public function test_bbp_verify_nonce_request_with_port_in_home_url_and_wordpress_installed_in_subdirectory() { // fake various $_SERVER parameters $host = explode(':', $_SERVER['HTTP_HOST']); $_SERVER['HTTP_HOST'] = $host[0] . ':80'; $_SERVER['SERVER_PORT'] = 80; $_SERVER['REQUEST_URI'] = '/wordpress/'; // add port number and subdirecotry to home URL for testing add_filter('home_url', array($this, 'add_port_and_subdirectory_to_home_url'), 10, 3); // test bbp_verify_nonce_request() $action = 'verify-this'; $_REQUEST[$action] = wp_create_nonce($action); $test = bbp_verify_nonce_request($action, $action); // clean up! remove_filter('home_url', array($this, 'add_port_and_subdirectory_to_home_url'), 10, 3); unset($_REQUEST[$action]); // assert! $this->assertSame(1, $test); }
/** * Verify if a POST request came from a failed topic attempt. * * Used to avoid cross-site request forgeries when checking posted topic form * content. * * @see bbp_topic_form_fields() * * @since 2.6.0 bbPress (r5558) * * @return boolean True if is a post request with valid nonce */ function bbp_is_topic_form_post_request() { // Bail if not a post request if (!bbp_is_post_request()) { return false; } // Creating a new topic if (bbp_verify_nonce_request('bbp-new-topic')) { return true; } // Editing an existing topic if (bbp_verify_nonce_request('bbp-edit-topic')) { return true; } return false; }
/** * Handles the front end tag management (renaming, merging, destroying) * * @since bbPress (r2768) * * @param string $action The requested action to compare this function to * @uses bbp_verify_nonce_request() To verify the nonce and check the request * @uses current_user_can() To check if the current user can edit/delete tags * @uses bbp_add_error() To add an error message * @uses wp_update_term() To update the topic tag * @uses get_term_link() To get the topic tag url * @uses term_exists() To check if the topic tag already exists * @uses wp_insert_term() To insert a topic tag * @uses wp_delete_term() To delete the topic tag * @uses home_url() To get the blog's home page url * @uses do_action() Calls actions based on the actions with associated args * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error} * @uses wp_safe_redirect() To redirect to the url */ function bbp_edit_topic_tag_handler($action = '') { // Bail if required POST actions aren't passed if (empty($_POST['tag-id'])) { return; } // Setup possible get actions $possible_actions = array('bbp-update-topic-tag', 'bbp-merge-topic-tag', 'bbp-delete-topic-tag'); // Bail if actions aren't meant for this function if (!in_array($action, $possible_actions)) { return; } // Setup vars $tag_id = (int) $_POST['tag-id']; $tag = get_term($tag_id, bbp_get_topic_tag_tax_id()); // Tag does not exist if (is_wp_error($tag) && $tag->get_error_message()) { bbp_add_error('bbp_manage_topic_invalid_tag', sprintf(__('<strong>ERROR</strong>: The following problem(s) have been found while getting the tag: %s', 'bbpress'), $tag->get_error_message())); return; } // What action are we trying to perform? switch ($action) { // Update tag case 'bbp-update-topic-tag': // Nonce check if (!bbp_verify_nonce_request('update-tag_' . $tag_id)) { bbp_add_error('bbp_manage_topic_tag_update_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress')); return; } // Can user edit topic tags? if (!current_user_can('edit_topic_tags')) { bbp_add_error('bbp_manage_topic_tag_update_permissions', __('<strong>ERROR</strong>: You do not have the permissions to edit the topic tags.', 'bbpress')); return; } // No tag name was provided if (empty($_POST['tag-name']) || !($name = $_POST['tag-name'])) { bbp_add_error('bbp_manage_topic_tag_update_name', __('<strong>ERROR</strong>: You need to enter a tag name.', 'bbpress')); return; } // Attempt to update the tag $slug = !empty($_POST['tag-slug']) ? $_POST['tag-slug'] : ''; $tag = wp_update_term($tag_id, bbp_get_topic_tag_tax_id(), array('name' => $name, 'slug' => $slug)); // Cannot update tag if (is_wp_error($tag) && $tag->get_error_message()) { bbp_add_error('bbp_manage_topic_tag_update_error', sprintf(__('<strong>ERROR</strong>: The following problem(s) have been found while updating the tag: %s', 'bbpress'), $tag->get_error_message())); return; } // Redirect $redirect = get_term_link($tag_id, bbp_get_topic_tag_tax_id()); // Update counts, etc... do_action('bbp_update_topic_tag', $tag_id, $tag, $name, $slug); break; // Merge two tags // Merge two tags case 'bbp-merge-topic-tag': // Nonce check if (!bbp_verify_nonce_request('merge-tag_' . $tag_id)) { bbp_add_error('bbp_manage_topic_tag_merge_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress')); return; } // Can user edit topic tags? if (!current_user_can('edit_topic_tags')) { bbp_add_error('bbp_manage_topic_tag_merge_permissions', __('<strong>ERROR</strong>: You do not have the permissions to edit the topic tags.', 'bbpress')); return; } // No tag name was provided if (empty($_POST['tag-existing-name']) || !($name = $_POST['tag-existing-name'])) { bbp_add_error('bbp_manage_topic_tag_merge_name', __('<strong>ERROR</strong>: You need to enter a tag name.', 'bbpress')); return; } // If term does not exist, create it if (!($tag = term_exists($name, bbp_get_topic_tag_tax_id()))) { $tag = wp_insert_term($name, bbp_get_topic_tag_tax_id()); } // Problem inserting the new term if (is_wp_error($tag) && $tag->get_error_message()) { bbp_add_error('bbp_manage_topic_tag_merge_error', sprintf(__('<strong>ERROR</strong>: The following problem(s) have been found while merging the tags: %s', 'bbpress'), $tag->get_error_message())); return; } // Merging in to... $to_tag = $tag['term_id']; // Attempting to merge a tag into itself if ($tag_id === $to_tag) { bbp_add_error('bbp_manage_topic_tag_merge_same', __('<strong>ERROR</strong>: The tags which are being merged can not be the same.', 'bbpress')); return; } // Delete the old term $tag = wp_delete_term($tag_id, bbp_get_topic_tag_tax_id(), array('default' => $to_tag, 'force_default' => true)); // Error merging the terms if (is_wp_error($tag) && $tag->get_error_message()) { bbp_add_error('bbp_manage_topic_tag_merge_error', sprintf(__('<strong>ERROR</strong>: