/** * Handles the front end edit topic submission * * @param string $action The requested action to compare this function to * @uses bbp_add_error() To add an error message * @uses bbp_get_topic() To get the topic * @uses bbp_verify_nonce_request() To verify the nonce and check the request * @uses bbp_is_topic_anonymous() To check if topic is by an anonymous user * @uses current_user_can() To check if the current user can edit the topic * @uses bbp_filter_anonymous_post_data() To filter anonymous data * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error} * @uses esc_attr() For sanitization * @uses bbp_is_forum_category() To check if the forum is a category * @uses bbp_is_forum_closed() To check if the forum is closed * @uses bbp_is_forum_private() To check if the forum is private * @uses remove_filter() To remove kses filters if needed * @uses apply_filters() Calls 'bbp_edit_topic_pre_title' with the title and * topic id * @uses apply_filters() Calls 'bbp_edit_topic_pre_content' with the content * and topic id * @uses bbPress::errors::get_error_codes() To get the {@link WP_Error} errors * @uses wp_save_post_revision() To save a topic revision * @uses bbp_update_topic_revision_log() To update the topic revision log * @uses bbp_stick_topic() To stick or super stick the topic * @uses bbp_unstick_topic() To unstick the topic * @uses wp_update_post() To update the topic * @uses do_action() Calls 'bbp_edit_topic' with the topic id, forum id, * anonymous data and reply author * @uses bbp_move_topic_handler() To handle movement of a topic from one forum * to another * @uses bbp_get_topic_permalink() To get the topic permalink * @uses wp_safe_redirect() To redirect to the topic link * @uses bbPress::errors::get_error_messages() To get the {@link WP_Error} error * messages */ function bbp_edit_topic_handler($action = '') { // Bail if action is not bbp-edit-topic if ('bbp-edit-topic' !== $action) { return; } // Define local variable(s) $revisions_removed = false; $topic = $topic_id = $topic_author = $forum_id = $anonymous_data = 0; $topic_title = $topic_content = $topic_edit_reason = ''; /** Topic *****************************************************************/ // Topic id was not passed if (empty($_POST['bbp_topic_id'])) { bbp_add_error('bbp_edit_topic_id', __('<strong>ERROR</strong>: Topic ID not found.', 'bbpress')); return; // Topic id was passed } elseif (is_numeric($_POST['bbp_topic_id'])) { $topic_id = (int) $_POST['bbp_topic_id']; $topic = bbp_get_topic($topic_id); } // Topic does not exist if (empty($topic)) { bbp_add_error('bbp_edit_topic_not_found', __('<strong>ERROR</strong>: The topic you want to edit was not found.', 'bbpress')); return; // Topic exists } else { // Check users ability to create new topic if (!bbp_is_topic_anonymous($topic_id)) { // User cannot edit this topic if (!current_user_can('edit_topic', $topic_id)) { bbp_add_error('bbp_edit_topic_permissions', __('<strong>ERROR</strong>: You do not have permission to edit that topic.', 'bbpress')); } // Set topic author $topic_author = bbp_get_topic_author_id($topic_id); // It is an anonymous post } else { // Filter anonymous data $anonymous_data = bbp_filter_anonymous_post_data(array(), true); } } // Nonce check if (!bbp_verify_nonce_request('bbp-edit-topic_' . $topic_id)) { bbp_add_error('bbp_edit_topic_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress')); return; } // Remove kses filters from title and content for capable users and if the nonce is verified if (current_user_can('unfiltered_html') && !empty($_POST['_bbp_unfiltered_html_topic']) && wp_create_nonce('bbp-unfiltered-html-topic_' . $topic_id) === $_POST['_bbp_unfiltered_html_topic']) { remove_filter('bbp_edit_topic_pre_title', 'wp_filter_kses'); remove_filter('bbp_edit_topic_pre_content', 'bbp_encode_bad', 10); remove_filter('bbp_edit_topic_pre_content', 'bbp_filter_kses', 30); } /** Topic Forum ***********************************************************/ // Forum id was not passed if (empty($_POST['bbp_forum_id'])) { bbp_add_error('bbp_topic_forum_id', __('<strong>ERROR</strong>: Forum ID is missing.', 'bbpress')); // Forum id was passed } elseif (is_numeric($_POST['bbp_forum_id'])) { $forum_id = (int) $_POST['bbp_forum_id']; } // Current forum this topic is in $current_forum_id = bbp_get_topic_forum_id($topic_id); // Forum exists if (!empty($forum_id) && $forum_id !== $current_forum_id) { // Forum is a category if (bbp_is_forum_category($forum_id)) { bbp_add_error('bbp_edit_topic_forum_category', __('<strong>ERROR</strong>: This forum is a category. No topics can be created in it.', 'bbpress')); // Forum is not a category } else { // Forum is closed and user cannot access if (bbp_is_forum_closed($forum_id) && !current_user_can('edit_forum', $forum_id)) { bbp_add_error('bbp_edit_topic_forum_closed', __('<strong>ERROR</strong>: This forum has been closed to new topics.', 'bbpress')); } // Forum is private and user cannot access if (bbp_is_forum_private($forum_id)) { if (!current_user_can('read_private_forums')) { bbp_add_error('bbp_edit_topic_forum_private', __('<strong>ERROR</strong>: This forum is private and you do not have the capability to read or create new topics in it.', 'bbpress')); } // Forum is hidden and user cannot access } elseif (bbp_is_forum_hidden($forum_id)) { if (!current_user_can('read_hidden_forums')) { bbp_add_error('bbp_edit_topic_forum_hidden', __('<strong>ERROR</strong>: