예제 #1
0
/**
 * Mark notifications as read when reading a topic
 *
 * @since 2.5.0 bbPress (r5155)
 *
 * @return If not trying to mark a notification as read
 */
function bbp_buddypress_mark_notifications($action = '')
{
    // Bail if no topic ID is passed
    if (empty($_GET['topic_id'])) {
        return;
    }
    // Bail if action is not for this function
    if ('bbp_mark_read' !== $action) {
        return;
    }
    // Get required data
    $user_id = bp_loggedin_user_id();
    $topic_id = intval($_GET['topic_id']);
    // Check nonce
    if (!bbp_verify_nonce_request('bbp_mark_topic_' . $topic_id)) {
        bbp_add_error('bbp_notification_topic_id', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress'));
        // Check current user's ability to edit the user
    } elseif (!current_user_can('edit_user', $user_id)) {
        bbp_add_error('bbp_notification_permissions', __('<strong>ERROR</strong>: You do not have permission to mark notifications for that user.', 'bbpress'));
    }
    // Bail if we have errors
    if (!bbp_has_errors()) {
        // Attempt to clear notifications for the current user from this topic
        $success = bp_notifications_mark_notifications_by_item_id($user_id, $topic_id, bbp_get_component_name(), 'bbp_new_reply');
        // Do additional subscriptions actions
        do_action('bbp_notifications_handler', $success, $user_id, $topic_id, $action);
    }
    // Redirect to the topic
    $redirect = bbp_get_reply_url($topic_id);
    // Redirect
    bbp_redirect($redirect);
}
예제 #2
0
/**
 * Handles the front end user editing
 *
 * @uses is_multisite() To check if it's a multisite
 * @uses bbp_is_user_home() To check if the user is at home (the display page
 *                           is the one of the logged in user)
 * @uses get_option() To get the displayed user's new email id option
 * @uses wpdb::prepare() To sanitize our sql query
 * @uses wpdb::get_var() To execute our query and get back the variable
 * @uses wpdb::query() To execute our query
 * @uses wp_update_user() To update the user
 * @uses delete_option() To delete the displayed user's email id option
 * @uses bbp_get_user_profile_edit_url() To get the edit profile url
 * @uses wp_safe_redirect() To redirect to the url
 * @uses bbp_verify_nonce_request() To verify the nonce and check the request
 * @uses current_user_can() To check if the current user can edit the user
 * @uses do_action() Calls 'personal_options_update' or
 *                   'edit_user_options_update' (based on if it's the user home)
 *                   with the displayed user id
 * @uses edit_user() To edit the user based on the post data
 * @uses get_userdata() To get the user data
 * @uses is_email() To check if the string is an email id or not
 * @uses wpdb::get_blog_prefix() To get the blog prefix
 * @uses is_network_admin() To check if the user is the network admin
 * @uses is_super_admin() To check if the user is super admin
 * @uses revoke_super_admin() To revoke super admin priviledges
 * @uses grant_super_admin() To grant super admin priviledges
 * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
 */
function bbp_edit_user_handler()
{
    // Bail if not a POST action
    if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) {
        return;
    }
    // Bail if action is not 'bbp-update-user'
    if (empty($_POST['action']) || 'bbp-update-user' !== $_POST['action']) {
        return;
    }
    // Get the displayed user ID
    $user_id = bbp_get_displayed_user_id();
    // Execute confirmed email change. See send_confirmation_on_profile_email().
    if (is_multisite() && bbp_is_user_home_edit() && isset($_GET['newuseremail'])) {
        $new_email = get_option($user_id . '_new_email');
        if ($new_email['hash'] == $_GET['newuseremail']) {
            $user = new stdClass();
            $user->ID = $user_id;
            $user->user_email = esc_html(trim($new_email['newemail']));
            global $wpdb;
            if ($wpdb->get_var($wpdb->prepare("SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", bbp_get_displayed_user_field('user_login')))) {
                $wpdb->query($wpdb->prepare("UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, bbp_get_displayed_user_field('user_login')));
            }
            wp_update_user(get_object_vars($user));
            delete_option($user_id . '_new_email');
            wp_safe_redirect(add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($user_id)));
            exit;
        }
        // Delete new email address from user options
    } elseif (is_multisite() && bbp_is_user_home_edit() && !empty($_GET['dismiss']) && $user_id . '_new_email' == $_GET['dismiss']) {
        delete_option($user_id . '_new_email');
        wp_safe_redirect(add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($user_id)));
        exit;
    }
    // Nonce check
    if (!bbp_verify_nonce_request('update-user_' . $user_id)) {
        bbp_add_error('bbp_update_user_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress'));
        return;
    }
    // Cap check
    if (!current_user_can('edit_user', $user_id)) {
        bbp_add_error('bbp_update_user_capability', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress'));
        return;
    }
    // Do action based on who's profile you're editing
    $edit_action = bbp_is_user_home_edit() ? 'personal_options_update' : 'edit_user_profile_update';
    do_action($edit_action, $user_id);
    // Handle user edit
    $edit_user = edit_user($user_id);
    // Error(s) editng the user, so copy them into the global
    if (is_wp_error($edit_user)) {
        bbpress()->errors = $edit_user;
        // Successful edit to redirect
    } elseif (is_integer($edit_user)) {
        // Maybe update super admin ability
        if (is_multisite() && !bbp_is_user_home_edit()) {
            empty($_POST['super_admin']) ? revoke_super_admin($edit_user) : grant_super_admin($edit_user);
        }
        $redirect = add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($edit_user));
        wp_safe_redirect($redirect);
        exit;
    }
}
예제 #3
0
/**
 * Filter anonymous post data
 *
 * We use REMOTE_ADDR here directly. If you are behind a proxy, you should
 * ensure that it is properly set, such as in wp-config.php, for your
 * environment. See {@link https://core.trac.wordpress.org/ticket/9235}
 *
 * Note that bbp_pre_anonymous_filters() is responsible for sanitizing each
 * of the filtered core anonymous values here.
 *
 * If there are any errors, those are directly added to {@link bbPress:errors}
 *
 * @since 2.0.0 bbPress (r2734)
 *
 * @param array $args Optional. If no args are there, then $_POST values are
 *                     used.
