoriter, $source_topic->ID );
     921                }
    742922            }
     923
     924            /** Tags **********************************************************/
    743925
    744926            // Get the source topic tags
    745927            $source_topic_tags = wp_get_post_terms( $source_topic->ID, $bbp->topic_tag_id, array( 'fields' => 'names' ) );
     928
     929            // Tags to possibly merge
    746930            if ( !empty( $source_topic_tags ) && !is_wp_error( $source_topic_tags ) ) {
    747931
    748932                // Shift the tags if told to
    749                 if ( !empty( $_POST['bbp_topic_tags'] ) && 1 == $_POST['bbp_topic_tags'] )
     933                if ( !empty( $_POST['bbp_topic_tags'] ) && ( 1 == $_POST['bbp_topic_tags'] ) )
    750934                    wp_set_post_terms( $destination_topic->ID, $source_topic_tags, $bbp->topic_tag_id, true );
    751935
     
    754938            }
    755939
    756             // Attempt to revert the closed/sticky status
    757             bbp_open_topic   ( $source_topic->ID );
     940            /** Source Topic **************************************************/
     941
     942            // Status
     943            bbp_open_topic( $source_topic->ID );
     944
     945            // Sticky
    758946            bbp_unstick_topic( $source_topic->ID );
    759947
     
    769957            array_unshift( $replies, $source_topic );
    770958
    771             // Change the post_parent of each reply to the destination topic id
    772             foreach ( $replies as $reply ) {
    773                 $postarr = array(
    774                     'ID'          => $reply->ID,
    775                     'post_title'  => sprintf( __( 'Reply To: %s', 'bbpress' ), $destination_topic->post_title ),
    776                     'post_name'   => false,
    777                     'post_type'   => bbp_get_reply_post_type(),
    778                     'post_parent' => $destination_topic->ID,
    779                     'guid'        => ''
    780                 );
    781 
    782                 wp_update_post( $postarr );
    783 
    784                 // Adjust reply meta values
    785                 bbp_update_reply_topic_id( $reply->ID, $destination_topic->ID                           );
    786                 bbp_update_reply_forum_id( $reply->ID, bbp_get_topic_forum_id( $destination_topic->ID ) );
    787 
    788                 // Do additional actions per merged reply
    789                 do_action( 'bbp_merged_topic_reply', $reply->ID, $destination_topic->ID );
     959            if ( !empty( $replies ) ) {
     960
     961                /** Merge Replies *************************************************/
     962
     963                // Change the post_parent of each reply to the destination topic id
     964                foreach ( $replies as $reply ) {
     965                    $postarr = array(
     966                        'ID'          => $reply->ID,
     967                        'post_title'  => sprintf( __( 'Reply To: %s', 'bbpress' ), $destination_topic->post_title ),
     968                        'post_name'   => false,
     969                        'post_type'   => bbp_get_reply_post_type(),
     970                        'post_parent' => $destination_topic->ID,
     971                        'guid'        => ''
     972                    );
     973
     974                    wp_update_post( $postarr );
     975
     976                    // Adjust reply meta values
     977                    bbp_update_reply_topic_id( $reply->ID, $destination_topic->ID                           );
     978                    bbp_update_reply_forum_id( $reply->ID, bbp_get_topic_forum_id( $destination_topic->ID ) );
     979
     980                    // Do additional actions per merged reply
     981                    do_action( 'bbp_merged_topic_reply', $reply->ID, $destination_topic->ID );
     982                }
    790983            }
     984
     985            /** Successful Merge *******************************************/
    791986
    792987            // Send the post parent of the source topic as it has been shifted
     
    8261021function bbp_merge_topic_count( $destination_topic_id, $source_topic_id, $source_topic_forum_id ) {
    8271022
     1023    /** Source Topic **********************************************************/
     1024
    8281025    // Forum Topic Counts
    8291026    bbp_update_forum_topic_count( $source_topic_forum_id );
    830     // bbp_update_forum_topic_count( $destination_topic_id  );
    8311027
    8321028    // Forum Reply Counts
    8331029    bbp_update_forum_reply_count( $source_topic_forum_id );
     1030
     1031    /** Destination Topic *****************************************************/
    8341032
    8351033    // Topic Reply Counts
     
    8841082 */
    8851083function bbp_split_topic_handler() {
     1084
    8861085    // Only proceed if POST is an split topic request
    887     if ( 'POST' == $_SERVER['REQUEST_METHOD'] && !empty( $_POST['action'] ) && 'bbp-split-topic' === $_POST['action'] ) {
     1086    if ( ( 'POST' == strtoupper( $_SERVER['REQUEST_METHOD'] ) ) && !empty( $_POST['action'] ) && ( 'bbp-split-topic' === $_POST['action'] ) ) {
    8881087        global $wpdb, $bbp;
    8891088
     
    10941293
    10951294    // Are we managing a tag?
    1096     if ( 'POST' == $_SERVER['REQUEST_METHOD'] && !empty( $_POST['action'] ) && in_array( $_POST['action'], array( 'bbp-update-topic-tag', 'bbp-merge-topic-tag', 'bbp-delete-topic-tag' ) ) && !empty( $_POST['tag-id'] ) ) {
     1295    if ( ( 'POST' == strtoupper( $_SERVER['REQUEST_METHOD'] ) ) && !empty( $_POST['tag-id'] ) && !empty( $_POST['action'] ) && in_array( $_POST['action'], array( 'bbp-update-topic-tag', 'bbp-merge-topic-tag', 'bbp-delete-topic-tag' ) ) ) {
    10971296
    10981297        global $bbp;
     
    13091508
    13101509    // Only proceed if GET is a topic toggle action
    1311     if ( 'GET' == $_SERVER['REQUEST_METHOD'] && !empty( $_GET['action'] ) && in_array( $_GET['action'], array( 'bbp_toggle_topic_close', 'bbp_toggle_topic_stick', 'bbp_toggle_topic_spam', 'bbp_toggle_topic_trash' ) ) && !empty( $_GET['topic_id'] ) ) {
     1510    if ( ( 'GET' == strtoupper( $_SERVER['REQUEST_METHOD'] ) ) && !empty( $_GET['topic_id'] ) && !empty( $_GET['action'] ) && in_array( $_GET['action'], array( 'bbp_toggle_topic_close', 'bbp_toggle_topic_stick', 'bbp_toggle_topic_spam', 'bbp_toggle_topic_trash' ) ) ) {
    13121511        global $bbp;
    13131512
Note: See TracChangeset for help on using the changeset viewer.