Index: src/includes/common/ajax.php
===================================================================
--- src/includes/common/ajax.php
+++ src/includes/common/ajax.php
@@ -76,6 +76,9 @@
// Disable content sniffing in browsers that support it
send_nosniff_header();
+ // Everything is 200 OK.
+ status_header( 200 );
+
// Perform custom bbPress ajax
do_action( 'bbp_ajax_' . $_REQUEST['action'] );
Index: src/includes/users/template.php
===================================================================
--- src/includes/users/template.php
+++ src/includes/users/template.php
@@ -1204,7 +1204,7 @@
$url = esc_url( wp_nonce_url( add_query_arg( $query_args, $permalink ), 'toggle-favorite_' . $topic_id ) );
$sub = $is_fav ? ' class="is-favorite"' : '';
- $html = sprintf( '%s%s%s', $r['before'], $topic_id, $sub, $url, $topic_id, $text, $r['after'] );
+ $html = sprintf( '%s%s%s', $r['before'], $topic_id, $sub, $url, $topic_id, wp_create_nonce( 'toggle-favorite_' . $topic_id ), $text, $r['after'] );
// Initial output is wrapped in a span, ajax output is hooked to this
if ( ! empty( $wrap ) ) {
@@ -1412,7 +1412,7 @@
$url = esc_url( wp_nonce_url( add_query_arg( $query_args, $permalink ), 'toggle-subscription_' . $forum_id ) );
$sub = $is_subscribed ? ' class="is-subscribed"' : '';
- $html = sprintf( '%s%s%s', $r['before'], $forum_id, $sub, $url, $forum_id, $text, $r['after'] );
+ $html = sprintf( '%s%s%s', $r['before'], $forum_id, $sub, $url, $forum_id, wp_create_nonce( 'toggle-subscription_' . $forum_id ), $text, $r['after'] );
// Initial output is wrapped in a span, ajax output is hooked to this
if ( ! empty( $wrap ) ) {
@@ -1448,7 +1448,7 @@
$url = esc_url( wp_nonce_url( add_query_arg( $query_args, $permalink ), 'toggle-subscription_' . $topic_id ) );
$sub = $is_subscribed ? ' class="is-subscribed"' : '';
- $html = sprintf( '%s%s%s', $r['before'], $topic_id, $sub, $url, $topic_id, $text, $r['after'] );
+ $html = sprintf( '%s%s%s', $r['before'], $topic_id, $sub, $url, $topic_id, wp_create_nonce( 'toggle-subscription_' . $topic_id ), $text, $r['after'] );
// Initial output is wrapped in a span, ajax output is hooked to this
if ( ! empty( $wrap ) ) {
Index: src/templates/default/js/forum.js
===================================================================
--- src/templates/default/js/forum.js
+++ src/templates/default/js/forum.js
@@ -21,7 +21,9 @@
}
$( '#subscription-toggle' ).on( 'click', 'span a.subscription-toggle', function( e ) {
+ var nonce = bbpForumJS.forum_id == 0 ? $( this ).data( 'bbp-nonce' ) : bbpForumJS.subs_nonce;
+
e.preventDefault();
- bbp_ajax_call( 'forum_subscription', $( this ).attr( 'data-forum' ), bbpForumJS.subs_nonce, '#subscription-toggle' );
+ bbp_ajax_call( 'forum_subscription', $( this ).attr( 'data-forum' ), nonce, '#subscription-toggle' );
} );
} );
Index: src/templates/default/js/topic.js
===================================================================
--- src/templates/default/js/topic.js
+++ src/templates/default/js/topic.js
@@ -21,13 +21,17 @@
}
$( '#favorite-toggle' ).on( 'click', 'span a.favorite-toggle', function( e ) {
+ var nonce = bbpTopicJS.topic_id == 0 ? $( this ).data( 'bbp-nonce' ) : bbpTopicJS.fav_nonce;
+
e.preventDefault();
bbp_ajax_call( 'favorite', $( this ).attr( 'data-topic' ), bbpTopicJS.fav_nonce, '#favorite-toggle' );
} );
$( '#subscription-toggle' ).on( 'click', 'span a.subscription-toggle', function( e ) {
+ var nonce = bbpTopicJS.topic_id == 0 ? $( this ).data( 'bbp-nonce' ) : bbpTopicJS.subs_nonce;
+
e.preventDefault();
- bbp_ajax_call( 'subscription', $( this ).attr( 'data-topic' ), bbpTopicJS.subs_nonce, '#subscription-toggle' );
+ bbp_ajax_call( 'subscription', $( this ).attr( 'data-topic' ), nonce, '#subscription-toggle' );
} );
$( '.bbp-alert-outer' ).on( 'click', '.bbp-alert-close', function( e ) {