 * @uses apply_filters() Calls 'bbp_pre_anonymous_post_author_name' with the
 *                        anonymous user name
 * @uses apply_filters() Calls 'bbp_pre_anonymous_post_author_email' with the
 *                        anonymous user email
 * @uses apply_filters() Calls 'bbp_pre_anonymous_post_author_website' with the
 *                        anonymous user website
 * @return bool|array False on errors, values in an array on success
 */
function bbp_filter_anonymous_post_data($args = array())
{
    // Parse arguments against default values
    $r = bbp_parse_args($args, array('bbp_anonymous_name' => !empty($_POST['bbp_anonymous_name']) ? $_POST['bbp_anonymous_name'] : false, 'bbp_anonymous_email' => !empty($_POST['bbp_anonymous_email']) ? $_POST['bbp_anonymous_email'] : false, 'bbp_anonymous_website' => !empty($_POST['bbp_anonymous_website']) ? $_POST['bbp_anonymous_website'] : false), 'filter_anonymous_post_data');
    // Filter variables and add errors if necessary
    $r['bbp_anonymous_name'] = apply_filters('bbp_pre_anonymous_post_author_name', $r['bbp_anonymous_name']);
    if (empty($r['bbp_anonymous_name'])) {
        bbp_add_error('bbp_anonymous_name', __('<strong>ERROR</strong>: Invalid author name.', 'bbpress'));
    }
    $r['bbp_anonymous_email'] = apply_filters('bbp_pre_anonymous_post_author_email', $r['bbp_anonymous_email']);
    if (empty($r['bbp_anonymous_email'])) {
        bbp_add_error('bbp_anonymous_email', __('<strong>ERROR</strong>: Invalid email address.', 'bbpress'));
    }
    // Website is optional
    $r['bbp_anonymous_website'] = apply_filters('bbp_pre_anonymous_post_author_website', $r['bbp_anonymous_website']);
    // Return false if we have any errors
    $retval = bbp_has_errors() ? false : $r;
    // Finally, return sanitized data or false
    return apply_filters('bbp_filter_anonymous_post_data', $retval, $r);
}
/**
 * Handles the front end spamming/unspamming and trashing/untrashing/deleting of
 * replies
 *
 * @since bbPress (r2740)
 *
 * @param string $action The requested action to compare this function to
 * @uses bbp_get_reply() To get the reply
 * @uses current_user_can() To check if the user is capable of editing or
 *                           deleting the reply
 * @uses check_ajax_referer() To verify the nonce and check the referer
 * @uses bbp_get_reply_post_type() To get the reply post type
 * @uses bbp_is_reply_spam() To check if the reply is marked as spam
 * @uses bbp_spam_reply() To make the reply as spam
 * @uses bbp_unspam_reply() To unmark the reply as spam
 * @uses wp_trash_post() To trash the reply
 * @uses wp_untrash_post() To untrash the reply
 * @uses wp_delete_post() To delete the reply
 * @uses do_action() Calls 'bbp_toggle_reply_handler' with success, post data
 *                    and action
 * @uses bbp_get_reply_url() To get the reply url
 * @uses wp_safe_redirect() To redirect to the reply
 * @uses bbPress::errors:add() To log the error messages
 */
function bbp_toggle_reply_handler($action = '')
{
    // Bail if required GET actions aren't passed
    if (empty($_GET['reply_id'])) {
        return;
    }
    // Setup possible get actions
    $possible_actions = array('bbp_toggle_reply_spam', 'bbp_toggle_reply_trash');
    // Bail if actions aren't meant for this function
    if (!in_array($action, $possible_actions)) {
        return;
    }
    $failure = '';
    // Empty failure string
    $view_all = false;
    // Assume not viewing all
    $reply_id = (int) $_GET['reply_id'];
    // What's the reply id?
    $success = false;
    // Flag
    $post_data = array('ID' => $reply_id);
    // Prelim array
    // Make sure reply exists
    $reply = bbp_get_reply($reply_id);
    if (empty($reply)) {
        return;
    }
    // What is the user doing here?
    if (!current_user_can('edit_reply', $reply->ID) || 'bbp_toggle_reply_trash' === $action && !current_user_can('delete_reply', $reply->ID)) {
        bbp_add_error('bbp_toggle_reply_permission', __('<strong>ERROR:</strong> You do not have the permission to do that!', 'bbpress'));
        return;
    }
    // What action are we trying to perform?
    switch ($action) {
        // Toggle spam
        case 'bbp_toggle_reply_spam':
            check_ajax_referer('spam-reply_' . $reply_id);
            $is_spam = bbp_is_reply_spam($reply_id);
            $success = $is_spam ? bbp_unspam_reply($reply_id) : bbp_spam_reply($reply_id);
            $failure = $is_spam ? __('<strong>ERROR</strong>: There was a problem unmarking the reply as spam!', 'bbpress') : __('<strong>ERROR</strong>: There was a problem marking the reply as spam!', 'bbpress');
            $view_all = !$is_spam;
            break;
            // Toggle trash
        // Toggle trash
        case 'bbp_toggle_reply_trash':
            $sub_action = in_array($_GET['sub_action'], array('trash', 'untrash', 'delete')) ? $_GET['sub_action'] : false;
            if (empty($sub_action)) {
                break;
            }
            switch ($sub_action) {
                case 'trash':
                    check_ajax_referer('trash-' . bbp_get_reply_post_type() . '_' . $reply_id);
                    $view_all = true;
                    $success = wp_trash_post($reply_id);
                    $failure = __('<strong>ERROR</strong>: There was a problem trashing the reply!', 'bbpress');
                    break;
                case 'untrash':
                    check_ajax_referer('untrash-' . bbp_get_reply_post_type() . '_' . $reply_id);
                    $success = wp_untrash_post($reply_id);
                    $failure = __('<strong>ERROR</strong>: There was a problem untrashing the reply!', 'bbpress');
                    break;
                case 'delete':
                    check_ajax_referer('delete-' . bbp_get_reply_post_type() . '_' . $reply_id);
                    $success = wp_delete_post($reply_id);
                    $failure = __('<strong>ERROR</strong>: There was a problem deleting the reply!', 'bbpress');
                    break;
            }
            break;
    }
    // Do additional reply toggle actions
    do_action('bbp_toggle_reply_handler', $success, $post_data, $action);
    // No errors
    if (false !== $success && !is_wp_error($success)) {
        /** Redirect **********************************************************/
        // Redirect to
        $redirect_to = bbp_get_redirect_to();
        // Get the reply URL
        $reply_url = bbp_get_reply_url($reply_id, $redirect_to);
        // Add view all if needed
        if (!empty($view_all)) {
            $reply_url = bbp_add_view_all($reply_url, true);
        }
        // Redirect back to reply
        wp_safe_redirect($reply_url);
        // For good measure
        exit;
        // Handle errors
    } else {
        bbp_add_error('bbp_toggle_reply', $failure);
    }
}
 /**
  * bbP recaptcha Check
  *
  * @return void
  */
 function recaptcha_check()
 {
     if (!WP_reCaptcha::instance()->recaptcha_check()) {
         bbp_add_error('bbp-recaptcha-error', __('<strong>Error:</strong> the Captcha didn’t verify.', 'wp-recaptcha-integration'), 'error');
     }
 }
예제 #6
0
/**
 * Handle the login and registration template notices
 *
 * @since 2.0.0 bbPress (r2970)
 *
 * @uses WP_Error bbPress::errors::add() To add an error or message
 */
function bbp_login_notices()
{
    // loggedout was passed
    if (!empty($_GET['loggedout']) && true === $_GET['loggedout']) {
        bbp_add_error('loggedout', __('You are now logged out.', 'bbpress'), 'message');
        // registration is disabled
    } elseif (!empty($_GET['registration']) && 'disabled' === $_GET['registration']) {