The following problem(s) have been found while merging the tags: %s', 'bbpress'), $tag->get_error_message())); return; } // Redirect $redirect = get_term_link((int) $to_tag, bbp_get_topic_tag_tax_id()); // Update counts, etc... do_action('bbp_merge_topic_tag', $tag_id, $to_tag, $tag); break; // Delete tag // Delete tag case 'bbp-delete-topic-tag': // Nonce check if (!bbp_verify_nonce_request('delete-tag_' . $tag_id)) { bbp_add_error('bbp_manage_topic_tag_delete_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress')); return; } // Can user delete topic tags? if (!current_user_can('delete_topic_tags')) { bbp_add_error('bbp_manage_topic_tag_delete_permissions', __('<strong>ERROR</strong>: You do not have the permissions to delete the topic tags.', 'bbpress')); return; } // Attempt to delete term $tag = wp_delete_term($tag_id, bbp_get_topic_tag_tax_id()); // Error deleting term if (is_wp_error($tag) && $tag->get_error_message()) { bbp_add_error('bbp_manage_topic_tag_delete_error', sprintf(__('<strong>ERROR</strong>: The following problem(s) have been found while deleting the tag: %s', 'bbpress'), $tag->get_error_message())); return; } // We don't have any other place to go other than home! Or we may die because of the 404 disease $redirect = home_url(); // Update counts, etc... do_action('bbp_delete_topic_tag', $tag_id, $tag); break; } /** Successful Moderation *************************************************/ // Redirect back $redirect = !empty($redirect) && !is_wp_error($redirect) ? $redirect : home_url(); wp_safe_redirect($redirect); // For good measure exit; }
/** * Handles the front end edit forum submission * * @param string $action The requested action to compare this function to * @uses bbPress:errors::add() To log various error messages * @uses bbp_get_forum() To get the forum * @uses bbp_verify_nonce_request() To verify the nonce and check the request * @uses bbp_is_forum_anonymous() To check if forum is by an anonymous user * @uses current_user_can() To check if the current user can edit the forum * @uses bbp_filter_anonymous_post_data() To filter anonymous data * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error} * @uses esc_attr() For sanitization * @uses bbp_is_forum_category() To check if the forum is a category * @uses bbp_is_forum_closed() To check if the forum is closed * @uses bbp_is_forum_private() To check if the forum is private * @uses remove_filter() To remove kses filters if needed * @uses apply_filters() Calls 'bbp_edit_forum_pre_title' with the title and * forum id * @uses apply_filters() Calls 'bbp_edit_forum_pre_content' with the content * and forum id * @uses bbPress::errors::get_error_codes() To get the {@link WP_Error} errors * @uses wp_save_post_revision() To save a forum revision * @uses bbp_update_forum_revision_log() To update the forum revision log * @uses wp_update_post() To update the forum * @uses do_action() Calls 'bbp_edit_forum' with the forum id, forum id, * anonymous data and reply author * @uses bbp_move_forum_handler() To handle movement of a forum from one forum * to another * @uses bbp_get_forum_permalink() To get the forum permalink * @uses wp_safe_redirect() To redirect to the forum link * @uses bbPress::errors::get_error_messages() To get the {@link WP_Error} error * messages */ function bbp_edit_forum_handler($action = '') { // Bail if action is not bbp-edit-forum if ('bbp-edit-forum' !== $action) { return; } // Define local variable(s) $anonymous_data = array(); $forum = $forum_id = $forum_parent_id = 0; $forum_title = $forum_content = $forum_edit_reason = ''; /** Forum *****************************************************************/ // Forum id was not passed if (empty($_POST['bbp_forum_id'])) { bbp_add_error('bbp_edit_forum_id', __('<strong>ERROR</strong>: Forum ID not found.', 'bbpress')); return; // Forum id was passed } elseif (is_numeric($_POST['bbp_forum_id'])) { $forum_id = (int) $_POST['bbp_forum_id']; $forum = bbp_get_forum($forum_id); } // Nonce check if (!bbp_verify_nonce_request('bbp-edit-forum_' . $forum_id)) { bbp_add_error('bbp_edit_forum_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress')); return; // Forum does not exist } elseif (empty($forum)) { bbp_add_error('bbp_edit_forum_not_found', __('<strong>ERROR</strong>: The forum you want to edit was not found.', 'bbpress')); return; // User cannot edit this forum } elseif (!current_user_can('edit_forum', $forum_id)) { bbp_add_error('bbp_edit_forum_permissions', __('<strong>ERROR</strong>: You do not have permission to edit that forum.', 'bbpress')); return; } // Remove kses filters from title and content for capable users and if the nonce is verified if (current_user_can('unfiltered_html') && !empty($_POST['_bbp_unfiltered_html_forum']) && wp_create_nonce('bbp-unfiltered-html-forum_' . $forum_id) === $_POST['_bbp_unfiltered_html_forum']) { remove_filter('bbp_edit_forum_pre_title', 'wp_filter_kses'); remove_filter('bbp_edit_forum_pre_content', 'bbp_encode_bad', 10); remove_filter('bbp_edit_forum_pre_content', 'bbp_filter_kses', 30); } /** Forum Parent ***********************************************************/ // Forum parent id was passed if (!empty($_POST['bbp_forum_parent_id'])) { $forum_parent_id = bbp_get_forum_id($_POST['bbp_forum_parent_id']); } // Current forum this forum is in $current_parent_forum_id = bbp_get_forum_parent_id($forum_id); // Forum exists if (!empty($forum_parent_id) && $forum_parent_id !