Skip to:
Content

bbPress.org


Ignore:
Timestamp:
01/28/2020 10:12:13 PM (2 years ago)
Author:
johnjamesjacoby
Message:

BuddyPress: explicitly validate IDs when editing Group forum topics & replies.

This commit adds methods to validate that the forum IDs and reply-to IDs for topics & replies are within the accepted ranges for the specific Group Forum they are being edited inside of.

In addition, the moderate_forum mapped meta capability is removed, and the broader moderate capability will continue to cover its use case. This capability was not intended to be used directly, and doing so incorrectly would trigger unintended and infinite recursion.

For 2.7, trunk

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/includes/users/capabilities.php

    r7056 r7060  
    5656                $caps = array( 'do_not_allow' );
    5757
    58             // Keymasters can always moderate
     58            // Keymasters can always moderate.
    5959            } elseif ( bbp_is_user_keymaster( $user_id ) ) {
    6060                $caps = array( 'spectate' );
    6161
    62             // Default to the current cap.
    63             } else {
     62            // Check if user can moderate forum.
     63            } elseif ( bbp_allow_forum_mods() ) {
    6464                $caps = array( $cap );
    6565
     
    104104                }
    105105
    106                 // If user is a per-forum moderator, make sure they can spectate.
    107                 if ( bbp_is_user_forum_moderator( $user_id, $forum_id ) ) {
     106                // User is mod of this forum
     107                if ( bbp_is_object_of_user( $forum_id, $user_id, '_bbp_moderator_id' ) ) {
    108108                    $caps = array( 'spectate' );
    109109                }
Note: See TracChangeset for help on using the changeset viewer.