        bbp_add_error('registerdisabled', __('New user registration is currently not allowed.', 'bbpress'));
        // Prompt user to check their email
    } elseif (!empty($_GET['checkemail']) && in_array($_GET['checkemail'], array('confirm', 'newpass', 'registered'))) {
        switch ($_GET['checkemail']) {
            // Email needs confirmation
            case 'confirm':
                bbp_add_error('confirm', __('Check your e-mail for the confirmation link.', 'bbpress'), 'message');
                break;
                // User requested a new password
            // User requested a new password
            case 'newpass':
                bbp_add_error('newpass', __('Check your e-mail for your new password.', 'bbpress'), 'message');
                break;
                // User is newly registered
            // User is newly registered
            case 'registered':
                bbp_add_error('registered', __('Registration complete. Please check your e-mail.', 'bbpress'), 'message');
                break;
        }
    }
}
예제 #7
0
 /**
  * Save the Group Forum data on create
  *
  * @since bbPress (r3465)
  */
 public function create_screen_save($group_id = 0)
 {
     // Nonce check
     if (!bbp_verify_nonce_request('groups_create_save_' . $this->slug)) {
         bbp_add_error('bbp_create_group_forum_screen_save', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress'));
         return;
     }
     // Check for possibly empty group_id
     if (empty($group_id)) {
         $group_id = bp_get_new_group_id();
     }
     $create_forum = !empty($_POST['bbp-create-group-forum']) ? true : false;
     $forum_id = 0;
     $forum_ids = bbp_get_group_forum_ids($group_id);
     if (!empty($forum_ids)) {
         $forum_id = (int) is_array($forum_ids) ? $forum_ids[0] : $forum_ids;
     }
     // Create a forum, or not
     switch ($create_forum) {
         case true:
             // Bail if initial content was already created
             if (!empty($forum_id)) {
                 return;
             }
             // Set the default forum status
             switch (bp_get_new_group_status()) {
                 case 'hidden':
                     $status = bbp_get_hidden_status_id();
                     break;
                 case 'private':
                     $status = bbp_get_private_status_id();
                     break;
                 case 'public':
                 default:
                     $status = bbp_get_public_status_id();
                     break;
             }
             // Create the initial forum
             $forum_id = bbp_insert_forum(array('post_parent' => bbp_get_group_forums_root_id(), 'post_title' => bp_get_new_group_name(), 'post_content' => bp_get_new_group_description(), 'post_status' => $status));
             // Run the BP-specific functions for new groups
             $this->new_forum(array('forum_id' => $forum_id));
             // Update forum active
             groups_update_groupmeta(bp_get_new_group_id(), '_bbp_forum_enabled_' . $forum_id, true);
             // Toggle forum on
             $this->toggle_group_forum(bp_get_new_group_id(), true);
             break;
         case false:
             // Forum was created but is now being undone
             if (!empty($forum_id)) {
                 // Delete the forum
                 wp_delete_post($forum_id, true);
                 // Delete meta values
                 groups_delete_groupmeta(bp_get_new_group_id(), 'forum_id');
                 groups_delete_groupmeta(bp_get_new_group_id(), '_bbp_forum_enabled_' . $forum_id);
                 // Toggle forum off
                 $this->toggle_group_forum(bp_get_new_group_id(), false);
             }
             break;
     }
 }
예제 #8
0
/**
 * Displays topic notices
 *
 * @since 2.0.0 bbPress (r2744)
 *
 * @uses bbp_is_single_topic() To check if it's a topic page
 * @uses bbp_get_topic_status() To get the topic status
 * @uses bbp_get_topic_id() To get the topic id
 * @uses apply_filters() Calls 'bbp_topic_notices' with the notice text, topic
 *                        status and topic id
 * @uses bbp_add_error() To add an error message
 */
function bbp_topic_notices()
{
    // Bail if not viewing a topic
    if (!bbp_is_single_topic()) {
        return;
    }
    // Get the topic_status
    $topic_status = bbp_get_topic_status();
    // Get the topic status
    switch ($topic_status) {
        // Spam notice
        case bbp_get_spam_status_id():
            $notice_text = __('This topic is marked as spam.', 'bbpress');
            break;
            // Trashed notice
        // Trashed notice
        case bbp_get_trash_status_id():
            $notice_text = __('This topic is in the trash.', 'bbpress');
            break;
            // Standard status
        // Standard status
        default:
            $notice_text = '';
            break;
    }
    // Filter notice text and bail if empty
    $notice_text = apply_filters('bbp_topic_notices', $notice_text, $topic_status, bbp_get_topic_id());
    if (empty($notice_text)) {
        return;
    }
    bbp_add_error('topic_notice', $notice_text, 'message');
}
예제 #9
0
 /**
  * Validates bbpress topics and replies
  */
 public function check_bbpress_captcha()
 {
     if (isset($_POST['mc-value']) && $_POST['mc-value'] !== '') {
         if (Math_Captcha()->cookie_session->session_ids['default'] !== '' && get_transient('bbp_' . Math_Captcha()->cookie_session->session_ids['default']) !== false) {
             if (strcmp(get_transient('bbp_' . Math_Captcha()->cookie_session->session_ids['default']), sha1(AUTH_KEY . $_POST['mc-value'] . Math_Captcha()->cookie_session->session_ids['default'], false)) !== 0) {
                 bbp_add_error('math-captcha-wrong', $this->error_messages['wrong']);
             }
         } else {
             bbp_add_error('math-captcha-wrong', $this->error_messages['time']);
         }
     } else {
         bbp_add_error('math-captcha-wrong', $this->error_messages['fill']);
     }
 }
예제 #10
0
/**
 * Handles the front end opening/closing, spamming/unspamming,
 * sticking/unsticking and trashing/untrashing/deleting of topics
 *
 * @since 2.0.0 bbPress (r2727)
 *
 * @param string $action The requested action to compare this function to
 * @uses bbp_get_topic() To get the topic
 * @uses current_user_can() To check if the user is capable of editing or
 *                           deleting the topic
 * @uses bbp_get_topic_post_type() To get the topic post type
 * @uses check_ajax_referer() To verify the nonce and check the referer
 * @uses bbp_is_topic_open() To check if the topic is open
 * @uses bbp_close_topic() To close the topic
 * @uses bbp_open_topic() To open the topic
 * @uses bbp_is_topic_sticky() To check if the topic is a sticky
 * @uses bbp_unstick_topic() To unstick the topic
 * @uses bbp_stick_topic() To stick the topic
 * @uses bbp_is_topic_spam() To check if the topic is marked as spam
 * @uses bbp_spam_topic() To make the topic as spam
 * @uses bbp_unspam_topic() To unmark the topic as spam
 * @uses wp_trash_post() To trash the topic
 * @uses wp_untrash_post() To untrash the topic
 * @uses wp_delete_post() To delete the topic
 * @uses do_action() Calls 'bbp_toggle_topic_handler' with success, post data
 *                    and action
 * @uses bbp_get_forum_permalink() To get the forum link
 * @uses bbp_get_topic_permalink() To get the topic link
 * @uses bbp_redirect() To redirect to the topic
 * @uses bbPress::errors:add() To log the error messages
 */
function bbp_toggle_topic_handler($action = '')
{
    // Bail if required GET actions aren't passed
    if (empty($_GET['topic_id'])) {
        return;
    }
    // What's the topic id?