This forum is hidden and you do not have the capability to read or create new topics in it.', 'bbpress')); } } } } /** Topic Title ***********************************************************/ if (!empty($_POST['bbp_topic_title'])) { $topic_title = esc_attr(strip_tags($_POST['bbp_topic_title'])); } // Filter and sanitize $topic_title = apply_filters('bbp_edit_topic_pre_title', $topic_title, $topic_id); // No topic title if (empty($topic_title)) { bbp_add_error('bbp_edit_topic_title', __('<strong>ERROR</strong>: Your topic needs a title.', 'bbpress')); } /** Topic Content *********************************************************/ if (!empty($_POST['bbp_topic_content'])) { $topic_content = $_POST['bbp_topic_content']; } // Filter and sanitize $topic_content = apply_filters('bbp_edit_topic_pre_content', $topic_content, $topic_id); // No topic content if (empty($topic_content)) { bbp_add_error('bbp_edit_topic_content', __('<strong>ERROR</strong>: Your topic cannot be empty.', 'bbpress')); } /** Topic Blacklist *******************************************************/ if (!bbp_check_for_blacklist($anonymous_data, $topic_author, $topic_title, $topic_content)) { bbp_add_error('bbp_topic_blacklist', __('<strong>ERROR</strong>: Your topic cannot be edited at this time.', 'bbpress')); } /** Topic Status **********************************************************/ // Maybe put into moderation if (!bbp_check_for_moderation($anonymous_data, $topic_author, $topic_title, $topic_content)) { // Set post status to pending if public or closed if (in_array($topic->post_status, array(bbp_get_public_status_id(), bbp_get_closed_status_id()))) { $topic_status = bbp_get_pending_status_id(); } // Check a whitelist of possible topic status ID's } elseif (!empty($_POST['bbp_topic_status']) && in_array($_POST['bbp_topic_status'], array_keys(bbp_get_topic_statuses()))) { $topic_status = $_POST['bbp_topic_status']; // Use existing post_status } else { $topic_status = $topic->post_status; } /** Topic Tags ************************************************************/ // Either replace terms if (bbp_allow_topic_tags() && current_user_can('assign_topic_tags') && !empty($_POST['bbp_topic_tags'])) { // Escape tag input $terms = esc_attr(strip_tags($_POST['bbp_topic_tags'])); // Explode by comma if (strstr($terms, ',')) { $terms = explode(',', $terms); } // Add topic tag ID as main key $terms = array(bbp_get_topic_tag_tax_id() => $terms); // ...or remove them. } elseif (isset($_POST['bbp_topic_tags'])) { $terms = array(bbp_get_topic_tag_tax_id() => array()); // Existing terms } else { $terms = array(bbp_get_topic_tag_tax_id() => explode(',', bbp_get_topic_tag_names($topic_id, ','))); } /** Additional Actions (Before Save) **************************************/ do_action('bbp_edit_topic_pre_extras', $topic_id); // Bail if errors if (bbp_has_errors()) { return; } /** No Errors *************************************************************/ // Add the content of the form to $topic_data as an array // Just in time manipulation of topic data before being edited $topic_data = apply_filters('bbp_edit_topic_pre_insert', array('ID' => $topic_id, 'post_title' => $topic_title, 'post_content' => $topic_content, 'post_status' => $topic_status, 'post_parent' => $forum_id, 'post_author' => $topic_author, 'post_type' => bbp_get_topic_post_type(), 'tax_input' => $terms)); // Toggle revisions to avoid duplicates if (post_type_supports(bbp_get_topic_post_type(), 'revisions')) { $revisions_removed = true; remove_post_type_support(bbp_get_topic_post_type(), 'revisions'); } // Insert topic $topic_id = wp_update_post($topic_data); // Toggle revisions back on if (true === $revisions_removed) { $revisions_removed = false; add_post_type_support(bbp_get_topic_post_type(), 'revisions'); } /** No Errors *************************************************************/ if (!empty($topic_id) && !is_wp_error($topic_id)) { // Update counts, etc... do_action('bbp_edit_topic', $topic_id, $forum_id, $anonymous_data, $topic_author, true); /** Revisions *********************************************************/ // Revision Reason if (!empty($_POST['bbp_topic_edit_reason'])) { $topic_edit_reason = esc_attr(strip_tags($_POST['bbp_topic_edit_reason'])); } // Update revision log if (!empty($_POST['bbp_log_topic_edit']) && "1" === $_POST['bbp_log_topic_edit']) { $revision_id = wp_save_post_revision($topic_id); if (!empty($revision_id)) { bbp_update_topic_revision_log(array('topic_id' => $topic_id, 'revision_id' => $revision_id, 'author_id' => bbp_get_current_user_id(), 'reason' => $topic_edit_reason)); } } /** Move Topic ********************************************************/ // If the new forum id is not equal to the old forum id, run the // bbp_move_topic action and pass the topic's forum id as the // first arg and topic id as the second to update counts. if ($forum_id !