Skip to:
Content

bbPress.org


Ignore:
Timestamp:
11/25/2013 05:17:33 AM (8 years ago)
Author:
johnjamesjacoby
Message:

Add nonces to BuddyPress notifications and improve single notification output.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/includes/extend/buddypress/notifications.php

    r5157 r5192  
    1818    // New reply notifications
    1919    if ( 'bbp_new_reply' === $action ) {
    20         $topic_link  = add_query_arg( array( 'bbp_mark_read' => 1 ), bbp_get_reply_url( $item_id ) );
    21         $topic_title = bbp_get_topic_title( bbp_get_reply_topic_id( $item_id ) );
     20        $topic_id    = bbp_get_reply_topic_id( $item_id );
     21        $topic_title = bbp_get_topic_title( $topic_id );
     22        $topic_link  = wp_nonce_url( add_query_arg( array( 'action' => 'bbp_mark_read', 'topic_id' => $topic_id ), bbp_get_reply_url( $item_id ) ), 'bbp_mark_topic_' . $topic_id );
    2223        $title_attr  = __( 'Topic Replies', 'bbpress' );
    2324
     
    2728        } else {
    2829            if ( !empty( $secondary_item_id ) ) {
    29                 $text = sprintf( __( 'You have %d new reply to %s from %s', 'bbpress' ), (int) $total_items, $topic_title, bp_core_get_user_displayname( $secondary_item_id ) );
     30                $text = sprintf( __( 'You have %d new reply to %2$s from %3$s', 'bbpress' ), (int) $total_items, $topic_title, bp_core_get_user_displayname( $secondary_item_id ) );
    3031            } else {
    31                 $text = sprintf( __( 'You have %d new reply to %s',         'bbpress' ), (int) $total_items, $topic_title );
     32                $text = sprintf( __( 'You have %d new reply to %s',             'bbpress' ), (int) $total_items, $topic_title );
    3233            }
    3334            $filter = 'bbp_single_new_subscription_notification';
     
    108109 * @return If not trying to mark a notification as read
    109110 */
    110 function bbp_buddypress_mark_notifications() {
     111function bbp_buddypress_mark_notifications( $action = '' ) {
    111112
    112     // Bail if not marking a notification as read
    113     if ( empty( $_GET['bbp_mark_read'] ) ) {
     113    // Bail if no topic ID is passed
     114    if ( empty( $_GET['topic_id'] ) ) {
    114115        return;
    115116    }
    116117
    117     // Bail if not a single topic
    118     if ( ! bbp_is_single_topic() ) {
     118    // Bail if action is not for this function
     119    if ( 'bbp_mark_read' !== $action ) {
    119120        return;
    120121    }
    121122
    122     // Attempt to clear notifications for the current user from this topic
    123     bp_core_mark_notifications_by_item_id( bp_loggedin_user_id(), bbp_get_topic_id(), 'forums', 'bbp_new_reply' );
     123    // Get required data
     124    $user_id  = bp_loggedin_user_id();
     125    $topic_id = intval( $_GET['topic_id'] );
     126
     127    // Check nonce
     128    if ( ! bbp_verify_nonce_request( 'bbp_mark_topic_' . $topic_id ) ) {
     129        bbp_add_error( 'bbp_notification_topic_id', __( '<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress' ) );
     130
     131    // Check current user's ability to edit the user
     132    } elseif ( !current_user_can( 'edit_user', $user_id ) ) {
     133        bbp_add_error( 'bbp_notification_permissions', __( '<strong>ERROR</strong>: You do not have permission to mark notifications for that user.', 'bbpress' ) );
     134    }
     135
     136    // Bail if we have errors
     137    if ( ! bbp_has_errors() ) {
     138
     139        // Attempt to clear notifications for the current user from this topic
     140        $success = bp_core_mark_notifications_by_item_id( $user_id, $topic_id, 'forums', 'bbp_new_reply' );
     141
     142        // Do additional subscriptions actions
     143        do_action( 'bbp_notifications_handler', $success, $user_id, $topic_id, $action );
     144    }
     145
     146    // Redirect to the topic
     147    $redirect = bbp_get_reply_url( $topic_id );
     148
     149    // Redirect
     150    wp_safe_redirect( $redirect );
     151
     152    // For good measure
     153    exit();
    124154}
    125 add_action( 'bbp_template_redirect', 'bbp_buddypress_mark_notifications' );
     155add_action( 'bbp_get_request', 'bbp_buddypress_mark_notifications', 1 );
Note: See TracChangeset for help on using the changeset viewer.