== $current_parent_forum_id) { // Forum is closed and user cannot access if (bbp_is_forum_closed($forum_parent_id) && !current_user_can('edit_forum', $forum_parent_id)) { bbp_add_error('bbp_edit_forum_forum_closed', __('<strong>ERROR</strong>: This forum has been closed to new forums.', 'bbpress')); } // Forum is private and user cannot access if (bbp_is_forum_private($forum_parent_id) && !current_user_can('read_private_forums')) { bbp_add_error('bbp_edit_forum_forum_private', __('<strong>ERROR</strong>: This forum is private and you do not have the capability to read or create new forums in it.', 'bbpress')); } // Forum is hidden and user cannot access if (bbp_is_forum_hidden($forum_parent_id) && !current_user_can('read_hidden_forums')) { bbp_add_error('bbp_edit_forum_forum_hidden', __('<strong>ERROR</strong>: This forum is hidden and you do not have the capability to read or create new forums in it.', 'bbpress')); } } /** Forum Title ***********************************************************/ if (!empty($_POST['bbp_forum_title'])) { $forum_title = esc_attr(strip_tags($_POST['bbp_forum_title'])); } // Filter and sanitize $forum_title = apply_filters('bbp_edit_forum_pre_title', $forum_title, $forum_id); // No forum title if (empty($forum_title)) { bbp_add_error('bbp_edit_forum_title', __('<strong>ERROR</strong>: Your forum needs a title.', 'bbpress')); } /** Forum Content *********************************************************/ if (!empty($_POST['bbp_forum_content'])) { $forum_content = $_POST['bbp_forum_content']; } // Filter and sanitize $forum_content = apply_filters('bbp_edit_forum_pre_content', $forum_content, $forum_id); // No forum content if (empty($forum_content)) { bbp_add_error('bbp_edit_forum_content', __('<strong>ERROR</strong>: Your forum description cannot be empty.', 'bbpress')); } /** Forum Blacklist *******************************************************/ if (!bbp_check_for_blacklist($anonymous_data, bbp_get_forum_author_id($forum_id), $forum_title, $forum_content)) { bbp_add_error('bbp_forum_blacklist', __('<strong>ERROR</strong>: Your forum cannot be edited at this time.', 'bbpress')); } /** Forum Moderation ******************************************************/ $post_status = bbp_get_public_status_id(); if (!bbp_check_for_moderation($anonymous_data, bbp_get_forum_author_id($forum_id), $forum_title, $forum_content)) { $post_status = bbp_get_pending_status_id(); } /** Additional Actions (Before Save) **************************************/ do_action('bbp_edit_forum_pre_extras', $forum_id); // Bail if errors if (bbp_has_errors()) { return; } /** No Errors *************************************************************/ // Add the content of the form to $forum_data as an array // Just in time manipulation of forum data before being edited $forum_data = apply_filters('bbp_edit_forum_pre_insert', array('ID' => $forum_id, 'post_title' => $forum_title, 'post_content' => $forum_content, 'post_status' => $post_status, 'post_parent' => $forum_parent_id)); // Insert forum $forum_id = wp_update_post($forum_data); /** Revisions *************************************************************/ /** * @todo omitted for 2.1 // Revision Reason if ( !empty( $_POST['bbp_forum_edit_reason'] ) ) $forum_edit_reason = esc_attr( strip_tags( $_POST['bbp_forum_edit_reason'] ) ); // Update revision log if ( !empty( $_POST['bbp_log_forum_edit'] ) && ( "1" === $_POST['bbp_log_forum_edit'] ) && ( $revision_id = wp_save_post_revision( $forum_id ) ) ) { bbp_update_forum_revision_log( array( 'forum_id' => $forum_id, 'revision_id' => $revision_id, 'author_id' => bbp_get_current_user_id(), 'reason' => $forum_edit_reason ) ); } */ /** No Errors *************************************************************/ if (!empty($forum_id) && !is_wp_error($forum_id)) { // Update counts, etc... do_action('bbp_edit_forum', array('forum_id' => $forum_id, 'post_parent' => $forum_parent_id, 'forum_author' => $forum->post_author, 'last_topic_id' => 0, 'last_reply_id' => 0, 'last_active_id' => 0, 'last_active_time' => 0, 'last_active_status' => bbp_get_public_status_id())); // If the new forum parent id is not equal to the old forum parent // id, run the bbp_move_forum action and pass the forum's parent id // as the first arg and new forum parent id as the second. // @todo implement //if ( $forum_id !== $forum->post_parent ) // bbp_move_forum_handler( $forum_parent_id, $forum->post_parent, $forum_id ); /** Additional Actions (After Save) ***********************************/ do_action('bbp_edit_forum_post_extras', $forum_id); /** Redirect **********************************************************/ // Redirect to $redirect_to = bbp_get_redirect_to(); // View all? $view_all = bbp_get_view_all(); // Get the forum URL $forum_url = bbp_get_forum_permalink($forum_id, $redirect_to); // Add view all? if (!empty($view_all)) { $forum_url = bbp_add_view_all($forum_url); } // Allow to be filtered $forum_url = apply_filters('bbp_edit_forum_redirect_to', $forum_url, $view_all, $redirect_to); /** Successful Edit ***************************************************/ // Redirect back to new forum wp_safe_redirect($forum_url); // For good measure exit; /** Errors ****************************************************************/ } else { $append_error = is_wp_error($forum_id) && $forum_id->get_error_message() ? $forum_id->get_error_message() . ' ' : ''; bbp_add_error('bbp_forum_error', __('<strong>ERROR</strong>: The following problem(s) have been found with your forum:' . $append_error . 'Please try again.', 'bbpress')); } }
/** * Handles the front end user editing * * @uses is_multisite() To check if it's a multisite * @uses bbp_is_user_home() To check if the user is at home (the display page * is the one of the logged in user) * @uses get_option() To get the displayed user's new email id option * @uses wpdb::prepare() To sanitize our sql query * @uses wpdb::get_var() To execute our query and get back the variable * @uses wpdb::query() To execute our query * @uses wp_update_user() To update the user * @uses delete_option() To delete the displayed user's email id option * @uses bbp_get_user_profile_edit_url() To get the edit profile url * @uses wp_safe_redirect() To redirect to the url * @uses bbp_verify_nonce_request() To verify the nonce and check the request * @uses current_user_can() To check if the current user can edit the user * @uses do_action() Calls 'personal_options_update' or * 'edit_user_options_update' (based on if it's the user home) * with the displayed user id * @uses edit_user() To edit the user based on the post data * @uses get_userdata() To get the user data * @uses is_email() To check if the string is an email id or not * @uses wpdb::get_blog_prefix() To get the blog prefix * @uses is_network_admin() To check if the user is the network admin * @uses is_super_admin() To check if the user is super admin * @uses revoke_super_admin() To revoke super admin priviledges * @uses grant_super_admin() To grant super admin priviledges * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error} */ function bbp_edit_user_handler() { // Bail if not a POST action if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) { return; } // Bail if action is not 'bbp-update-user' if (empty($_POST['action']) || 'bbp-update-user' !