== $topic->post_parent) { bbp_move_topic_handler($topic_id, $topic->post_parent, $forum_id); } /** Stickies **********************************************************/ if (!empty($_POST['bbp_stick_topic']) && in_array($_POST['bbp_stick_topic'], array_keys(bbp_get_topic_types()))) { // What's the caps? if (current_user_can('moderate')) { // What's the haps? switch ($_POST['bbp_stick_topic']) { // Sticky in forum case 'stick': bbp_stick_topic($topic_id); break; // Sticky in all forums // Sticky in all forums case 'super': bbp_stick_topic($topic_id, true); break; // Normal // Normal case 'unstick': default: bbp_unstick_topic($topic_id); break; } } } /** Additional Actions (After Save) ***********************************/ do_action('bbp_edit_topic_post_extras', $topic_id); /** Redirect **********************************************************/ // Redirect to $redirect_to = bbp_get_redirect_to(); // View all? $view_all = bbp_get_view_all(); // Get the topic URL $topic_url = bbp_get_topic_permalink($topic_id, $redirect_to); // Add view all? if (!empty($view_all)) { $topic_url = bbp_add_view_all($topic_url); } // Allow to be filtered $topic_url = apply_filters('bbp_edit_topic_redirect_to', $topic_url, $view_all, $redirect_to); /** Successful Edit ***************************************************/ // Redirect back to new topic wp_safe_redirect($topic_url); // For good measure exit; /** Errors ****************************************************************/ } else { $append_error = is_wp_error($topic_id) && $topic_id->get_error_message() ? $topic_id->get_error_message() . ' ' : ''; bbp_add_error('bbp_topic_error', __('<strong>ERROR</strong>: The following problem(s) have been found with your topic:' . $append_error . 'Please try again.', 'bbpress')); } }
/** * Handles the front end edit forum submission * * @param string $action The requested action to compare this function to * @uses bbPress:errors::add() To log various error messages * @uses bbp_get_forum() To get the forum * @uses bbp_verify_nonce_request() To verify the nonce and check the request * @uses bbp_is_forum_anonymous() To check if forum is by an anonymous user * @uses current_user_can() To check if the current user can edit the forum * @uses bbp_filter_anonymous_post_data() To filter anonymous data * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error} * @uses esc_attr() For sanitization * @uses bbp_is_forum_category() To check if the forum is a category * @uses bbp_is_forum_closed() To check if the forum is closed * @uses bbp_is_forum_private() To check if the forum is private * @uses remove_filter() To remove kses filters if needed * @uses apply_filters() Calls 'bbp_edit_forum_pre_title' with the title and * forum id * @uses apply_filters() Calls 'bbp_edit_forum_pre_content' with the content * and forum id * @uses bbPress::errors::get_error_codes() To get the {@link WP_Error} errors * @uses wp_save_post_revision() To save a forum revision * @uses bbp_update_forum_revision_log() To update the forum revision log * @uses wp_update_post() To update the forum * @uses do_action() Calls 'bbp_edit_forum' with the forum id, forum id, * anonymous data and reply author * @uses bbp_move_forum_handler() To handle movement of a forum from one forum * to another * @uses bbp_get_forum_permalink() To get the forum permalink * @uses wp_safe_redirect() To redirect to the forum link * @uses bbPress::errors::get_error_messages() To get the {@link WP_Error} error * messages */ function bbp_edit_forum_handler($action = '') { // Bail if action is not bbp-edit-forum if ('bbp-edit-forum' !== $action) { return; } // Define local variable(s) $anonymous_data = array(); $forum = $forum_id = $forum_parent_id = 0; $forum_title = $forum_content = $forum_edit_reason = ''; /** Forum *****************************************************************/ // Forum id was not passed if (empty($_POST['bbp_forum_id'])) { bbp_add_error('bbp_edit_forum_id', __('<strong>ERROR</strong>: Forum ID not found.', 'bbpress')); return; // Forum id was passed } elseif (is_numeric($_POST['bbp_forum_id'])) { $forum_id = (int) $_POST['bbp_forum_id']; $forum = bbp_get_forum($forum_id); } // Nonce check if (!bbp_verify_nonce_request('bbp-edit-forum_' . $forum_id)) { bbp_add_error('bbp_edit_forum_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress')); return; // Forum does not exist } elseif (empty($forum)) { bbp_add_error('bbp_edit_forum_not_found', __('<strong>ERROR</strong>: The forum you want to edit was not found.', 'bbpress')); return; // User cannot edit this forum } elseif (!current_user_can('edit_forum', $forum_id)) { bbp_add_error('bbp_edit_forum_permissions', __('<strong>ERROR</strong>: You do not have permission to edit that forum.', 'bbpress')); return; } // Remove kses filters from title and content for capable users and if the nonce is verified if (current_user_can('unfiltered_html') && !empty($_POST['_bbp_unfiltered_html_forum']) && wp_create_nonce('bbp-unfiltered-html-forum_' . $forum_id) === $_POST['_bbp_unfiltered_html_forum']) { remove_filter('bbp_edit_forum_pre_title', 'wp_filter_kses'); remove_filter('bbp_edit_forum_pre_content', 'bbp_encode_bad', 10); remove_filter('bbp_edit_forum_pre_content', 'bbp_filter_kses', 30); } /** Forum Parent ***********************************************************/ // Forum parent id was passed if (!empty($_POST['bbp_forum_parent_id'])) { $forum_parent_id = bbp_get_forum_id($_POST['bbp_forum_parent_id']); } // Current forum this forum is in $current_parent_forum_id = bbp_get_forum_parent_id($forum_id); // Forum exists if (!empty($forum_parent_id) && $forum_parent_id !