Skip to:
Content

bbPress.org

Changeset 4905


Ignore:
Timestamp:
05/14/2013 10:50:14 PM (13 years ago)
Author:
johnjamesjacoby
Message:

When adding/editing a reply, check the current forum status and visibility, and make sure the current user is able to post to it. Fixes an issue where replies could be posted to closed forums if the nonce check still passed. (2.3 branch)

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/2.3/includes/replies/functions.php

    r4875 r4905  
    164164    } else {
    165165        bbp_add_error( 'bbp_reply_forum_id', __( '<strong>ERROR</strong>: Forum ID is missing.', 'bbpress' ) );
     166    }
     167
     168    // Forum exists
     169    if ( !empty( $forum_id ) ) {
     170
     171        // Forum is a category
     172        if ( bbp_is_forum_category( $forum_id ) ) {
     173            bbp_add_error( 'bbp_new_reply_forum_category', __( '<strong>ERROR</strong>: This forum is a category. No replies can be created in this forum.', 'bbpress' ) );
     174
     175        // Forum is not a category
     176        } else {
     177
     178            // Forum is closed and user cannot access
     179            if ( bbp_is_forum_closed( $forum_id ) && !current_user_can( 'edit_forum', $forum_id ) ) {
     180                bbp_add_error( 'bbp_new_topic_forum_closed', __( '<strong>ERROR</strong>: This forum has been closed to new replies.', 'bbpress' ) );
     181            }
     182
     183            // Forum is private and user cannot access
     184            if ( bbp_is_forum_private( $forum_id ) ) {
     185                if ( !current_user_can( 'read_private_forums' ) ) {
     186                    bbp_add_error( 'bbp_new_topic_forum_private', __( '<strong>ERROR</strong>: This forum is private and you do not have the capability to read or create new replies in it.', 'bbpress' ) );
     187                }
     188
     189            // Forum is hidden and user cannot access
     190            } elseif ( bbp_is_forum_hidden( $forum_id ) ) {
     191                if ( !current_user_can( 'read_hidden_forums' ) ) {
     192                    bbp_add_error( 'bbp_new_topic_forum_hidden', __( '<strong>ERROR</strong>: This forum is hidden and you do not have the capability to read or create new replies in it.', 'bbpress' ) );
     193                }
     194            }
     195        }
    166196    }
    167197
     
    476506
    477507        // Forum is a category
    478         if ( bbp_is_forum_category( $forum_id ) )
    479             bbp_add_error( 'bbp_edit_reply_forum_category', __( '<strong>ERROR</strong>: This forum is a category. No topics or replies can be created in it.', 'bbpress' ) );
    480 
    481         // Forum is closed and user cannot access
    482         if ( bbp_is_forum_closed( $forum_id ) && !current_user_can( 'edit_forum', $forum_id ) )
    483             bbp_add_error( 'bbp_edit_reply_forum_closed', __( '<strong>ERROR</strong>: This forum has been closed to new topics and replies.', 'bbpress' ) );
    484 
    485         // Forum is private and user cannot access
    486         if ( bbp_is_forum_private( $forum_id ) && !current_user_can( 'read_private_forums' ) )
    487             bbp_add_error( 'bbp_edit_reply_forum_private', __( '<strong>ERROR</strong>: This forum is private and you do not have the capability to read or create new replies in it.', 'bbpress' ) );
    488 
    489         // Forum is hidden and user cannot access
    490         if ( bbp_is_forum_hidden( $forum_id ) && !current_user_can( 'read_hidden_forums' ) )
    491             bbp_add_error( 'bbp_edit_reply_forum_hidden', __( '<strong>ERROR</strong>: This forum is hidden and you do not have the capability to read or create new replies in it.', 'bbpress' ) );
     508        if ( bbp_is_forum_category( $forum_id ) ) {
     509            bbp_add_error( 'bbp_edit_reply_forum_category', __( '<strong>ERROR</strong>: This forum is a category. No replies can be created in this forum.', 'bbpress' ) );
     510
     511        // Forum is not a category
     512        } else {
     513
     514            // Forum is closed and user cannot access
     515            if ( bbp_is_forum_closed( $forum_id ) && !current_user_can( 'edit_forum', $forum_id ) ) {
     516                bbp_add_error( 'bbp_edit_topic_forum_closed', __( '<strong>ERROR</strong>: This forum has been closed to new replies.', 'bbpress' ) );
     517            }
     518
     519            // Forum is private and user cannot access
     520            if ( bbp_is_forum_private( $forum_id ) ) {
     521                if ( !current_user_can( 'read_private_forums' ) ) {
     522                    bbp_add_error( 'bbp_edit_topic_forum_private', __( '<strong>ERROR</strong>: This forum is private and you do not have the capability to read or create new replies in it.', 'bbpress' ) );
     523                }
     524
     525            // Forum is hidden and user cannot access
     526            } elseif ( bbp_is_forum_hidden( $forum_id ) ) {
     527                if ( !current_user_can( 'read_hidden_forums' ) ) {
     528                    bbp_add_error( 'bbp_edit_topic_forum_hidden', __( '<strong>ERROR</strong>: This forum is hidden and you do not have the capability to read or create new replies in it.', 'bbpress' ) );
     529                }
     530            }
     531        }
    492532    }
    493533
Note: See TracChangeset for help on using the changeset viewer.