== $_POST['action']) { return; } // Get the displayed user ID $user_id = bbp_get_displayed_user_id(); // Execute confirmed email change. See send_confirmation_on_profile_email(). if (is_multisite() && bbp_is_user_home_edit() && isset($_GET['newuseremail'])) { $new_email = get_option($user_id . '_new_email'); if ($new_email['hash'] == $_GET['newuseremail']) { $user = new stdClass(); $user->ID = $user_id; $user->user_email = esc_html(trim($new_email['newemail'])); global $wpdb; if ($wpdb->get_var($wpdb->prepare("SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", bbp_get_displayed_user_field('user_login')))) { $wpdb->query($wpdb->prepare("UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, bbp_get_displayed_user_field('user_login'))); } wp_update_user(get_object_vars($user)); delete_option($user_id . '_new_email'); wp_safe_redirect(add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($user_id))); exit; } // Delete new email address from user options } elseif (is_multisite() && bbp_is_user_home_edit() && !empty($_GET['dismiss']) && $user_id . '_new_email' == $_GET['dismiss']) { delete_option($user_id . '_new_email'); wp_safe_redirect(add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($user_id))); exit; } // Nonce check if (!bbp_verify_nonce_request('update-user_' . $user_id)) { bbp_add_error('bbp_update_user_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress')); return; } // Cap check if (!current_user_can('edit_user', $user_id)) { bbp_add_error('bbp_update_user_capability', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress')); return; } // Do action based on who's profile you're editing $edit_action = bbp_is_user_home_edit() ? 'personal_options_update' : 'edit_user_profile_update'; do_action($edit_action, $user_id); // Handle user edit $edit_user = edit_user($user_id); // Error(s) editng the user, so copy them into the global if (is_wp_error($edit_user)) { bbpress()->errors = $edit_user; // Successful edit to redirect } elseif (is_integer($edit_user)) { // Maybe update super admin ability if (is_multisite() && !bbp_is_user_home_edit()) { empty($_POST['super_admin']) ? revoke_super_admin($edit_user) : grant_super_admin($edit_user); } $redirect = add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($edit_user)); wp_safe_redirect($redirect); exit; } }
/** * Mark notifications as read when reading a topic * * @since 2.5.0 bbPress (r5155) * * @return If not trying to mark a notification as read */ function bbp_buddypress_mark_notifications($action = '') { // Bail if no topic ID is passed if (empty($_GET['topic_id'])) { return; } // Bail if action is not for this function if ('bbp_mark_read' !== $action) { return; } // Get required data $user_id = bp_loggedin_user_id(); $topic_id = intval($_GET['topic_id']); // Check nonce if (!bbp_verify_nonce_request('bbp_mark_topic_' . $topic_id)) { bbp_add_error('bbp_notification_topic_id', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress')); // Check current user's ability to edit the user } elseif (!current_user_can('edit_user', $user_id)) { bbp_add_error('bbp_notification_permissions', __('<strong>ERROR</strong>: You do not have permission to mark notifications for that user.', 'bbpress')); } // Bail if we have errors if (!bbp_has_errors()) { // Attempt to clear notifications for the current user from this topic $success = bp_notifications_mark_notifications_by_item_id($user_id, $topic_id, bbp_get_component_name(), 'bbp_new_reply'); // Do additional subscriptions actions do_action('bbp_notifications_handler', $success, $user_id, $topic_id, $action); } // Redirect to the topic $redirect = bbp_get_reply_url($topic_id); // Redirect bbp_redirect($redirect); }
/** * Move reply handler * * Handles the front end move reply submission * * @since bbPress (r4521) * * @param string $action The requested action to compare this function to * @uses bbp_add_error() To add an error message * @uses bbp_get_reply() To get the reply * @uses bbp_get_topic() To get the topics * @uses bbp_verify_nonce_request() To verify the nonce and check the request * @uses current_user_can() To check if the current user can edit the reply and topics * @uses bbp_get_topic_post_type() To get the topic post type * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error} * @uses do_action() Calls 'bbp_pre_move_reply' with the from reply id, source * and destination topic ids * @uses bbp_get_reply_post_type() To get the reply post type * @uses wpdb::prepare() To prepare our sql query * @uses wpdb::get_results() To execute the sql query and get results * @uses wp_update_post() To update the replies * @uses bbp_update_reply_topic_id() To update the reply topic id * @uses bbp_get_topic_forum_id() To get the topic forum id * @uses bbp_update_reply_forum_id() To update the reply forum id * @uses do_action() Calls 'bbp_split_topic_reply' with the reply id and * destination topic id * @uses bbp_update_topic_last_reply_id() To update the topic last reply id * @uses bbp_update_topic_last_active_time() To update the topic last active meta * @uses do_action() Calls 'bbp_post_split_topic' with the destination and * source topic ids and source topic's forum id * @uses bbp_get_topic_permalink() To get the topic permalink * @uses wp_safe_redirect() To redirect to the topic link */ function bbp_move_reply_handler($action = '') { // Bail if action is not 'bbp-move-reply' if ('bbp-move-reply' !