== $current_parent_forum_id) { // Forum is closed and user cannot access if (bbp_is_forum_closed($forum_parent_id) && !current_user_can('edit_forum', $forum_parent_id)) { bbp_add_error('bbp_edit_forum_forum_closed', __('<strong>ERROR</strong>: This forum has been closed to new forums.', 'bbpress')); } // Forum is private and user cannot access if (bbp_is_forum_private($forum_parent_id) && !current_user_can('read_private_forums')) { bbp_add_error('bbp_edit_forum_forum_private', __('<strong>ERROR</strong>: This forum is private and you do not have the capability to read or create new forums in it.', 'bbpress')); } // Forum is hidden and user cannot access if (bbp_is_forum_hidden($forum_parent_id) && !current_user_can('read_hidden_forums')) { bbp_add_error('bbp_edit_forum_forum_hidden', __('<strong>ERROR</strong>: This forum is hidden and you do not have the capability to read or create new forums in it.', 'bbpress')); } } /** Forum Title ***********************************************************/ if (!empty($_POST['bbp_forum_title'])) { $forum_title = esc_attr(strip_tags($_POST['bbp_forum_title'])); } // Filter and sanitize $forum_title = apply_filters('bbp_edit_forum_pre_title', $forum_title, $forum_id); // No forum title if (empty($forum_title)) { bbp_add_error('bbp_edit_forum_title', __('<strong>ERROR</strong>: Your forum needs a title.', 'bbpress')); } /** Forum Content *********************************************************/ if (!empty($_POST['bbp_forum_content'])) { $forum_content = $_POST['bbp_forum_content']; } // Filter and sanitize $forum_content = apply_filters('bbp_edit_forum_pre_content', $forum_content, $forum_id); // No forum content if (empty($forum_content)) { bbp_add_error('bbp_edit_forum_content', __('<strong>ERROR</strong>: Your forum description cannot be empty.', 'bbpress')); } /** Forum Blacklist *******************************************************/ if (!bbp_check_for_blacklist($anonymous_data, bbp_get_forum_author_id($forum_id), $forum_title, $forum_content)) { bbp_add_error('bbp_forum_blacklist', __('<strong>ERROR</strong>: Your forum cannot be edited at this time.', 'bbpress')); } /** Forum Moderation ******************************************************/ $post_status = bbp_get_public_status_id(); if (!bbp_check_for_moderation($anonymous_data, bbp_get_forum_author_id($forum_id), $forum_title, $forum_content)) { $post_status = bbp_get_pending_status_id(); } /** Additional Actions (Before Save) **************************************/ do_action('bbp_edit_forum_pre_extras', $forum_id); // Bail if errors if (bbp_has_errors()) { return; } /** No Errors *************************************************************/ // Add the content of the form to $forum_data as an array // Just in time manipulation of forum data before being edited $forum_data = apply_filters('bbp_edit_forum_pre_insert', array('ID' => $forum_id, 'post_title' => $forum_title, 'post_content' => $forum_content, 'post_status' => $post_status, 'post_parent' => $forum_parent_id)); // Insert forum $forum_id = wp_update_post($forum_data); /** Revisions *************************************************************/ /** * @todo omitted for 2.1 // Revision Reason if ( !empty( $_POST['bbp_forum_edit_reason'] ) ) $forum_edit_reason = esc_attr( strip_tags( $_POST['bbp_forum_edit_reason'] ) ); // Update revision log if ( !empty( $_POST['bbp_log_forum_edit'] ) && ( "1" === $_POST['bbp_log_forum_edit'] ) && ( $revision_id = wp_save_post_revision( $forum_id ) ) ) { bbp_update_forum_revision_log( array( 'forum_id' => $forum_id, 'revision_id' => $revision_id, 'author_id' => bbp_get_current_user_id(), 'reason' => $forum_edit_reason ) ); } */ /** No Errors *************************************************************/ if (!empty($forum_id) && !is_wp_error($forum_id)) { // Update counts, etc... do_action('bbp_edit_forum', array('forum_id' => $forum_id, 'post_parent' => $forum_parent_id, 'forum_author' => $forum->post_author, 'last_topic_id' => 0, 'last_reply_id' => 0, 'last_active_id' => 0, 'last_active_time' => 0, 'last_active_status' => bbp_get_public_status_id())); // If the new forum parent id is not equal to the old forum parent // id, run the bbp_move_forum action and pass the forum's parent id // as the first arg and new forum parent id as the second. // @todo implement //if ( $forum_id !== $forum->post_parent ) // bbp_move_forum_handler( $forum_parent_id, $forum->post_parent, $forum_id ); /** Additional Actions (After Save) ***********************************/ do_action('bbp_edit_forum_post_extras', $forum_id); /** Redirect **********************************************************/ // Redirect to $redirect_to = bbp_get_redirect_to(); // View all? $view_all = bbp_get_view_all(); // Get the forum URL $forum_url = bbp_get_forum_permalink($forum_id, $redirect_to); // Add view all? if (!empty($view_all)) { $forum_url = bbp_add_view_all($forum_url); } // Allow to be filtered $forum_url = apply_filters('bbp_edit_forum_redirect_to', $forum_url, $view_all, $redirect_to); /** Successful Edit ***************************************************/ // Redirect back to new forum wp_safe_redirect($forum_url); // For good measure exit; /** Errors ****************************************************************/ } else { $append_error = is_wp_error($forum_id) && $forum_id->get_error_message() ? $forum_id->get_error_message() . ' ' : ''; bbp_add_error('bbp_forum_error', __('<strong>ERROR</strong>: The following problem(s) have been found with your forum:' . $append_error . 'Please try again.', 'bbpress')); } }