    $topic_id = bbp_get_topic_id((int) $_GET['topic_id']);
    // Get possible topic-handler toggles
    $toggles = bbp_get_topic_toggles($topic_id);
    // Bail if actions aren't meant for this function
    if (!in_array($action, $toggles, true)) {
        return;
    }
    // Make sure topic exists
    $topic = bbp_get_topic($topic_id);
    if (empty($topic)) {
        bbp_add_error('bbp_toggle_topic_missing', __('<strong>ERROR:</strong> This topic could not be found or no longer exists.', 'bbpress'));
        return;
    }
    // What is the user doing here?
    if (!current_user_can('edit_topic', $topic_id) || 'bbp_toggle_topic_trash' === $action && !current_user_can('delete_topic', $topic_id)) {
        bbp_add_error('bbp_toggle_topic_permission', __('<strong>ERROR:</strong> You do not have permission to do that.', 'bbpress'));
        return;
    }
    // Sub-action?
    $sub_action = !empty($_GET['sub_action']) ? sanitize_key($_GET['sub_action']) : false;
    // Preliminary array
    $post_data = array('ID' => $topic_id);
    // Do the topic toggling
    $retval = bbp_toggle_topic(array('id' => $topic_id, 'action' => $action, 'sub_action' => $sub_action, 'data' => $post_data));
    // Do additional topic toggle actions
    do_action('bbp_toggle_topic_handler', $retval['status'], $post_data, $action);
    // No errors
    if (false !== $retval['status'] && !is_wp_error($retval['status'])) {
        bbp_redirect($retval['redirect_to']);
        // Handle errors
    } else {
        bbp_add_error('bbp_toggle_topic', $retval['message']);
    }
}
예제 #11
0
 /**
  * Block certain recurring spam topics
  * @version 2.0
  */
 function block_spam($topic_title)
 {
     // Set up an array of banned words
     $illegals = array('vashikaran', 'baba ji', 'love problem', 'marriage problem', '+91', '+91', '+O99', '91-85', '91-99', '919914');
     // Get the all-lowercase title
     $spam_title = strtolower($topic_title);
     // Check for any of the illegals in the title
     foreach ($illegals as $illegal) {
         if (strpos($spam_title, $illegal) !== false) {
             // If the topic matches as spam, let's ban the user
             $user = new WP_User(get_current_user_id());
             $user->set_role('banned');
             // Send an email letting me know
             $headers = "From: Foundry Discipline Bot <*****@*****.**>\r\n";
             $headers .= "Content-Type: text/html; charset=UTF-8";
             $subject = 'User ' . $user->user_login . ' banned for spamming.';
             $body = 'The user ' . bp_core_get_userlink($user->ID) . ' was banned for attempting to post the topic: "' . $topic_title . '".';
             wp_mail('*****@*****.**', $subject, $body, $headers);
             // Trigger an error, preventing the topic from posting
             bbp_add_error('apoc_topic_spam', '<strong>ERROR</strong>: Die, filthy spammer!');
             // Log the user out
             wp_logout();
             break;
         }
     }
     // Otherwise go ahead!
     return $topic_title;
 }
예제 #12
0
/**
 * Filter anonymous post data
 *
 * We use REMOTE_ADDR here directly. If you are behind a proxy, you should
 * ensure that it is properly set, such as in wp-config.php, for your
 * environment. See {@link http://core.trac.wordpress.org/ticket/9235}
 *
 * Note that bbp_pre_anonymous_filters() is responsible for sanitizing each
 * of the filtered core anonymous values here.
 *
 * If there are any errors, those are directly added to {@link bbPress:errors}
 *
 * @since bbPress (r2734)
 *
 * @param mixed $args Optional. If no args are there, then $_POST values are
 *                     used.
 * @uses apply_filters() Calls 'bbp_pre_anonymous_post_author_name' with the
 *                        anonymous user name
 * @uses apply_filters() Calls 'bbp_pre_anonymous_post_author_email' with the
 *                        anonymous user email
 * @uses apply_filters() Calls 'bbp_pre_anonymous_post_author_website' with the
 *                        anonymous user website
 * @return bool|array False on errors, values in an array on success
 */
function bbp_filter_anonymous_post_data($args = '')
{
    // Assign variables
    $defaults = array('bbp_anonymous_name' => !empty($_POST['bbp_anonymous_name']) ? $_POST['bbp_anonymous_name'] : false, 'bbp_anonymous_email' => !empty($_POST['bbp_anonymous_email']) ? $_POST['bbp_anonymous_email'] : false, 'bbp_anonymous_website' => !empty($_POST['bbp_anonymous_website']) ? $_POST['bbp_anonymous_website'] : false);
    $r = bbp_parse_args($args, $defaults, 'filter_anonymous_post_data');
    extract($r);
    // Filter variables and add errors if necessary
    $bbp_anonymous_name = apply_filters('bbp_pre_anonymous_post_author_name', $bbp_anonymous_name);
    if (empty($bbp_anonymous_name)) {
        bbp_add_error('bbp_anonymous_name', __('<strong>ERROR</strong>: Invalid author name submitted!', 'bbpress'));
    }
    $bbp_anonymous_email = apply_filters('bbp_pre_anonymous_post_author_email', $bbp_anonymous_email);
    if (empty($bbp_anonymous_email)) {
        bbp_add_error('bbp_anonymous_email', __('<strong>ERROR</strong>: Invalid email address submitted!', 'bbpress'));
    }
    // Website is optional
    $bbp_anonymous_website = apply_filters('bbp_pre_anonymous_post_author_website', $bbp_anonymous_website);
    if (!bbp_has_errors()) {
        $retval = compact('bbp_anonymous_name', 'bbp_anonymous_email', 'bbp_anonymous_website');
    } else {
        $retval = false;
    }
    // Finally, return sanitized data or false
    return apply_filters('bbp_filter_anonymous_post_data', $retval, $args);
}
예제 #13
0
/**
 * Sends an email when an email address change occurs on POST requests
 *
 * @since 2.6.0 bbPress (r5660)
 *
 * @see send_confirmation_on_profile_email()
 *
 * @uses bbp_parse_args()                To parse the option arguments
 * @uses bbp_add_error()                 To provide feedback to user
 * @uses bbp_get_displayed_user_field()  To get the user_login
 * @uses bbp_get_user_profile_edit_url() To get the user profile edit link
 * @uses add_query_arg()                 To add arguments the link
 * @uses wp_mail()                       To send the notification
 */
function bbp_edit_user_email_send_notification($user_id = 0, $args = array())
{
    // Parse args
    $r = bbp_parse_args($args, array('hash' => '', 'newemail' => ''));
    // Bail if any relevant parameters are empty
    if (empty($user_id) || empty($r['hash']) || empty($r['newemail'])) {
        bbp_add_error('bbp_user_email_invalid_hash', __('<strong>ERROR</strong>: An error occurred while updating your email address.', 'bbpress'), array('form-field' => 'email'));
        return;
    }
    // Build the nonced URL to dismiss the pending change
    $user_login = bbp_get_displayed_user_field('user_login', 'raw');
    $user_url = bbp_get_user_profile_edit_url($user_id);
    $confirm_url = add_query_arg(array('action' => 'bbp-update-user-email', 'newuseremail' => $r['hash']), $user_url);
    $email_text = __('%1$s

Someone requested a change to the email address on your account.

Please click the following link to confirm this change:
%2$s

If you did not request this, you can safely ignore and delete this notification.