== $action) { return; } // Prevent debug notices $move_reply_id = $destination_topic_id = 0; $destination_topic_title = ''; $destination_topic = $move_reply = $source_topic = ''; /** Move Reply ***********************************************************/ if (empty($_POST['bbp_reply_id'])) { bbp_add_error('bbp_move_reply_reply_id', __('<strong>ERROR</strong>: Reply ID to move not found!', 'bbpress')); } else { $move_reply_id = (int) $_POST['bbp_reply_id']; } $move_reply = bbp_get_reply($move_reply_id); // Reply exists if (empty($move_reply)) { bbp_add_error('bbp_mover_reply_r_not_found', __('<strong>ERROR</strong>: The reply you want to move was not found.', 'bbpress')); } /** Topic to Move From ***************************************************/ // Get the reply's current topic $source_topic = bbp_get_topic($move_reply->post_parent); // No topic if (empty($source_topic)) { bbp_add_error('bbp_move_reply_source_not_found', __('<strong>ERROR</strong>: The topic you want to move from was not found.', 'bbpress')); } // Nonce check failed if (!bbp_verify_nonce_request('bbp-move-reply_' . $move_reply->ID)) { bbp_add_error('bbp_move_reply_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress')); return; } // Use cannot edit topic if (!current_user_can('edit_topic', $source_topic->ID)) { bbp_add_error('bbp_move_reply_source_permission', __('<strong>ERROR</strong>: You do not have the permissions to edit the source topic.', 'bbpress')); } // How to move if (!empty($_POST['bbp_reply_move_option'])) { $move_option = (string) trim($_POST['bbp_reply_move_option']); } // Invalid move option if (empty($move_option) || !in_array($move_option, array('existing', 'topic'))) { bbp_add_error('bbp_move_reply_option', __('<strong>ERROR</strong>: You need to choose a valid move option.', 'bbpress')); // Valid move option } else { // What kind of move switch ($move_option) { // Into an existing topic case 'existing': // Get destination topic id if (empty($_POST['bbp_destination_topic'])) { bbp_add_error('bbp_move_reply_destination_id', __('<strong>ERROR</strong>: Destination topic ID not found!', 'bbpress')); } else { $destination_topic_id = (int) $_POST['bbp_destination_topic']; } // Get the destination topic $destination_topic = bbp_get_topic($destination_topic_id); // No destination topic if (empty($destination_topic)) { bbp_add_error('bbp_move_reply_destination_not_found', __('<strong>ERROR</strong>: The topic you want to move to was not found!', 'bbpress')); } // User cannot edit the destination topic if (!current_user_can('edit_topic', $destination_topic->ID)) { bbp_add_error('bbp_move_reply_destination_permission', __('<strong>ERROR</strong>: You do not have the permissions to edit the destination topic!', 'bbpress')); } // Bump the reply position $reply_position = bbp_get_topic_reply_count($destination_topic->ID) + 1; // Update the reply wp_update_post(array('ID' => $move_reply->ID, 'post_title' => sprintf(__('Reply To: %s', 'bbpress'), $destination_topic->post_title), 'post_name' => false, 'post_parent' => $destination_topic->ID, 'menu_order' => $reply_position, 'guid' => '')); // Adjust reply meta values bbp_update_reply_topic_id($move_reply->ID, $destination_topic->ID); bbp_update_reply_forum_id($move_reply->ID, bbp_get_topic_forum_id($destination_topic->ID)); break; // Move reply to a new topic // Move reply to a new topic case 'topic': default: // User needs to be able to publish topics if (current_user_can('publish_topics')) { // Use the new title that was passed if (!empty($_POST['bbp_reply_move_destination_title'])) { $destination_topic_title = esc_attr(strip_tags($_POST['bbp_reply_move_destination_title'])); // Use the source topic title } else { $destination_topic_title = $source_topic->post_title; } // Update the topic $destination_topic_id = wp_update_post(array('ID' => $move_reply->ID, 'post_title' => $destination_topic_title, 'post_name' => false, 'post_type' => bbp_get_topic_post_type(), 'post_parent' => $source_topic->post_parent, 'guid' => '')); $destination_topic = bbp_get_topic($destination_topic_id); // Make sure the new topic knows its a topic bbp_update_topic_topic_id($move_reply->ID); // Shouldn't happen if (false === $destination_topic_id || is_wp_error($destination_topic_id) || empty($destination_topic)) { bbp_add_error('bbp_move_reply_destination_reply', __('<strong>ERROR</strong>: There was a problem converting the reply into the topic. Please try again.', 'bbpress')); } // User cannot publish posts } else { bbp_add_error('bbp_move_reply_destination_permission', __('<strong>ERROR</strong>: You do not have the permissions to create new topics. The reply could not be converted into a topic.', 'bbpress')); } break; } } // Bail if there are errors if (bbp_has_errors()) { return; } /** No Errors - Clean Up **************************************************/ // Update counts, etc... do_action('bbp_pre_move_reply', $move_reply->ID, $source_topic->ID, $destination_topic->ID); /** Date Check ************************************************************/ // Check if the destination topic is older than the move reply if (strtotime($move_reply->post_date) < strtotime($destination_topic->post_date)) { // Set destination topic post_date to 1 second before from reply $destination_post_date = date('Y-m-d H:i:s', strtotime($move_reply->post_date) - 1); // Update destination topic wp_update_post(array('ID' => $destination_topic_id, 'post_date' => $destination_post_date, 'post_date_gmt' => get_gmt_from_date($destination_post_date))); } // Set the last reply ID and freshness to the move_reply $last_reply_id = $move_reply->ID; $freshness = $move_reply->post_date; // Get the reply to $parent = bbp_get_reply_to($move_reply->ID); // Fix orphaned children $children = get_posts(array('post_type' => bbp_get_reply_post_type(), 'meta_key' => '_bbp_reply_to', 'meta_value' => $move_reply->ID)); foreach ($children as $child) { bbp_update_reply_to($child->ID, $parent); } // Remove reply_to from moved reply delete_post_meta($move_reply->ID, '_bbp_reply_to'); // It is a new topic and we need to set some default metas to make // the topic display in bbp_has_topics() list if ('topic' === $move_option) { bbp_update_topic_last_reply_id($destination_topic->ID, $last_reply_id); bbp_update_topic_last_active_id($destination_topic->ID, $last_reply_id); bbp_update_topic_last_active_time($destination_topic->ID, $freshness); // Otherwise update the existing destination topic } else { bbp_update_topic_last_reply_id($destination_topic->ID); bbp_update_topic_last_active_id($destination_topic->ID); bbp_update_topic_last_active_time($destination_topic->ID); } // Update source topic ID last active bbp_update_topic_last_reply_id($source_topic->ID); bbp_update_topic_last_active_id($source_topic->ID); bbp_update_topic_last_active_time($source_topic->ID); /** Successful Move ******************************************************/ // Update counts, etc... do_action('bbp_post_move_reply', $move_reply->ID, $source_topic->ID, $destination_topic->ID); // Redirect back to the topic wp_safe_redirect(bbp_get_topic_permalink($destination_topic->ID)); // For good measure exit; }