/** * Handles the front end edit reply submission * * @param string $action The requested action to compare this function to * @uses bbp_add_error() To add an error message * @uses bbp_get_reply() To get the reply * @uses bbp_verify_nonce_request() To verify the nonce and check the request * @uses bbp_is_reply_anonymous() To check if the reply was by an anonymous user * @uses current_user_can() To check if the current user can edit that reply * @uses bbp_filter_anonymous_post_data() To filter anonymous data * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error} * @uses remove_filter() To remove kses filters if needed * @uses esc_attr() For sanitization * @uses apply_filters() Calls 'bbp_edit_reply_pre_title' with the title and * reply id * @uses apply_filters() Calls 'bbp_edit_reply_pre_content' with the content * reply id * @uses wp_set_post_terms() To set the topic tags * @uses bbp_has_errors() To get the {@link WP_Error} errors * @uses wp_save_post_revision() To save a reply revision * @uses bbp_update_reply_revision_log() To update the reply revision log * @uses wp_update_post() To update the reply * @uses bbp_get_reply_topic_id() To get the reply topic id * @uses bbp_get_topic_forum_id() To get the topic forum id * @uses bbp_get_reply_to() To get the reply to id * @uses do_action() Calls 'bbp_edit_reply' with the reply id, topic id, forum * id, anonymous data, reply author, bool true (for edit), * and the reply to id * @uses bbp_get_reply_url() To get the paginated url to the reply * @uses wp_safe_redirect() To redirect to the reply url * @uses bbPress::errors::get_error_message() To get the {@link WP_Error} error * message */ function bbp_edit_reply_handler($action = '') { // Bail if action is not bbp-edit-reply if ('bbp-edit-reply' !== $action) { return; } // Define local variable(s) $revisions_removed = false; $reply = $reply_id = $reply_author = $topic_id = $forum_id = $anonymous_data = 0; $reply_title = $reply_content = $reply_edit_reason = $terms = ''; /** Reply *****************************************************************/ // Reply id was not passed if (empty($_POST['bbp_reply_id'])) { bbp_add_error('bbp_edit_reply_id', __('<strong>ERROR</strong>: Reply ID not found.', 'bbpress')); return; // Reply id was passed } elseif (is_numeric($_POST['bbp_reply_id'])) { $reply_id = (int) $_POST['bbp_reply_id']; $reply = bbp_get_reply($reply_id); } // Nonce check if (!bbp_verify_nonce_request('bbp-edit-reply_' . $reply_id)) { bbp_add_error('bbp_edit_reply_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress')); return; } // Reply does not exist if (empty($reply)) { bbp_add_error('bbp_edit_reply_not_found', __('<strong>ERROR</strong>: The reply you want to edit was not found.', 'bbpress')); return; // Reply exists } else { // Check users ability to create new reply if (!bbp_is_reply_anonymous($reply_id)) { // User cannot edit this reply if (!current_user_can('edit_reply', $reply_id)) { bbp_add_error('bbp_edit_reply_permissions', __('<strong>ERROR</strong>: You do not have permission to edit that reply.', 'bbpress')); return; } // Set reply author $reply_author = bbp_get_reply_author_id($reply_id); // It is an anonymous post } else { // Filter anonymous data $anonymous_data = bbp_filter_anonymous_post_data(); } } // Remove kses filters from title and content for capable users and if the nonce is verified if (current_user_can('unfiltered_html') && !empty($_POST['_bbp_unfiltered_html_reply']) && wp_create_nonce('bbp-unfiltered-html-reply_' . $reply_id) === $_POST['_bbp_unfiltered_html_reply']) { remove_filter('bbp_edit_reply_pre_title', 'wp_filter_kses'); remove_filter('bbp_edit_reply_pre_content', 'bbp_encode_bad', 10); remove_filter('bbp_edit_reply_pre_content', 'bbp_filter_kses', 30); } /** Reply Topic ***********************************************************/ $topic_id = bbp_get_reply_topic_id($reply_id); /** Topic Forum ***********************************************************/ $forum_id = bbp_get_topic_forum_id($topic_id); // Forum exists if (!empty($forum_id) && $forum_id !== bbp_get_reply_forum_id($reply_id)) { // Forum is a category if (bbp_is_forum_category($forum_id)) { bbp_add_error('bbp_edit_reply_forum_category', __('<strong>ERROR</strong>: This forum is a category. No replies can be created in this forum.', 'bbpress')); // Forum is not a category } else { // Forum is closed and user cannot access if (bbp_is_forum_closed($forum_id) && !current_user_can('edit_forum', $forum_id)) { bbp_add_error('bbp_edit_reply_forum_closed', __('<strong>ERROR</strong>: This forum has been closed to new replies.', 'bbpress')); } // Forum is private and user cannot access if (bbp_is_forum_private($forum_id)) { if (!current_user_can('read_private_forums')) { bbp_add_error('bbp_edit_reply_forum_private', __('<strong>ERROR</strong>: This forum is private and you do not have the capability to read or create new replies in it.', 'bbpress')); } // Forum is hidden and user cannot access } elseif (bbp_is_forum_hidden($forum_id)) { if (!current_user_can('read_hidden_forums')) { bbp_add_error('bbp_edit_reply_forum_hidden', __('<strong>ERROR</strong>: This forum is hidden and you do not have the capability to read or create new replies in it.', 'bbpress')); } } } } /** Reply Title ***********************************************************/ if (!empty($_POST['bbp_reply_title'])) { $reply_title = esc_attr(strip_tags($_POST['bbp_reply_title'])); } // Filter and sanitize $reply_title = apply_filters('bbp_edit_reply_pre_title', $reply_title, $reply_id); /** Reply