Skip to:
Content

bbPress.org

Changeset 7192


Ignore:
Timestamp:
02/18/2021 06:33:29 AM (8 weeks ago)
Author:
johnjamesjacoby
Message:

Post Statuses: Audit forum/topic/reply, new/edit handlers.

This change normalizes the approaches between post types and actions, to ensure predictable behavior and avoid PHP notices from undefined status variables in certain situations.

It also adds a capability check to the bbp_topic_status condition, so that it is not engaged when the UI was not exposed in the posted form.

Props dd32.

In branches/2.6 for 2.6.7. Fixes #3420.

Location:
branches/2.6/src/includes
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/2.6/src/includes/forums/functions.php

    r7169 r7192  
    243243    /** Forum Moderation ******************************************************/
    244244
    245     $post_status = bbp_get_public_status_id();
     245    // Default to published
     246    $forum_status = bbp_get_public_status_id();
     247
     248    // Maybe force into pending
    246249    if ( ! bbp_check_for_moderation( $anonymous_data, $forum_author, $forum_title, $forum_content ) ) {
    247         $post_status = bbp_get_pending_status_id();
     250        $forum_status = bbp_get_pending_status_id();
    248251    }
    249252
     
    266269        'post_content'   => $forum_content,
    267270        'post_parent'    => $forum_parent_id,
    268         'post_status'    => $post_status,
     271        'post_status'    => $forum_status,
    269272        'post_type'      => bbp_get_forum_post_type(),
    270273        'comment_status' => 'closed'
     
    482485    /** Forum Moderation ******************************************************/
    483486
    484     $post_status = bbp_get_public_status_id();
     487    // Use existing post_status
     488    $forum_status = $forum->post_status;
     489
     490    // Maybe force into pending
    485491    if ( ! bbp_check_for_moderation( $anonymous_data, bbp_get_forum_author_id( $forum_id ), $forum_title, $forum_content ) ) {
    486         $post_status = bbp_get_pending_status_id();
     492        $forum_status = bbp_get_pending_status_id();
    487493    }
    488494
     
    504510        'post_title'   => $forum_title,
    505511        'post_content' => $forum_content,
    506         'post_status'  => $post_status,
     512        'post_status'  => $forum_status,
    507513        'post_parent'  => $forum_parent_id
    508514    ) );
  • branches/2.6/src/includes/replies/functions.php

    r7178 r7192  
    319319    /** Reply Status **********************************************************/
    320320
    321     // Maybe put into moderation
     321    // Default to published
     322    $reply_status = bbp_get_public_status_id();
     323
     324    // Maybe force into pending
    322325    if ( bbp_is_topic_pending( $topic_id ) || ! bbp_check_for_moderation( $anonymous_data, $reply_author, $reply_title, $reply_content ) ) {
    323326        $reply_status = bbp_get_pending_status_id();
    324 
    325     // Default
    326     } else {
    327         $reply_status = bbp_get_public_status_id();
    328327    }
    329328
     
    634633    /** Reply Status **********************************************************/
    635634
    636     // Maybe put into moderation
    637     if ( ! bbp_check_for_moderation( $anonymous_data, $reply_author, $reply_title, $reply_content ) ) {
    638 
    639         // Set post status to pending if public
    640         if ( bbp_get_public_status_id() === $reply->post_status ) {
    641             $reply_status = bbp_get_pending_status_id();
    642         }
    643 
    644635    // Use existing post_status
    645     } else {
    646         $reply_status = $reply->post_status;
     636    $reply_status = $reply->post_status;
     637
     638    // Maybe force into pending
     639    if ( bbp_is_reply_public( $reply_id ) && ! bbp_check_for_moderation( $anonymous_data, $reply_author, $reply_title, $reply_content ) ) {
     640        $reply_status = bbp_get_pending_status_id();
    647641    }
    648642
  • branches/2.6/src/includes/topics/functions.php

    r7169 r7192  
    265265    $topic_statuses = bbp_get_topic_statuses();
    266266
    267     // Maybe put into moderation
     267    // Default to published
     268    $topic_status = bbp_get_public_status_id();
     269
     270    // Maybe force into pending
    268271    if ( ! bbp_check_for_moderation( $anonymous_data, $topic_author, $topic_title, $topic_content ) ) {
    269272        $topic_status = bbp_get_pending_status_id();
    270273
    271     // Check possible topic status ID's
     274    // Check for possible posted topic status
    272275    } elseif ( ! empty( $_POST['bbp_topic_status'] ) && in_array( $_POST['bbp_topic_status'], array_keys( $topic_statuses ), true ) ) {
    273         $topic_status = sanitize_key( $_POST['bbp_topic_status'] );
    274 
    275     // Default to published if nothing else
    276     } else {
    277         $topic_status = bbp_get_public_status_id();
     276
     277        // Allow capable users to explicitly override the status
     278        if ( current_user_can( 'moderate', $forum_id ) ) {
     279            $topic_status = sanitize_key( $_POST['bbp_topic_status'] );
     280
     281        // Not capable
     282        } else {
     283            bbp_add_error( 'bbp_new_topic_status', __( '<strong>Error</strong>: You do not have permission to do that.', 'bbpress' ) );
     284        }
    278285    }
    279286
     
    561568    $topic_statuses = bbp_get_topic_statuses( $topic_id );
    562569
    563     // Maybe put into moderation
    564     if ( ! bbp_check_for_moderation( $anonymous_data, $topic_author, $topic_title, $topic_content ) ) {
    565 
    566         // Set post status to pending if public or closed
    567         if ( bbp_is_topic_public( $topic->ID ) ) {
    568             $topic_status = bbp_get_pending_status_id();
    569         }
    570 
    571     // Check possible topic status ID's
     570    // Use existing post_status
     571    $topic_status = $topic->post_status;
     572
     573    // Maybe force into pending
     574    if ( bbp_is_topic_public( $topic->ID ) && ! bbp_check_for_moderation( $anonymous_data, $topic_author, $topic_title, $topic_content ) ) {
     575        $topic_status = bbp_get_pending_status_id();
     576
     577    // Check for possible posted topic status
    572578    } elseif ( ! empty( $_POST['bbp_topic_status'] ) && in_array( $_POST['bbp_topic_status'], array_keys( $topic_statuses ), true ) ) {
    573         $topic_status = sanitize_key( $_POST['bbp_topic_status'] );
    574 
    575     // Use existing post_status
    576     } else {
    577         $topic_status = $topic->post_status;
     579
     580        // Allow capable users to explicitly override the status
     581        if ( current_user_can( 'moderate', $forum_id ) ) {
     582            $topic_status = sanitize_key( $_POST['bbp_topic_status'] );
     583
     584        // Not capable
     585        } else {
     586            bbp_add_error( 'bbp_edit_topic_status', __( '<strong>Error</strong>: You do not have permission to do that.', 'bbpress' ) );
     587        }
    578588    }
    579589
Note: See TracChangeset for help on using the changeset viewer.