/** * Verify if a POST request came from a failed reply attempt. * * Used to avoid cross-site request forgeries when checking posted reply form * content. * * @see bbp_reply_form_fields() * * @since 2.6.0 bbPress (r5558) * * @return boolean True if is a post request with valid nonce */ function bbp_is_reply_form_post_request() { // Bail if not a post request if (!bbp_is_post_request()) { return false; } // Creating a new reply if (bbp_verify_nonce_request('bbp-new-reply')) { return true; } // Editing an existing reply if (bbp_verify_nonce_request('bbp-edit-reply')) { return true; } return false; }
/** * Handles the front end user editing * * @uses is_multisite() To check if it's a multisite * @uses bbp_is_user_home() To check if the user is at home (the display page * is the one of the logged in user) * @uses get_option() To get the displayed user's new email id option * @uses wpdb::prepare() To sanitize our sql query * @uses wpdb::get_var() To execute our query and get back the variable * @uses wpdb::query() To execute our query * @uses wp_update_user() To update the user * @uses delete_option() To delete the displayed user's email id option * @uses bbp_get_user_profile_edit_url() To get the edit profile url * @uses wp_safe_redirect() To redirect to the url * @uses bbp_verify_nonce_request() To verify the nonce and check the request * @uses current_user_can() To check if the current user can edit the user * @uses do_action() Calls 'personal_options_update' or * 'edit_user_options_update' (based on if it's the user home) * with the displayed user id * @uses edit_user() To edit the user based on the post data * @uses get_userdata() To get the user data * @uses is_email() To check if the string is an email id or not * @uses wpdb::get_blog_prefix() To get the blog prefix * @uses is_network_admin() To check if the user is the network admin * @uses is_super_admin() To check if the user is super admin * @uses revoke_super_admin() To revoke super admin priviledges * @uses grant_super_admin() To grant super admin priviledges * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error} */ function bbp_edit_user_handler() { // Bail if not a POST action if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) { return; } // Bail if action is not 'bbp-update-user' if (empty($_POST['action']) || 'bbp-update-user' !== $_POST['action']) { return; } // Get the displayed user ID $user_id = bbp_get_displayed_user_id(); global $wpdb, $user_login, $super_admins; // Execute confirmed email change. See send_confirmation_on_profile_email(). if (is_multisite() && bbp_is_user_home_edit() && isset($_GET['newuseremail'])) { $new_email = get_option($user_id . '_new_email'); if ($new_email['hash'] == $_GET['newuseremail']) { $user = new stdClass(); $user->ID = $user_id; $user->user_email = esc_html(trim($new_email['newemail'])); if ($wpdb->get_var($wpdb->prepare("SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", bbp_get_displayed_user_field('user_login')))) { $wpdb->query($wpdb->prepare("UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, bbp_get_displayed_user_field('user_login'))); } wp_update_user(get_object_vars($user)); delete_option($user_id . '_new_email'); wp_safe_redirect(add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($user_id))); exit; } } elseif (is_multisite() && bbp_is_user_home_edit() && !empty($_GET['dismiss']) && $user_id . '_new_email' == $_GET['dismiss']) { delete_option($user_id . '_new_email'); wp_safe_redirect(add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($user_id))); exit; } // Nonce check if (!bbp_verify_nonce_request('update-user_' . $user_id)) { bbp_add_error('bbp_update_user_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress')); return; } // Cap check if (!current_user_can('edit_user', $user_id)) { bbp_add_error('bbp_update_user_capability', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress')); return; } // Do action based on who's profile you're editing $edit_action = bbp_is_user_home_edit() ? 'personal_options_update' : 'edit_user_profile_update'; do_action($edit_action, $user_id); // Multisite handles the trouble for us ;) if (!is_multisite()) { $edit_user = edit_user($user_id); // Single site means we need to do some manual labor } else { $user = get_userdata($user_id); // Update the email address in signups, if present. if ($user->user_login && isset($_POST['email']) && is_email($_POST['email']) && $wpdb->get_var($wpdb->prepare("SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $user->user_login))) { $wpdb->query($wpdb->prepare("UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $_POST['email'], $user_login)); } // WPMU must delete the user from the current blog if WP added him after editing. $delete_role = false; $blog_prefix = $wpdb->get_blog_prefix(); if ($user_id != $user_id) { $cap = $wpdb->get_var("SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = '{$user_id}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'"); if (!is_network_admin() && null == $cap && $_POST['role'] == '') { $_POST['role'] = 'contributor'; $delete_role = true; } } $edit_user = edit_user($user_id); // stops users being added to current blog when they are edited if (true === $delete_role) { delete_user_meta($user_id, $blog_prefix . 'capabilities'); } if (is_multisite() && is_network_admin() & !bbp_is_user_home_edit() && current_user_can('manage_network_options') && !isset($super_admins) && empty($_POST['super_admin']) == is_super_admin($user_id)) { empty($_POST['super_admin']) ? revoke_super_admin($user_id) : grant_super_admin($user_id); } } // Error(s) editng the user, so copy them into the global if (is_wp_error($edit_user)) { bbpress()->errors = $edit_user; // Successful edit to redirect } elseif (is_integer($edit_user)) { $redirect = add_query_arg(array('updated' => 'true'), bbp_get_user_profile_edit_url($edit_user)); wp_safe_redirect($redirect); exit; } }