Content *********************************************************/ if (!empty($_POST['bbp_reply_content'])) { $reply_content = $_POST['bbp_reply_content']; } // Filter and sanitize $reply_content = apply_filters('bbp_edit_reply_pre_content', $reply_content, $reply_id); // No reply content if (empty($reply_content)) { bbp_add_error('bbp_edit_reply_content', __('<strong>ERROR</strong>: Your reply cannot be empty.', 'bbpress')); } /** Reply Blacklist *******************************************************/ if (!bbp_check_for_blacklist($anonymous_data, $reply_author, $reply_title, $reply_content)) { bbp_add_error('bbp_reply_blacklist', __('<strong>ERROR</strong>: Your reply cannot be edited at this time.', 'bbpress')); } /** Reply Status **********************************************************/ // Maybe put into moderation if (!bbp_check_for_moderation($anonymous_data, $reply_author, $reply_title, $reply_content)) { // Set post status to pending if public if (bbp_get_public_status_id() === $reply->post_status) { $reply_status = bbp_get_pending_status_id(); } // Use existing post_status } else { $reply_status = $reply->post_status; } /** Reply To **************************************************************/ // Handle Reply To of the reply; $_REQUEST for non-JS submissions if (isset($_REQUEST['bbp_reply_to'])) { $reply_to = bbp_validate_reply_to($_REQUEST['bbp_reply_to']); } /** Topic Tags ************************************************************/ // Either replace terms if (bbp_allow_topic_tags() && current_user_can('assign_topic_tags') && !empty($_POST['bbp_topic_tags'])) { $terms = esc_attr(strip_tags($_POST['bbp_topic_tags'])); // ...or remove them. } elseif (isset($_POST['bbp_topic_tags'])) { $terms = ''; // Existing terms } else { $terms = bbp_get_topic_tag_names($topic_id); } /** Additional Actions (Before Save) **************************************/ do_action('bbp_edit_reply_pre_extras', $reply_id); // Bail if errors if (bbp_has_errors()) { return; } /** No Errors *************************************************************/ // Add the content of the form to $reply_data as an array // Just in time manipulation of reply data before being edited $reply_data = apply_filters('bbp_edit_reply_pre_insert', array('ID' => $reply_id, 'post_title' => $reply_title, 'post_content' => $reply_content, 'post_status' => $reply_status, 'post_parent' => $topic_id, 'post_author' => $reply_author, 'post_type' => bbp_get_reply_post_type())); // Toggle revisions to avoid duplicates if (post_type_supports(bbp_get_reply_post_type(), 'revisions')) { $revisions_removed = true; remove_post_type_support(bbp_get_reply_post_type(), 'revisions'); } // Insert topic $reply_id = wp_update_post($reply_data); // Toggle revisions back on if (true === $revisions_removed) { $revisions_removed = false; add_post_type_support(bbp_get_reply_post_type(), 'revisions'); } /** Topic Tags ************************************************************/ // Just in time manipulation of reply terms before being edited $terms = apply_filters('bbp_edit_reply_pre_set_terms', $terms, $topic_id, $reply_id); // Insert terms $terms = wp_set_post_terms($topic_id, $terms, bbp_get_topic_tag_tax_id(), false); // Term error if (is_wp_error($terms)) { bbp_add_error('bbp_reply_tags', __('<strong>ERROR</strong>: There was a problem adding the tags to the topic.', 'bbpress')); } /** Revisions *************************************************************/ // Revision Reason if (!empty($_POST['bbp_reply_edit_reason'])) { $reply_edit_reason = esc_attr(strip_tags($_POST['bbp_reply_edit_reason'])); } // Update revision log if (!empty($_POST['bbp_log_reply_edit']) && "1" === $_POST['bbp_log_reply_edit']) { $revision_id = wp_save_post_revision($reply_id); if (!empty($revision_id)) { bbp_update_reply_revision_log(array('reply_id' => $reply_id, 'revision_id' => $revision_id, 'author_id' => bbp_get_current_user_id(), 'reason' => $reply_edit_reason)); } } /** No Errors *************************************************************/ if (!empty($reply_id) && !is_wp_error($reply_id)) { // Update counts, etc... do_action('bbp_edit_reply', $reply_id, $topic_id, $forum_id, $anonymous_data, $reply_author, true, $reply_to); /** Additional Actions (After Save) ***********************************/ do_action('bbp_edit_reply_post_extras', $reply_id); /** Redirect **********************************************************/ // Redirect to $redirect_to = bbp_get_redirect_to(); // Get the reply URL $reply_url = bbp_get_reply_url($reply_id, $redirect_to); // Allow to be filtered $reply_url = apply_filters('bbp_edit_reply_redirect_to', $reply_url, $redirect_to); /** Successful Edit ***************************************************/ // Redirect back to new reply wp_safe_redirect($reply_url); // For good measure exit; /** Errors ****************************************************************/ } else { $append_error = is_wp_error($reply_id) && $reply_id->get_error_message() ? $reply_id->get_error_message() . ' ' : ''; bbp_add_error('bbp_reply_error', __('<strong>ERROR</strong>: The following problem(s) have been found with your reply:' . $append_error . 'Please try again.', 'bbpress')); } }