This email was sent to: %3$s

Regards,
The %4$s Team
%5$s', 'bbpress');
    /**
     * Filter the email text sent when a user changes emails.
     *
     * The following strings have a special meaning and will get replaced dynamically:
     *
     * %1$s - The current user's username
     * %2$s - The link to click on to confirm the email change
     * %3$s - The new email
     * %4$s - The name of the site
     * %5$s - The URL to the site
     *
     * @param string $email_text Text in the email.
     * @param string $r          New user email that the current user has changed to.
     */
    $content = apply_filters('bbp_user_email_update_content', $email_text, $r);
    // Build the email message
    $message = sprintf($content, $user_login, $confirm_url, $r['newemail'], get_site_option('site_name'), network_home_url());
    // Build the email subject
    $subject = sprintf(__('[%s] New Email Address', 'bbpress'), wp_specialchars_decode(get_option('blogname')));
    // Send the email
    wp_mail($r['newemail'], $subject, $message);
}
예제 #14
0
/**
 * Handles the front end edit forum submission
 *
 * @param string $action The requested action to compare this function to
 * @uses bbPress:errors::add() To log various error messages
 * @uses bbp_get_forum() To get the forum
 * @uses bbp_verify_nonce_request() To verify the nonce and check the request
 * @uses bbp_is_forum_anonymous() To check if forum is by an anonymous user
 * @uses current_user_can() To check if the current user can edit the forum
 * @uses bbp_filter_anonymous_post_data() To filter anonymous data
 * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
 * @uses esc_attr() For sanitization
 * @uses bbp_is_forum_category() To check if the forum is a category
 * @uses bbp_is_forum_closed() To check if the forum is closed
 * @uses bbp_is_forum_private() To check if the forum is private
 * @uses remove_filter() To remove kses filters if needed
 * @uses apply_filters() Calls 'bbp_edit_forum_pre_title' with the title and
 *                        forum id
 * @uses apply_filters() Calls 'bbp_edit_forum_pre_content' with the content
 *                        and forum id
 * @uses bbPress::errors::get_error_codes() To get the {@link WP_Error} errors
 * @uses wp_save_post_revision() To save a forum revision
 * @uses bbp_update_forum_revision_log() To update the forum revision log
 * @uses wp_update_post() To update the forum
 * @uses do_action() Calls 'bbp_edit_forum' with the forum id, forum id,
 *                    anonymous data and reply author
 * @uses bbp_move_forum_handler() To handle movement of a forum from one forum
 *                                 to another
 * @uses bbp_get_forum_permalink() To get the forum permalink
 * @uses wp_safe_redirect() To redirect to the forum link
 * @uses bbPress::errors::get_error_messages() To get the {@link WP_Error} error
 *                                              messages
 */
function bbp_edit_forum_handler($action = '')
{
    // Bail if action is not bbp-edit-forum
    if ('bbp-edit-forum' !== $action) {
        return;
    }
    // Define local variable(s)
    $anonymous_data = array();
    $forum = $forum_id = $forum_parent_id = 0;
    $forum_title = $forum_content = $forum_edit_reason = '';
    /** Forum *****************************************************************/
    // Forum id was not passed
    if (empty($_POST['bbp_forum_id'])) {
        bbp_add_error('bbp_edit_forum_id', __('<strong>ERROR</strong>: Forum ID not found.', 'bbpress'));
        return;
        // Forum id was passed
    } elseif (is_numeric($_POST['bbp_forum_id'])) {
        $forum_id = (int) $_POST['bbp_forum_id'];
        $forum = bbp_get_forum($forum_id);
    }
    // Nonce check
    if (!bbp_verify_nonce_request('bbp-edit-forum_' . $forum_id)) {
        bbp_add_error('bbp_edit_forum_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress'));
        return;
        // Forum does not exist
    } elseif (empty($forum)) {
        bbp_add_error('bbp_edit_forum_not_found', __('<strong>ERROR</strong>: The forum you want to edit was not found.', 'bbpress'));
        return;
        // User cannot edit this forum
    } elseif (!current_user_can('edit_forum', $forum_id)) {
        bbp_add_error('bbp_edit_forum_permissions', __('<strong>ERROR</strong>: You do not have permission to edit that forum.', 'bbpress'));
        return;
    }
    // Remove kses filters from title and content for capable users and if the nonce is verified
    if (current_user_can('unfiltered_html') && !empty($_POST['_bbp_unfiltered_html_forum']) && wp_create_nonce('bbp-unfiltered-html-forum_' . $forum_id) === $_POST['_bbp_unfiltered_html_forum']) {
        remove_filter('bbp_edit_forum_pre_title', 'wp_filter_kses');
        remove_filter('bbp_edit_forum_pre_content', 'bbp_encode_bad', 10);
        remove_filter('bbp_edit_forum_pre_content', 'bbp_filter_kses', 30);
    }
    /** Forum Parent ***********************************************************/
    // Forum parent id was passed
    if (!empty($_POST['bbp_forum_parent_id'])) {
        $forum_parent_id = bbp_get_forum_id($_POST['bbp_forum_parent_id']);
    }
    // Current forum this forum is in
    $current_parent_forum_id = bbp_get_forum_parent_id($forum_id);
    // Forum exists
    if (!empty($forum_parent_id) && $forum_parent_id !== $current_parent_forum_id) {
        // Forum is closed and user cannot access
        if (bbp_is_forum_closed($forum_parent_id) && !current_user_can('edit_forum', $forum_parent_id)) {
            bbp_add_error('bbp_edit_forum_forum_closed', __('<strong>ERROR</strong>: This forum has been closed to new forums.', 'bbpress'));
        }
        // Forum is private and user cannot access
        if (bbp_is_forum_private($forum_parent_id) && !current_user_can('read_private_forums')) {
            bbp_add_error('bbp_edit_forum_forum_private', __('<strong>ERROR</strong>: This forum is private and you do not have the capability to read or create new forums in it.', 'bbpress'));
        }
        // Forum is hidden and user cannot access
        if (bbp_is_forum_hidden($forum_parent_id) && !current_user_can('read_hidden_forums')) {
            bbp_add_error('bbp_edit_forum_forum_hidden', __('<strong>ERROR</strong>: This forum is hidden and you do not have the capability to read or create new forums in it.', 'bbpress'));
        }
    }
    /** Forum Title ***********************************************************/
    if (!empty($_POST['bbp_forum_title'])) {
        $forum_title = esc_attr(strip_tags($_POST['bbp_forum_title']));
    }
    // Filter and sanitize
    $forum_title = apply_filters('bbp_edit_forum_pre_title', $forum_title, $forum_id);
    // No forum title
    if (empty($forum_title)) {
        bbp_add_error('bbp_edit_forum_title', __('<strong>ERROR</strong>: Your forum needs a title.', 'bbpress'));
    }
    /** Forum Content *********************************************************/
    if (!empty($_POST['bbp_forum_content'])) {
        $forum_content = $_POST['bbp_forum_content'];
    }
    // Filter and sanitize
    $forum_content = apply_filters('bbp_edit_forum_pre_content', $forum_content, $forum_id);
    // No forum content
    if (empty($forum_content)) {
        bbp_add_error('bbp_edit_forum_content', __('<strong>ERROR</strong>: Your forum description cannot be empty.', 'bbpress'));
    }
    /** Forum Blacklist *******************************************************/
    if (!bbp_check_for_blacklist($anonymous_data, bbp_get_forum_author_id($forum_id), $forum_title, $forum_content)) {
        bbp_add_error('bbp_forum_blacklist', __('<strong>ERROR</strong>: Your forum cannot be edited at this time.', 'bbpress'));
    }
    /** Forum Moderation ******************************************************/
    $post_status = bbp_get_public_status_id();
    if (!bbp_check_for_moderation($anonymous_data, bbp_get_forum_author_id($forum_id), $forum_title, $forum_content)) {
        $post_status = bbp_get_pending_status_id();
    }
    /** Additional Actions (Before Save) **************************************/
