Changeset 6538
- Timestamp:
- 06/13/2017 05:48:49 AM (8 years ago)
- Location:
- trunk/src
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/includes/common/ajax.php
r6498 r6538 77 77 send_nosniff_header(); 78 78 79 // Everything is 200 OK. 80 status_header( 200 ); 81 79 82 // Perform custom bbPress ajax 80 do_action( 'bbp_ajax_' . $_REQUEST['action']);83 do_action( 'bbp_ajax_' . sanitize_key( $_REQUEST['action'] ) ); 81 84 82 85 // All done -
trunk/src/includes/users/template.php
r6489 r6538 1205 1205 $url = esc_url( wp_nonce_url( add_query_arg( $query_args, $permalink ), 'toggle-favorite_' . $topic_id ) ); 1206 1206 $sub = $is_fav ? ' class="is-favorite"' : ''; 1207 $html = sprintf( '%s<span id="favorite-%d" %s><a href="%s" class="favorite-toggle" data-topic="%d" >%s</a></span>%s', $r['before'], $topic_id, $sub, $url, $topic_id, $text, $r['after'] );1207 $html = sprintf( '%s<span id="favorite-%d" %s><a href="%s" class="favorite-toggle" data-topic="%d" data-bbp-nonce="%s">%s</a></span>%s', $r['before'], $topic_id, $sub, $url, $topic_id, wp_create_nonce( 'toggle-favorite_' . $topic_id ), $text, $r['after'] ); 1208 1208 1209 1209 // Initial output is wrapped in a span, ajax output is hooked to this … … 1413 1413 $url = esc_url( wp_nonce_url( add_query_arg( $query_args, $permalink ), 'toggle-subscription_' . $forum_id ) ); 1414 1414 $sub = $is_subscribed ? ' class="is-subscribed"' : ''; 1415 $html = sprintf( '%s<span id="subscribe-%d" %s><a href="%s" class="subscription-toggle" data-forum="%d" >%s</a></span>%s', $r['before'], $forum_id, $sub, $url, $forum_id, $text, $r['after'] );1415 $html = sprintf( '%s<span id="subscribe-%d" %s><a href="%s" class="subscription-toggle" data-forum="%d" data-bbp-nonce="%s">%s</a></span>%s', $r['before'], $forum_id, $sub, $url, $forum_id, wp_create_nonce( 'toggle-subscription_' . $forum_id ), $text, $r['after'] ); 1416 1416 1417 1417 // Initial output is wrapped in a span, ajax output is hooked to this … … 1449 1449 $url = esc_url( wp_nonce_url( add_query_arg( $query_args, $permalink ), 'toggle-subscription_' . $topic_id ) ); 1450 1450 $sub = $is_subscribed ? ' class="is-subscribed"' : ''; 1451 $html = sprintf( '%s<span id="subscribe-%d" %s><a href="%s" class="subscription-toggle" data-topic="%d" >%s</a></span>%s', $r['before'], $topic_id, $sub, $url, $topic_id, $text, $r['after'] );1451 $html = sprintf( '%s<span id="subscribe-%d" %s><a href="%s" class="subscription-toggle" data-topic="%d" data-bbp-nonce="%s">%s</a></span>%s', $r['before'], $topic_id, $sub, $url, $topic_id, wp_create_nonce( 'toggle-subscription_' . $topic_id ), $text, $r['after'] ); 1452 1452 1453 1453 // Initial output is wrapped in a span, ajax output is hooked to this -
trunk/src/templates/default/js/forum.js
r6344 r6538 22 22 23 23 $( '#subscription-toggle' ).on( 'click', 'span a.subscription-toggle', function( e ) { 24 var nonce = ( bbpForumJS.forum_id === 0 ) 25 ? $( this ).data( 'bbp-nonce' ) 26 : bbpForumJS.subs_nonce; 27 24 28 e.preventDefault(); 25 bbp_ajax_call( 'forum_subscription', $( this ).attr( 'data-forum' ), bbpForumJS.subs_nonce, '#subscription-toggle' );29 bbp_ajax_call( 'forum_subscription', $( this ).attr( 'data-forum' ), nonce, '#subscription-toggle' ); 26 30 } ); 27 31 } ); -
trunk/src/templates/default/js/topic.js
r6344 r6538 22 22 23 23 $( '#favorite-toggle' ).on( 'click', 'span a.favorite-toggle', function( e ) { 24 var nonce = ( bbpTopicJS.topic_id === 0 ) 25 ? $( this ).data( 'bbp-nonce' ) 26 : bbpTopicJS.fav_nonce; 27 24 28 e.preventDefault(); 25 bbp_ajax_call( 'favorite', $( this ).attr( 'data-topic' ), bbpTopicJS.fav_nonce, '#favorite-toggle' );29 bbp_ajax_call( 'favorite', $( this ).attr( 'data-topic' ), nonce, '#favorite-toggle' ); 26 30 } ); 27 31 28 32 $( '#subscription-toggle' ).on( 'click', 'span a.subscription-toggle', function( e ) { 33 var nonce = ( bbpTopicJS.topic_id === 0 ) 34 ? $( this ).data( 'bbp-nonce' ) 35 : bbpTopicJS.subs_nonce; 36 29 37 e.preventDefault(); 30 bbp_ajax_call( 'subscription', $( this ).attr( 'data-topic' ), bbpTopicJS.subs_nonce, '#subscription-toggle' );38 bbp_ajax_call( 'subscription', $( this ).attr( 'data-topic' ), nonce, '#subscription-toggle' ); 31 39 } ); 32 40
Note: See TracChangeset
for help on using the changeset viewer.