/** * @covers ::bbp_check_for_blacklist */ public function test_should_return_false_when_html_wrapped_content_matches_blacklist_keys() { $u = $this->factory->user->create(); $t = $this->factory->topic->create(array('post_author' => $u, 'post_title' => 'Sting', 'post_content' => 'Beware, there maybe bees <strong>hiber</strong><em>nating</em>.')); $anonymous_data = false; $author_id = bbp_get_topic_author_id($t); $title = bbp_get_topic_title($t); $content = bbp_get_topic_content($t); update_option('blacklist_keys', "hibernating\nfoo"); $result = bbp_check_for_blacklist($anonymous_data, $author_id, $title, $content); $this->assertFalse($result); }
/** * Post new topic by email handler. * * For bbPress, the logic in this method is the same as {@link bbp_new_topic_handler()}. * It's duplicated because bbPress doesn't utilize hooks for verifying topics. * * @todo No fancy support for topic tags, subscriptions yet. Will probably need shortcodes. * * @param array $data { * An array of arguments. * * @type array $headers Email headers. * @type string $content The email body content. * @type string $subject The email subject line. * @type int $user_id The user ID who sent the email. * @type bool $is_html Whether the email content is HTML or not. * @type int $i The email message number. * } * @param array $params Parsed paramaters from the email address querystring. * See {@link BP_Reply_By_Email_Parser::get_parameters()}. * @return array|object Array of the parsed item on success. WP_Error object * on failure. */ private function post_new_topic($data, $params) { //private function post_new_topic( $connection, $i, $headers, $params, $body, $topic_author ) { /** SETUP DATA ***************************************************/ $i = $data['i']; $topic_author = $data['user_id']; $forum_id = $params[$this->forum_id_param]; /* current email is a bbPress new topic, let's proceed! */ // let RBE know that we're in the process of rendering a bbP new topic // BuddyPress group new topic if (!empty($params[$this->item_id_param])) { bp_rbe_log('Message #' . $i . ': this is a bbPress group forum new topic'); // bbPress } else { bp_rbe_log('Message #' . $i . ': this is a bbPress new topic'); } // other variables $anonymous_data = 0; /** GROUP PERMISSIONS ********************************************/ // posting from a BP group if (!empty($params[$this->item_id_param])) { global $bp; // set group ID and cache it in global for later use // $bp->rbe->temp->group_id gets passed to the set_group_id() method later on $group_id = $bp->rbe->temp->group_id = $params[$this->item_id_param]; // get all group member data for the user in one swoop! $group_member_data = bp_rbe_get_group_member_info($topic_author, $group_id); // user is not a member of the group anymore if (empty($group_member_data)) { //do_action( 'bp_rbe_imap_no_match', $connection, $i, $headers, 'user_not_group_member' ); return new WP_Error('user_not_group_member', '', $data); } // user is banned from group if ((int) $group_member_data->is_banned == 1) { //do_action( 'bp_rbe_imap_no_match', $connection, $i, $headers, 'user_banned_from_group' ); return new WP_Error('user_banned_from_group', '', $data); } // override groups_get_current_group() with our cached group ID add_filter('groups_get_current_group', array($this, 'set_group_id')); // temporarily add some GES filters here add_filter('bp_ass_activity_notification_subject', 'wp_specialchars_decode'); add_filter('bp_ass_activity_notification_content', 'wp_specialchars_decode'); } /** TOPIC / FORUM PERMISSIONS ************************************/ // Allow member to pass default cap checks. // The reason why we keep the user_can() checks below is b/c bbPress // plugins may disable cap access for a specific user if they have hooked into // the 'bbp_map_meta_caps' filter. add_filter('bbp_map_meta_caps', array($this, 'map_forum_meta_caps'), 5, 4); // User cannot create topics if (!user_can($topic_author, 'publish_topics')) { //do_action( 'bp_rbe_imap_no_match', $connection, $i, $headers, 'bbp_topic_permissions' ); return new WP_Error('bbp_topic_permissions', '', $data); } // Forum is a category if (bbp_is_forum_category($forum_id)) { //do_action( 'bp_rbe_imap_no_match', $connection, $i, $headers, 'bbp_edit_topic_forum_category' ); //bbp_add_error( 'bbp_edit_topic_forum_category', __( '<strong>ERROR</strong>: This forum is a category. No topics can be created in this forum.', 'bbpress' ) ); return new WP_Error('bbp_edit_topic_forum_category', '', $data); // Forum is not a category } else { // Forum is closed and user cannot access if (bbp_is_forum_closed($forum_id) && !user_can($topic_author, 'edit_forum')) { //do_action( 'bp_rbe_imap_no_match', $connection, $i, $headers, 'bbp_edit_topic_forum_closed' ); //bbp_add_error( 'bbp_edit_topic_forum_closed', __( '<strong>ERROR</strong>: This forum has been closed to new topics.', 'bbpress' ) ); return new WP_Error('bbp_edit_topic_forum_closed', '', $data); } // Forum is private and user cannot access if (bbp_is_forum_private($forum_id)) { if (!user_can($topic_author, 'read_private_forums')) { //do_action( 'bp_rbe_imap_no_match', $connection, $i, $headers, 'bbp_edit_topic_forum_private' ); //bbp_add_error( 'bbp_edit_topic_forum_private', __( '<strong>ERROR</strong>: This forum is private and you do not have the capability to read or create new topics in it.', 'bbpress' ) ); return new WP_Error('bbp_edit_topic_forum_private', '', $data); } } // Forum is hidden and user cannot access if (bbp_is_forum_hidden($forum_id)) { if (!user_can($topic_author, 'read_hidden_forums')) { //do_action( 