/** * Save the Group Forum data on create * * @since bbPress (r3465) */ public function create_screen_save($group_id = 0) { // Nonce check if (!bbp_verify_nonce_request('groups_create_save_' . $this->slug)) { bbp_add_error('bbp_create_group_forum_screen_save', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress')); return; } // Check for possibly empty group_id if (empty($group_id)) { $group_id = bp_get_new_group_id(); } $create_forum = !empty($_POST['bbp-create-group-forum']) ? true : false; $forum_id = 0; $forum_ids = bbp_get_group_forum_ids($group_id); if (!empty($forum_ids)) { $forum_id = (int) is_array($forum_ids) ? $forum_ids[0] : $forum_ids; } // Create a forum, or not switch ($create_forum) { case true: // Bail if initial content was already created if (!empty($forum_id)) { return; } // Set the default forum status switch (bp_get_new_group_status()) { case 'hidden': $status = bbp_get_hidden_status_id(); break; case 'private': $status = bbp_get_private_status_id(); break; case 'public': default: $status = bbp_get_public_status_id(); break; } // Create the initial forum $forum_id = bbp_insert_forum(array('post_parent' => bbp_get_group_forums_root_id(), 'post_title' => bp_get_new_group_name(), 'post_content' => bp_get_new_group_description(), 'post_status' => $status)); // Run the BP-specific functions for new groups $this->new_forum(array('forum_id' => $forum_id)); // Update forum active groups_update_groupmeta(bp_get_new_group_id(), '_bbp_forum_enabled_' . $forum_id, true); // Toggle forum on $this->toggle_group_forum(bp_get_new_group_id(), true); break; case false: // Forum was created but is now being undone if (!empty($forum_id)) { // Delete the forum wp_delete_post($forum_id, true); // Delete meta values groups_delete_groupmeta(bp_get_new_group_id(), 'forum_id'); groups_delete_groupmeta(bp_get_new_group_id(), '_bbp_forum_enabled_' . $forum_id); // Toggle forum off $this->toggle_group_forum(bp_get_new_group_id(), false); } break; } }
/** * Handles the front end edit reply submission * * @uses bbp_add_error() To add an error message * @uses bbp_get_reply() To get the reply * @uses bbp_verify_nonce_request() To verify the nonce and check the request * @uses bbp_is_reply_anonymous() To check if the reply was by an anonymous user * @uses current_user_can() To check if the current user can edit that reply * @uses bbp_filter_anonymous_post_data() To filter anonymous data * @uses is_wp_error() To check if the value retrieved is a {@link WP_Error} * @uses remove_filter() To remove 'wp_filter_kses' filters if needed * @uses esc_attr() For sanitization * @uses apply_filters() Calls 'bbp_edit_reply_pre_title' with the title and * reply id * @uses apply_filters() Calls 'bbp_edit_reply_pre_content' with the content * reply id * @uses wp_set_post_terms() To set the topic tags * @uses bbp_has_errors() To get the {@link WP_Error} errors * @uses wp_save_post_revision() To save a reply revision * @uses bbp_update_reply_revision_log() To update the reply revision log * @uses wp_update_post() To update the reply * @uses bbp_get_reply_topic_id() To get the reply topic id * @uses bbp_get_topic_forum_id() To get the topic forum id * @uses do_action() Calls 'bbp_edit_reply' with the reply id, topic id, forum * id, anonymous data, reply author and bool true (for edit) * @uses bbp_get_reply_url() To get the paginated url to the reply * @uses wp_safe_redirect() To redirect to the reply url * @uses bbPress::errors::get_error_message() To get the {@link WP_Error} error * message */ function bbp_edit_reply_handler() { // Bail if not a POST action if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) { return; } // Bail if action is not bbp-edit-reply if (empty($_POST['action']) || 'bbp-edit-reply' !== $_POST['action']) { return; } // Define local variable(s) $revisions_removed = false; $reply = $reply_id = $reply_author = $topic_id = $forum_id = $anonymous_data = 0; $reply_title = $reply_content = $reply_edit_reason = $terms = ''; /** Reply *****************************************************************/ // Reply id was not passed if (empty($_POST['bbp_reply_id'])) { bbp_add_error('bbp_edit_reply_id', __('<strong>ERROR</strong>: Reply ID not found.', 'bbpress')); return; // Reply id was passed } elseif (is_numeric($_POST['bbp_reply_id'])) { $reply_id = (int) $_POST['bbp_reply_id']; $reply = bbp_get_reply($reply_id); } // Nonce check if (!bbp_verify_nonce_request('bbp-edit-reply_' . $reply_id)) { bbp_add_error('bbp_edit_reply_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress')); return; } // Reply does not exist if (empty($reply)) { bbp_add_error('bbp_edit_reply_not_found', __('<strong>ERROR</strong>: The reply you want to edit was not found.', 'bbpress')); return; // Reply exists } else { // Check users ability to create new reply if (!bbp_is_reply_anonymous($reply_id)) { // User cannot edit this reply if (!current_user_can('edit_reply', $reply_id)) { bbp_add_error('bbp_edit_reply_permissions', __('<strong>ERROR</strong>: You do not have permission to edit that reply.', 'bbpress')); return; } // Set reply author $reply_author = bbp_get_reply_author_id($reply_id); // It is an anonymous post } else { // Filter anonymous data $anonymous_data = bbp_filter_anonymous_post_data(); } } // Remove wp_filter_kses filters from title and content for capable users and if the nonce is verified if (current_user_can('unfiltered_html') && !empty($_POST['_bbp_unfiltered_html_reply']) && wp_create_nonce('bbp-unfiltered-html-reply_' . $reply_id) == $_POST['_bbp_unfiltered_html_reply']) { remove_filter('bbp_edit_reply_pre_title', 'wp_filter_kses'); remove_filter('bbp_edit_reply_pre_content', 'wp_filter_kses'); } /** Reply Topic ***********************************************************/ $topic_id = bbp_get_reply_topic_id($reply_id); /** Topic Forum ***********************************************************/ $forum_id = bbp_get_topic_forum_id($topic_id); // Forum exists if (!empty($forum_id) && $forum_id !