    do_action('bbp_edit_forum_pre_extras', $forum_id);
    // Bail if errors
    if (bbp_has_errors()) {
        return;
    }
    /** No Errors *************************************************************/
    // Add the content of the form to $forum_data as an array
    // Just in time manipulation of forum data before being edited
    $forum_data = apply_filters('bbp_edit_forum_pre_insert', array('ID' => $forum_id, 'post_title' => $forum_title, 'post_content' => $forum_content, 'post_status' => $post_status, 'post_parent' => $forum_parent_id));
    // Insert forum
    $forum_id = wp_update_post($forum_data);
    /** Revisions *************************************************************/
    /**
    * @todo omitted for 2.1
    	// Revision Reason
    	if ( !empty( $_POST['bbp_forum_edit_reason'] ) )
    		$forum_edit_reason = esc_attr( strip_tags( $_POST['bbp_forum_edit_reason'] ) );
    
    	// Update revision log
    	if ( !empty( $_POST['bbp_log_forum_edit'] ) && ( "1" === $_POST['bbp_log_forum_edit'] ) && ( $revision_id = wp_save_post_revision( $forum_id ) ) ) {
    		bbp_update_forum_revision_log( array(
    			'forum_id'    => $forum_id,
    			'revision_id' => $revision_id,
    			'author_id'   => bbp_get_current_user_id(),
    			'reason'      => $forum_edit_reason
    		) );
    	}
    */
    /** No Errors *************************************************************/
    if (!empty($forum_id) && !is_wp_error($forum_id)) {
        // Update counts, etc...
        do_action('bbp_edit_forum', array('forum_id' => $forum_id, 'post_parent' => $forum_parent_id, 'forum_author' => $forum->post_author, 'last_topic_id' => 0, 'last_reply_id' => 0, 'last_active_id' => 0, 'last_active_time' => 0, 'last_active_status' => bbp_get_public_status_id()));
        // If the new forum parent id is not equal to the old forum parent
        // id, run the bbp_move_forum action and pass the forum's parent id
        // as the first arg and new forum parent id as the second.
        // @todo implement
        //if ( $forum_id !== $forum->post_parent )
        //	bbp_move_forum_handler( $forum_parent_id, $forum->post_parent, $forum_id );
        /** Additional Actions (After Save) ***********************************/
        do_action('bbp_edit_forum_post_extras', $forum_id);
        /** Redirect **********************************************************/
        // Redirect to
        $redirect_to = bbp_get_redirect_to();
        // View all?
        $view_all = bbp_get_view_all();
        // Get the forum URL
        $forum_url = bbp_get_forum_permalink($forum_id, $redirect_to);
        // Add view all?
        if (!empty($view_all)) {
            $forum_url = bbp_add_view_all($forum_url);
        }
        // Allow to be filtered
        $forum_url = apply_filters('bbp_edit_forum_redirect_to', $forum_url, $view_all, $redirect_to);
        /** Successful Edit ***************************************************/
        // Redirect back to new forum
        wp_safe_redirect($forum_url);
        // For good measure
        exit;
        /** Errors ****************************************************************/
    } else {
        $append_error = is_wp_error($forum_id) && $forum_id->get_error_message() ? $forum_id->get_error_message() . ' ' : '';
        bbp_add_error('bbp_forum_error', __('<strong>ERROR</strong>: The following problem(s) have been found with your forum:' . $append_error . 'Please try again.', 'bbpress'));
    }
}
예제 #15
0
/**
 * Handles the front end user editing
 *
 * @uses is_multisite() To check if it's a multisite
 * @uses bbp_is_user_home() To check if the user is at home (the display page
 *                           is the one of the logged in user)
 * @uses get_option() To get the displayed user's new email id option
 * @uses wpdb::prepare() To sanitize our sql query
 * @uses wpdb::get_var() To execute our query and get back the variable
 * @uses wpdb::query() To execute our query
 * @uses wp_update_user() To update the user
 * @uses delete_option() To delete the displayed user's email id option
 * @uses bbp_get_user_profile_edit_url() To get the edit profile url
 * @uses wp_safe_redirect() To redirect to the url
 * @uses bbp_verify_nonce_request() To verify the nonce and check the request
 * @uses current_user_can() To check if the current user can edit the user
 * @uses do_action() Calls 'personal_options_update' or
 *                   'edit_user_options_update' (based on if it's the user home)
 *                   with the displayed user id
 * @uses edit_user() To edit the user based on the post data
 * @uses get_userdata() To get the user data
 * @uses is_email() To check if the string is an email id or not
 * @uses wpdb::get_blog_prefix() To get the blog prefix
 * @uses is_network_admin() To check if the user is the network admin
 * @uses is_super_admin() To check if the user is super admin
 * @uses revoke_super_admin() To revoke super admin priviledges
 * @uses grant_super_admin() To grant super admin priviledges
 * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error}
 */
function bbp_edit_user_handler()
{
    // Bail if not a POST action
    if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) {
        return;
    }
    // Bail if action is not 'bbp-update-user'
    if (empty($_POST['action']) || 'bbp-update-user' !== $_POST['action']) {
        return;
    }
    // Get the displayed user ID
    $user_id = bbp_get_displayed_user_id();
    global $wpdb, $user_login, $super_admins;
    // Execute confirmed email change. See send_confirmation_on_profile_email().
    if (is_multisite() && bbp_is_user_home_edit() && isset($_GET['newuseremail'])) {
        $new_email = get_option($user_id . '_new_email');
        if ($new_email['hash'] == $_GET['newuseremail']) {
            $user = new stdClass();
            $user->ID = $user_id;
            $user->user_email = esc_html(trim($new_email['newemail']));
            if ($wpdb->get_var($wpdb->prepare("SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", bbp_get_displayed_user_field('user_login')))) {
                $wpdb->query($wpdb->prepare("UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, bbp_get_displayed_user_field('user_login')));
            }
            wp_update_user(get_object_vars($user));
            delete_option($user_id . '_new_email');
            wp_safe_redirect(add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($user_id)));
            exit;
        }
    } elseif (is_multisite() && bbp_is_user_home_edit() && !empty($_GET['dismiss']) && $user_id . '_new_email' == $_GET['dismiss']) {
        delete_option($user_id . '_new_email');
        wp_safe_redirect(add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($user_id)));
        exit;
    }
    // Nonce check
    if (!bbp_verify_nonce_request('update-user_' . $user_id)) {
        bbp_add_error('bbp_update_user_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress'));
        return;
    }
    // Cap check
    if (!current_user_can('edit_user', $user_id)) {
        bbp_add_error('bbp_update_user_capability', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress'));
        return;
    }
    // Do action based on who's profile you're editing
    $edit_action = bbp_is_user_home_edit() ? 'personal_options_update' : 'edit_user_profile_update';
    do_action($edit_action, $user_id);
    // Multisite handles the trouble for us ;)
    if (!is_multisite()) {
        $edit_user = edit_user($user_id);
        // Single site means we need to do some manual labor
    } else {
        $user = get_userdata($user_id);
        // Update the email address in signups, if present.
        if ($user->user_login && isset($_POST['email']) && is_email($_POST['email']) && $wpdb->get_var($wpdb->prepare("SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $user->user_login))) {
            $wpdb->query($wpdb->prepare("UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $_POST['email'], $user_login));
        }
        // WPMU must delete the user from the current blog if WP added him after editing.