'bp_rbe_imap_no_match', $connection, $i, $headers, 'bbp_edit_topic_forum_hidden' ); //bbp_add_error( 'bbp_edit_topic_forum_hidden', __( '<strong>ERROR</strong>: This forum is hidden and you do not have the capability to read or create new topics in it.', 'bbpress' ) ); return new WP_Error('bbp_edit_topic_forum_hidden', '', $data); } } } /** UNFILTERED HTML **********************************************/ // Remove wp_filter_kses filters from title and content for capable users if (user_can($topic_author, 'unfiltered_html')) { remove_filter('bbp_new_topic_pre_title', 'wp_filter_kses'); remove_filter('bbp_new_topic_pre_content', 'wp_filter_kses'); } /** TOPIC DATA ***************************************************/ $topic_content = $data['content']; $topic_title = $data['subject']; bp_rbe_log('Message #' . $i . ': body contents - ' . $topic_content); bp_rbe_log('Subject - ' . $topic_title); if (empty($topic_content) || empty($topic_title)) { //do_action( 'bp_rbe_imap_no_match', $connection, $i, $headers, 'bbp_new_forum_topic_empty' ); return new WP_Error('bbp_new_forum_topic_empty', '', $data); } // Filter and sanitize $topic_title = apply_filters('bbp_new_topic_pre_title', $topic_title); $topic_content = apply_filters('bbp_new_topic_pre_content', $topic_content); /** Topic Tags ****************************************************/ /* TODO if ( bbp_allow_topic_tags() ) { // Escape tag input $terms = esc_attr( strip_tags( $_POST['bbp_topic_tags'] ) ); // Explode by comma if ( strstr( $terms, ',' ) ) { $terms = explode( ',', $terms ); } // Add topic tag ID as main key $terms = array( bbp_get_topic_tag_tax_id() => $terms ); } */ /** TOPIC MODERATION *********************************************/ // Post Flooding if (!bbp_check_for_flood($anonymous_data, $topic_author)) { //do_action( 'bp_rbe_imap_no_match', $connection, $i, $headers, 'bbp_topic_flood' ); //bbp_add_error( 'bbp_reply_flood', __( '<strong>ERROR</strong>: Slow down; you move too fast.', 'bbpress' ) ); return new WP_Error('bbp_topic_flood', '', $data); } // Topic Duplicate if (!bbp_check_for_duplicate(array('post_type' => bbp_get_topic_post_type(), 'post_author' => $topic_author, 'post_content' => $topic_content, 'anonymous_data' => $anonymous_data))) { //do_action( 'bp_rbe_imap_no_match', $connection, $i, $headers, 'bbp_topic_duplicate' ); return new WP_Error('bbp_topic_duplicate', '', $data); } // Topic Blacklist if (!bbp_check_for_blacklist($anonymous_data, $topic_author, $topic_title, $topic_content)) { //do_action( 'bp_rbe_imap_no_match', $connection, $i, $headers, 'bbp_topic_blacklist' ); return new WP_Error('bbp_topic_blacklist', '', $data); } // Topic Status // Maybe put into moderation if (!bbp_check_for_moderation($anonymous_data, $topic_author, $topic_title, $topic_content)) { $topic_status = bbp_get_pending_status_id(); // Default } else { $topic_status = bbp_get_public_status_id(); } /** POSTING TIME! ************************************************/ // bbP hook before save do_action('bbp_new_topic_pre_extras', $forum_id); // Setup reply data $topic_data = apply_filters('bbp_new_topic_pre_insert', array('post_author' => $topic_author, 'post_title' => $topic_title, 'post_content' => $topic_content, 'post_status' => $topic_status, 'post_parent' => $forum_id, 'post_type' => bbp_get_topic_post_type(), 'comment_status' => 'closed')); // Insert topic $topic_id = wp_insert_post($topic_data); // Topic posted! if (!is_wp_error($topic_id)) { // more internal logging bp_rbe_log('Message #' . $i . ': bbPress topic successfully posted!'); // Problem posting } else { //do_action( 'bp_rbe_imap_no_match', $connection, $i, $headers, 'bbp_topic_error' ); return new WP_Error('bbp_topic_error', '', $data); } /** AFTER POSTING ************************************************/ // stuff that needs to happen after a bbP topic is posted occurs here... bbP // should preferably do the following at the 'bbp_new_reply' hook, until then // do what bbP does inline. // Trash Check //////////////////////////////////////////////////// // If the forum is trash, or the topic_status is switched to // trash, trash it properly if (get_post_field('post_status', $forum_id) == bbp_get_trash_status_id() || $topic_data['post_status'] == bbp_get_trash_status_id()) { // Trash the reply wp_trash_post($topic_id); } // Spam Check ///////////////////////////////////////////////////// // If reply or topic are spam, officially spam this reply if ($topic_data['post_status'] == bbp_get_spam_status_id()) { add_post_meta($topic_id, '_bbp_spam_meta_status', bbp_get_public_status_id()); } // Reply By Email ///////////////////////////////////////////////// // Add a RBE marker to the post's meta // Could potentially show that post was made via email on the frontend add_post_meta($topic_id, 'bp_rbe', 1); /** POST HOOKS ***************************************************/ // RBE Custom Hooks /////////////////////////////////////////////// // change activity action add_filter('bbp_before_record_activity_parse_args', array($this, 'change_activity_action')); // add RBE's special activity hook add_action('bp_activity_after_save', array($this, 'activity_rbe_hook')); // bbPress Topic Hooks //////////////////////////////////////////// do_action('bbp_new_topic', $topic_id, $forum_id, $anonymous_data, $topic_author); do_action('bbp_new_topic_post_extras', $topic_id); return array('bbp_topic_id' => $topic_id); }