Skip to:
Content

bbPress.org

Changeset 6538


Ignore:
Timestamp:
06/13/2017 05:48:49 AM (8 years ago)
Author:
johnjamesjacoby
Message:

BuddyPress: Favorites & Subscriptions AJAX improvements

  • Pass a data attribute along with links
  • Sanitize action key when passed into AJAX action hook
  • Send a 200 response code

This commit allows favorite & subscription links to work with AJAX in BuddyPress group forums pages.

Props r-a-y. Fixes #3114

Location:
trunk/src
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/includes/common/ajax.php

    r6498 r6538  
    7777    send_nosniff_header();
    7878
     79    // Everything is 200 OK.
     80    status_header( 200 );
     81
    7982    // Perform custom bbPress ajax
    80     do_action( 'bbp_ajax_' . $_REQUEST['action'] );
     83    do_action( 'bbp_ajax_' . sanitize_key( $_REQUEST['action'] ) );
    8184
    8285    // All done
  • trunk/src/includes/users/template.php

    r6489 r6538  
    12051205        $url  = esc_url( wp_nonce_url( add_query_arg( $query_args, $permalink ), 'toggle-favorite_' . $topic_id ) );
    12061206        $sub  = $is_fav ? ' class="is-favorite"' : '';
    1207         $html = sprintf( '%s<span id="favorite-%d"  %s><a href="%s" class="favorite-toggle" data-topic="%d">%s</a></span>%s', $r['before'], $topic_id, $sub, $url, $topic_id, $text, $r['after'] );
     1207        $html = sprintf( '%s<span id="favorite-%d"  %s><a href="%s" class="favorite-toggle" data-topic="%d" data-bbp-nonce="%s">%s</a></span>%s', $r['before'], $topic_id, $sub, $url, $topic_id, wp_create_nonce( 'toggle-favorite_' . $topic_id ), $text, $r['after'] );
    12081208
    12091209        // Initial output is wrapped in a span, ajax output is hooked to this
     
    14131413            $url  = esc_url( wp_nonce_url( add_query_arg( $query_args, $permalink ), 'toggle-subscription_' . $forum_id ) );
    14141414            $sub  = $is_subscribed ? ' class="is-subscribed"' : '';
    1415             $html = sprintf( '%s<span id="subscribe-%d"  %s><a href="%s" class="subscription-toggle" data-forum="%d">%s</a></span>%s', $r['before'], $forum_id, $sub, $url, $forum_id, $text, $r['after'] );
     1415            $html = sprintf( '%s<span id="subscribe-%d"  %s><a href="%s" class="subscription-toggle" data-forum="%d" data-bbp-nonce="%s">%s</a></span>%s', $r['before'], $forum_id, $sub, $url, $forum_id, wp_create_nonce( 'toggle-subscription_' . $forum_id ), $text, $r['after'] );
    14161416
    14171417            // Initial output is wrapped in a span, ajax output is hooked to this
     
    14491449            $url  = esc_url( wp_nonce_url( add_query_arg( $query_args, $permalink ), 'toggle-subscription_' . $topic_id ) );
    14501450            $sub  = $is_subscribed ? ' class="is-subscribed"' : '';
    1451             $html = sprintf( '%s<span id="subscribe-%d"  %s><a href="%s" class="subscription-toggle" data-topic="%d">%s</a></span>%s', $r['before'], $topic_id, $sub, $url, $topic_id, $text, $r['after'] );
     1451            $html = sprintf( '%s<span id="subscribe-%d"  %s><a href="%s" class="subscription-toggle" data-topic="%d" data-bbp-nonce="%s">%s</a></span>%s', $r['before'], $topic_id, $sub, $url, $topic_id, wp_create_nonce( 'toggle-subscription_' . $topic_id ), $text, $r['after'] );
    14521452
    14531453            // Initial output is wrapped in a span, ajax output is hooked to this
  • trunk/src/templates/default/js/forum.js

    r6344 r6538  
    2222
    2323    $( '#subscription-toggle' ).on( 'click', 'span a.subscription-toggle', function( e ) {
     24        var nonce = ( bbpForumJS.forum_id === 0 )
     25            ? $( this ).data( 'bbp-nonce' )
     26            : bbpForumJS.subs_nonce;
     27
    2428        e.preventDefault();
    25         bbp_ajax_call( 'forum_subscription', $( this ).attr( 'data-forum' ), bbpForumJS.subs_nonce, '#subscription-toggle' );
     29        bbp_ajax_call( 'forum_subscription', $( this ).attr( 'data-forum' ), nonce, '#subscription-toggle' );
    2630    } );
    2731} );
  • trunk/src/templates/default/js/topic.js

    r6344 r6538  
    2222
    2323    $( '#favorite-toggle' ).on( 'click', 'span a.favorite-toggle', function( e ) {
     24        var nonce = ( bbpTopicJS.topic_id === 0 )
     25            ? $( this ).data( 'bbp-nonce' )
     26            : bbpTopicJS.fav_nonce;
     27
    2428        e.preventDefault();
    25         bbp_ajax_call( 'favorite', $( this ).attr( 'data-topic' ), bbpTopicJS.fav_nonce, '#favorite-toggle' );
     29        bbp_ajax_call( 'favorite', $( this ).attr( 'data-topic' ), nonce, '#favorite-toggle' );
    2630    } );
    2731
    2832    $( '#subscription-toggle' ).on( 'click', 'span a.subscription-toggle', function( e ) {
     33        var nonce = ( bbpTopicJS.topic_id === 0 )
     34            ? $( this ).data( 'bbp-nonce' )
     35            : bbpTopicJS.subs_nonce;
     36
    2937        e.preventDefault();
    30         bbp_ajax_call( 'subscription', $( this ).attr( 'data-topic' ), bbpTopicJS.subs_nonce, '#subscription-toggle' );
     38        bbp_ajax_call( 'subscription', $( this ).attr( 'data-topic' ), nonce, '#subscription-toggle' );
    3139    } );
    3240
Note: See TracChangeset for help on using the changeset viewer.