        $delete_role = false;
        $blog_prefix = $wpdb->get_blog_prefix();
        if ($user_id != $user_id) {
            $cap = $wpdb->get_var("SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = '{$user_id}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'");
            if (!is_network_admin() && null == $cap && $_POST['role'] == '') {
                $_POST['role'] = 'contributor';
                $delete_role = true;
            }
        }
        $edit_user = edit_user($user_id);
        // stops users being added to current blog when they are edited
        if (true === $delete_role) {
            delete_user_meta($user_id, $blog_prefix . 'capabilities');
        }
        if (is_multisite() && is_network_admin() & !bbp_is_user_home_edit() && current_user_can('manage_network_options') && !isset($super_admins) && empty($_POST['super_admin']) == is_super_admin($user_id)) {
            empty($_POST['super_admin']) ? revoke_super_admin($user_id) : grant_super_admin($user_id);
        }
    }
    // Error(s) editng the user, so copy them into the global
    if (is_wp_error($edit_user)) {
        bbpress()->errors = $edit_user;
        // Successful edit to redirect
    } elseif (is_integer($edit_user)) {
        $redirect = add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($edit_user));
        wp_safe_redirect($redirect);
        exit;
    }
}
예제 #16
0
/**
 * Handles the front end opening/closing, spamming/unspamming,
 * sticking/unsticking and trashing/untrashing/deleting of topics
 *
 * @since bbPress (r2727)
 *
 * @param string $action The requested action to compare this function to
 * @uses bbp_get_topic() To get the topic
 * @uses current_user_can() To check if the user is capable of editing or
 *                           deleting the topic
 * @uses bbp_get_topic_post_type() To get the topic post type
 * @uses check_ajax_referer() To verify the nonce and check the referer
 * @uses bbp_is_topic_open() To check if the topic is open
 * @uses bbp_close_topic() To close the topic
 * @uses bbp_open_topic() To open the topic
 * @uses bbp_is_topic_sticky() To check if the topic is a sticky
 * @uses bbp_unstick_topic() To unstick the topic
 * @uses bbp_stick_topic() To stick the topic
 * @uses bbp_is_topic_spam() To check if the topic is marked as spam
 * @uses bbp_spam_topic() To make the topic as spam
 * @uses bbp_unspam_topic() To unmark the topic as spam
 * @uses wp_trash_post() To trash the topic
 * @uses wp_untrash_post() To untrash the topic
 * @uses wp_delete_post() To delete the topic
 * @uses do_action() Calls 'bbp_toggle_topic_handler' with success, post data
 *                    and action
 * @uses bbp_get_forum_permalink() To get the forum link
 * @uses bbp_get_topic_permalink() To get the topic link
 * @uses wp_safe_redirect() To redirect to the topic
 * @uses bbPress::errors:add() To log the error messages
 */
function bbp_toggle_topic_handler($action = '')
{
    // Bail if required GET actions aren't passed
    if (empty($_GET['topic_id'])) {
        return;
    }
    // Setup possible get actions
    $possible_actions = array('bbp_toggle_topic_close', 'bbp_toggle_topic_stick', 'bbp_toggle_topic_spam', 'bbp_toggle_topic_trash');
    // Bail if actions aren't meant for this function
    if (!in_array($action, $possible_actions)) {
        return;
    }
    $failure = '';
    // Empty failure string
    $view_all = false;
    // Assume not viewing all
    $topic_id = (int) $_GET['topic_id'];
    // What's the topic id?
    $success = false;
    // Flag
    $post_data = array('ID' => $topic_id);
    // Prelim array
    $redirect = '';
    // Empty redirect URL
    // Make sure topic exists
    $topic = bbp_get_topic($topic_id);
    if (empty($topic)) {
        return;
    }
    // What is the user doing here?
    if (!current_user_can('edit_topic', $topic->ID) || 'bbp_toggle_topic_trash' === $action && !current_user_can('delete_topic', $topic->ID)) {
        bbp_add_error('bbp_toggle_topic_permission', __('<strong>ERROR:</strong> You do not have the permission to do that.', 'bbpress'));
        return;
    }
    // What action are we trying to perform?
    switch ($action) {
        // Toggle open/close
        case 'bbp_toggle_topic_close':
            check_ajax_referer('close-topic_' . $topic_id);
            $is_open = bbp_is_topic_open($topic_id);
            $success = true === $is_open ? bbp_close_topic($topic_id) : bbp_open_topic($topic_id);
            $failure = true === $is_open ? __('<strong>ERROR</strong>: There was a problem closing the topic.', 'bbpress') : __('<strong>ERROR</strong>: There was a problem opening the topic.', 'bbpress');
            break;
            // Toggle sticky/super-sticky/unstick
        // Toggle sticky/super-sticky/unstick
        case 'bbp_toggle_topic_stick':
            check_ajax_referer('stick-topic_' . $topic_id);
            $is_sticky = bbp_is_topic_sticky($topic_id);
            $is_super = false === $is_sticky && !empty($_GET['super']) && "1" === $_GET['super'] ? true : false;
            $success = true === $is_sticky ? bbp_unstick_topic($topic_id) : bbp_stick_topic($topic_id, $is_super);
            $failure = true === $is_sticky ? __('<strong>ERROR</strong>: There was a problem unsticking the topic.', 'bbpress') : __('<strong>ERROR</strong>: There was a problem sticking the topic.', 'bbpress');
            break;
            // Toggle spam
        // Toggle spam
        case 'bbp_toggle_topic_spam':
            check_ajax_referer('spam-topic_' . $topic_id);
            $is_spam = bbp_is_topic_spam($topic_id);
            $success = true === $is_spam ? bbp_unspam_topic($topic_id) : bbp_spam_topic($topic_id);
            $failure = true === $is_spam ? __('<strong>ERROR</strong>: There was a problem unmarking the topic as spam.', 'bbpress') : __('<strong>ERROR</strong>: There was a problem marking the topic as spam.', 'bbpress');
            $view_all = !$is_spam;
            break;
            // Toggle trash
        // Toggle trash
        case 'bbp_toggle_topic_trash':
            $sub_action = !empty($_GET['sub_action']) && in_array($_GET['sub_action'], array('trash', 'untrash', 'delete')) ? $_GET['sub_action'] : false;
            if (empty($sub_action)) {
                break;
            }
            switch ($sub_action) {
                case 'trash':
                    check_ajax_referer('trash-' . bbp_get_topic_post_type() . '_' . $topic_id);
                    $view_all = true;
                    $success = wp_trash_post($topic_id);
                    $failure = __('<strong>ERROR</strong>: There was a problem trashing the topic.', 'bbpress');
                    break;
                case 'untrash':
                    check_ajax_referer('untrash-' . bbp_get_topic_post_type() . '_' . $topic_id);
                    $success = wp_untrash_post($topic_id);
