Changeset 3286

Timestamp:

06/01/2011 01:37:23 AM (15 years ago)

Author:

johnjamesjacoby

Message:

Prevent poisoning of forum/topic/reply data when marking posts as trash/spam. Fixes issue where anonymous user data would get purged when post status was changed from an admin area post-row.

Location:

branches/plugin/bbp-admin

Files:

• bbp-forums.php (modified) (1 diff)
• bbp-replies.php (modified) (2 diffs)
• bbp-topics.php (modified) (2 diffs)

branches/plugin/bbp-admin/bbp-forums.php

@@ -232 +232 @@
             return $forum_id;
 
+        // Bail if not a post request
+        if ( 'POST' != strtoupper( $_SERVER['REQUEST_METHOD'] ) )
+            return $forum_id;
+
         // Bail if current user cannot edit this forum
         if ( !current_user_can( 'edit_forum', $forum_id ) )

branches/plugin/bbp-admin/bbp-replies.php

@@ -227 +227 @@
             return $reply_id;
 
+        // Bail if not a post request
+        if ( 'POST' != strtoupper( $_SERVER['REQUEST_METHOD'] ) )
+            return $reply_id;
+
         // Current user cannot edit this reply
         if ( !current_user_can( 'edit_reply', $reply_id ) )
@@ -298 +302 @@
         // Bail if no post_id
         if ( empty( $post_id ) )
+            return $post_id;
+
+        // Bail if not a post request
+        if ( 'POST' != strtoupper( $_SERVER['REQUEST_METHOD'] ) )
             return $post_id;
 

branches/plugin/bbp-admin/bbp-topics.php

@@ -255 +255 @@
             return $topic_id;
 
+        // Bail if not a post request
+        if ( 'POST' != strtoupper( $_SERVER['REQUEST_METHOD'] ) )
+            return $topic_id;
+
         // Bail if current user cannot edit this topic
         if ( !current_user_can( 'edit_topic', $topic_id ) )
@@ -328 +332 @@
         // Bail if doing an autosave
         if ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE )
+            return $post_id;
+
+        // Bail if not a post request
+        if ( 'POST' != strtoupper( $_SERVER['REQUEST_METHOD'] ) )
             return $post_id;