Skip to:
Content

bbPress.org


Ignore:
Timestamp:
02/18/2021 06:33:29 AM (4 years ago)
Author:
johnjamesjacoby
Message:

Post Statuses: Audit forum/topic/reply, new/edit handlers.

This change normalizes the approaches between post types and actions, to ensure predictable behavior and avoid PHP notices from undefined status variables in certain situations.

It also adds a capability check to the bbp_topic_status condition, so that it is not engaged when the UI was not exposed in the posted form.

Props dd32.

In branches/2.6 for 2.6.7. Fixes #3420.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/2.6/src/includes/topics/functions.php

    r7169 r7192  
    265265    $topic_statuses = bbp_get_topic_statuses();
    266266
    267     // Maybe put into moderation
     267    // Default to published
     268    $topic_status = bbp_get_public_status_id();
     269
     270    // Maybe force into pending
    268271    if ( ! bbp_check_for_moderation( $anonymous_data, $topic_author, $topic_title, $topic_content ) ) {
    269272        $topic_status = bbp_get_pending_status_id();
    270273
    271     // Check possible topic status ID's
     274    // Check for possible posted topic status
    272275    } elseif ( ! empty( $_POST['bbp_topic_status'] ) && in_array( $_POST['bbp_topic_status'], array_keys( $topic_statuses ), true ) ) {
    273         $topic_status = sanitize_key( $_POST['bbp_topic_status'] );
    274 
    275     // Default to published if nothing else
    276     } else {
    277         $topic_status = bbp_get_public_status_id();
     276
     277        // Allow capable users to explicitly override the status
     278        if ( current_user_can( 'moderate', $forum_id ) ) {
     279            $topic_status = sanitize_key( $_POST['bbp_topic_status'] );
     280
     281        // Not capable
     282        } else {
     283            bbp_add_error( 'bbp_new_topic_status', __( '<strong>Error</strong>: You do not have permission to do that.', 'bbpress' ) );
     284        }
    278285    }
    279286
     
    561568    $topic_statuses = bbp_get_topic_statuses( $topic_id );
    562569
    563     // Maybe put into moderation
    564     if ( ! bbp_check_for_moderation( $anonymous_data, $topic_author, $topic_title, $topic_content ) ) {
    565 
    566         // Set post status to pending if public or closed
    567         if ( bbp_is_topic_public( $topic->ID ) ) {
    568             $topic_status = bbp_get_pending_status_id();
    569         }
    570 
    571     // Check possible topic status ID's
     570    // Use existing post_status
     571    $topic_status = $topic->post_status;
     572
     573    // Maybe force into pending
     574    if ( bbp_is_topic_public( $topic->ID ) && ! bbp_check_for_moderation( $anonymous_data, $topic_author, $topic_title, $topic_content ) ) {
     575        $topic_status = bbp_get_pending_status_id();
     576
     577    // Check for possible posted topic status
    572578    } elseif ( ! empty( $_POST['bbp_topic_status'] ) && in_array( $_POST['bbp_topic_status'], array_keys( $topic_statuses ), true ) ) {
    573         $topic_status = sanitize_key( $_POST['bbp_topic_status'] );
    574 
    575     // Use existing post_status
    576     } else {
    577         $topic_status = $topic->post_status;
     579
     580        // Allow capable users to explicitly override the status
     581        if ( current_user_can( 'moderate', $forum_id ) ) {
     582            $topic_status = sanitize_key( $_POST['bbp_topic_status'] );
     583
     584        // Not capable
     585        } else {
     586            bbp_add_error( 'bbp_edit_topic_status', __( '<strong>Error</strong>: You do not have permission to do that.', 'bbpress' ) );
     587        }
    578588    }
    579589
Note: See TracChangeset for help on using the changeset viewer.