                    $failure = __('<strong>ERROR</strong>: There was a problem untrashing the topic.', 'bbpress');
                    break;
                case 'delete':
                    check_ajax_referer('delete-' . bbp_get_topic_post_type() . '_' . $topic_id);
                    $success = wp_delete_post($topic_id);
                    $failure = __('<strong>ERROR</strong>: There was a problem deleting the topic.', 'bbpress');
                    break;
            }
            break;
    }
    // Do additional topic toggle actions
    do_action('bbp_toggle_topic_handler', $success, $post_data, $action);
    // No errors
    if (false !== $success && !is_wp_error($success)) {
        // Redirect back to the topic's forum
        if (isset($sub_action) && 'delete' === $sub_action) {
            $redirect = bbp_get_forum_permalink($success->post_parent);
            // Redirect back to the topic
        } else {
            // Get the redirect detination
            $permalink = bbp_get_topic_permalink($topic_id);
            $redirect = bbp_add_view_all($permalink, $view_all);
        }
        wp_safe_redirect($redirect);
        // For good measure
        exit;
        // Handle errors
    } else {
        bbp_add_error('bbp_toggle_topic', $failure);
    }
}
 /**
  * Handles the front end reporting/un-reporting of replies
  *
  * @since 1.0.0
  *
  * @param string $action The requested action to compare this function to
  */
 public function toggle_reply_handler($action = '')
 {
     // Bail if required GET actions aren't passed
     if (empty($_GET['reply_id'])) {
         return;
     }
     // Setup possible get actions
     $possible_actions = array('bbp_rc_toggle_reply_report');
     // Bail if actions aren't meant for this function
     if (!in_array($action, $possible_actions)) {
         return;
     }
     $failure = '';
     // Empty failure string
     $view_all = false;
     // Assume not viewing all
     $reply_id = (int) $_GET['reply_id'];
     // What's the reply id?
     $success = false;
     // Flag
     $post_data = array('ID' => $reply_id);
     // Prelim array
     $redirect = '';
     // Empty redirect URL
     // Make sure reply exists
     $reply = bbp_get_reply($reply_id);
     if (empty($reply)) {
         return;
     }
     // Bail if non-logged-in user
     if (!is_user_logged_in()) {
         return;
     }
     // What action are we trying to perform?
     switch ($action) {
         // Toggle reported
         case 'bbp_rc_toggle_reply_report':
             check_ajax_referer('report-reply_' . $reply_id);
             $is_reported = $this->is_reply_reported($reply_id);
             $success = true === $is_reported ? $this->unreport_reply($reply_id) : $this->report_reply($reply_id);
             $failure = true === $is_reported ? __('<strong>ERROR</strong>: There was a problem unmarking the reply as reported.', 'bbpress-report-content') : __('<strong>ERROR</strong>: There was a problem reporting the reply.', 'bbpress-report-content');
             // $view_all = !$is_reported; // Only need this if we want to hide it, like spam
             break;
     }
     // No errors
     if (false !== $success && !is_wp_error($success)) {
         /** Redirect **********************************************************/
         // Redirect to
         $redirect_to = bbp_get_redirect_to();
         // Get the reply URL
         $reply_url = bbp_get_reply_url($reply_id, $redirect_to);
         // Add view all if needed
         if (!empty($view_all)) {
             $reply_url = bbp_add_view_all($reply_url, true);
         }
         // Redirect back to reply
         wp_safe_redirect($reply_url);
         // For good measure
         exit;
         // Handle errors
     } else {
         bbp_add_error('bbp_rc_toggle_reply', $failure);
     }
 }
/**
 * Public filter 'bbp_*' - Checks topics, replies by cleantalk
 * @param 	mixed[] $comment Comment string 
 * @return  mixed[] $comment Comment string 
 */
function ct_bbp_new_pre_content($comment)
{
    global $ct_options, $ct_data;
    $ct_options = ct_get_options();
    $ct_data = ct_get_data();
    if (ct_is_user_enable() === false || $ct_options['comments_test'] == 0 || is_user_logged_in()) {
        return $comment;
    }
    $checkjs = js_test('ct_checkjs', $_COOKIE, true);
    if ($checkjs === null) {
        $checkjs = js_test('ct_checkjs', $_POST, true);
    }
    $example = null;
    $sender_info = array('sender_url' => isset($_POST['bbp_anonymous_website']) ? $_POST['bbp_anonymous_website'] : null);
    $post_info['comment_type'] = 'bbpress_comment';
    $post_info['post_url'] = bbp_get_topic_permalink();
    $post_info = json_encode($post_info);
    if ($post_info === false) {
        $post_info = '';
    }
    $ct_base_call_result = ct_base_call(array('message' => $comment, 'example' => $example, 'sender_email' => isset($_POST['bbp_anonymous_email']) ? $_POST['bbp_anonymous_email'] : null, 'sender_nickname' => isset($_POST['bbp_anonymous_name']) ? $_POST['bbp_anonymous_name'] : null, 'post_info' => $post_info, 'checkjs' => $checkjs, 'sender_info' => $sender_info));
    $ct = $ct_base_call_result['ct'];
    $ct_result = $ct_base_call_result['ct_result'];
    if ($ct_result->stop_queue == 1 || $ct_result->spam == 1 || $ct_result->allow == 0 && $ct_result->stop_words !== null) {
        bbp_add_error('bbp_reply_content', $ct_result->comment);
    }
    return $comment;
}
예제 #19
0
 /**
  * Kills splogger signups, BuddyPress posts and replies and bbPress spammers dead in their tracks
  * This method is an alternative to pouring kerosene on sploggers and lighting a match.
  * Checks both the cookie and input key payloads
  *
  * @author Ryan Hellyer <*****@*****.**>
  * @since 1.0
  */
 public function check_for_post_evilness($content)
 {
     // If the user is logged in, then they're clearly trusted, so continue without checking
     if (is_user_logged_in()) {
         return $content;
     }
     // Check the hidden input field against the key
     if ($_POST['killer_value'] != $this->spam_key) {
         // BAM! And the spam signup is dead :)
         if (isset($_POST['bbp_topic_id'])) {
             bbp_add_error('bbp_reply_content', __('Sorry, but you have been detected as spam', 'spam-destroyer'));
         } else {
             $content['errors']->add('blogname', '');
         }
     }
     // Check for cookies presence
     if (isset($_COOKIE[$this->spam_key])) {
         // If time not set correctly, then assume it's spam
         if ($_COOKIE[$this->spam_key] > 1 && time() - $_COOKIE[$this->spam_key] < $this->speed) {
             // Something's up, since the commenter's cookie time frame doesn't match ours
             $content['errors']->add('blogname', '');
         }
     } else {
         // Cookie not set therefore destroy the evil splogger
         $content['errors']->add('blogname', '');
     }
     return $content;
 }