== bbp_get_reply_forum_id($reply_id)) { // Forum is a category if (bbp_is_forum_category($forum_id)) { bbp_add_error('bbp_edit_reply_forum_category', __('<strong>ERROR</strong>: This forum is a category. No topics or replies can be created in it.', 'bbpress')); } // Forum is closed and user cannot access if (bbp_is_forum_closed($forum_id) && !current_user_can('edit_forum', $forum_id)) { bbp_add_error('bbp_edit_reply_forum_closed', __('<strong>ERROR</strong>: This forum has been closed to new topics and replies.', 'bbpress')); } // Forum is private and user cannot access if (bbp_is_forum_private($forum_id) && !current_user_can('read_private_forums')) { bbp_add_error('bbp_edit_reply_forum_private', __('<strong>ERROR</strong>: This forum is private and you do not have the capability to read or create new replies in it.', 'bbpress')); } // Forum is hidden and user cannot access if (bbp_is_forum_hidden($forum_id) && !current_user_can('read_hidden_forums')) { bbp_add_error('bbp_edit_reply_forum_hidden', __('<strong>ERROR</strong>: This forum is hidden and you do not have the capability to read or create new replies in it.', 'bbpress')); } } /** Reply Title ***********************************************************/ if (!empty($_POST['bbp_reply_title'])) { $reply_title = esc_attr(strip_tags($_POST['bbp_reply_title'])); } // Filter and sanitize $reply_title = apply_filters('bbp_edit_reply_pre_title', $reply_title, $reply_id); /** Reply Content *********************************************************/ if (!empty($_POST['bbp_reply_content'])) { $reply_content = $_POST['bbp_reply_content']; } // Filter and sanitize $reply_content = apply_filters('bbp_edit_reply_pre_content', $reply_content, $reply_id); // No reply content if (empty($reply_content)) { bbp_add_error('bbp_edit_reply_content', __('<strong>ERROR</strong>: Your reply cannot be empty.', 'bbpress')); } /** Reply Blacklist *******************************************************/ if (!bbp_check_for_blacklist($anonymous_data, $reply_author, $reply_title, $reply_content)) { bbp_add_error('bbp_reply_blacklist', __('<strong>ERROR</strong>: Your reply cannot be edited at this time.', 'bbpress')); } /** Reply Status **********************************************************/ // Maybe put into moderation if (!bbp_check_for_moderation($anonymous_data, $reply_author, $reply_title, $reply_content)) { // Set post status to pending if public if (bbp_get_public_status_id() == $reply->post_status) { $reply_status = bbp_get_pending_status_id(); } // Use existing post_status } else { $reply_status = $reply->post_status; } /** Topic Tags ************************************************************/ // Either replace terms if (bbp_allow_topic_tags() && current_user_can('assign_topic_tags') && !empty($_POST['bbp_topic_tags'])) { $terms = esc_attr(strip_tags($_POST['bbp_topic_tags'])); // ...or remove them. } elseif (isset($_POST['bbp_topic_tags'])) { $terms = ''; // Existing terms } else { $terms = bbp_get_topic_tag_names($topic_id); } /** Additional Actions (Before Save) **************************************/ do_action('bbp_edit_reply_pre_extras', $reply_id); // Bail if errors if (bbp_has_errors()) { return; } /** No Errors *************************************************************/ // Add the content of the form to $reply_data as an array // Just in time manipulation of reply data before being edited $reply_data = apply_filters('bbp_edit_reply_pre_insert', array('ID' => $reply_id, 'post_title' => $reply_title, 'post_content' => $reply_content, 'post_status' => $reply_status, 'post_parent' => $topic_id, 'post_author' => $reply_author, 'post_type' => bbp_get_reply_post_type())); // Toggle revisions to avoid duplicates if (post_type_supports(bbp_get_reply_post_type(), 'revisions')) { $revisions_removed = true; remove_post_type_support(bbp_get_reply_post_type(), 'revisions'); } // Insert topic $reply_id = wp_update_post($reply_data); // Toggle revisions back on if (true === $revisions_removed) { $revisions_removed = true; add_post_type_support(bbp_get_reply_post_type(), 'revisions'); } /** Topic Tags ************************************************************/ // Just in time manipulation of reply terms before being edited $terms = apply_filters('bbp_edit_reply_pre_set_terms', $terms, $topic_id, $reply_id); // Insert terms $terms = wp_set_post_terms($topic_id, $terms, bbp_get_topic_tag_tax_id(), false); // Term error if (is_wp_error($terms)) { bbp_add_error('bbp_reply_tags', __('<strong>ERROR</strong>: There was a problem adding the tags to the topic.', 'bbpress')); } /** Revisions *************************************************************/ // Revision Reason if (!empty($_POST['bbp_reply_edit_reason'])) { $reply_edit_reason = esc_attr(strip_tags($_POST['bbp_reply_edit_reason'])); } // Update revision log if (!empty($_POST['bbp_log_reply_edit']) && 1 == $_POST['bbp_log_reply_edit']) { $revision_id = wp_is_post_revision($reply_id); if (!empty($revision_id)) { bbp_update_reply_revision_log(array('reply_id' => $reply_id, 'revision_id' => $revision_id, 'author_id' => bbp_get_current_user_id(), 'reason' => $reply_edit_reason)); } } /** No Errors *************************************************************/ if (!empty($reply_id) && !is_wp_error($reply_id)) { // Update counts, etc... do_action('bbp_edit_reply', $reply_id, $topic_id, $forum_id, $anonymous_data, $reply_author, true); /** Additional Actions (After Save) ***********************************/ do_action('bbp_edit_reply_post_extras', $reply_id); /** Redirect **********************************************************/ // Redirect to $redirect_to = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : ''; // Get the reply URL $reply_url = bbp_get_reply_url($reply_id, $redirect_to); // Allow to be filtered $reply_url = apply_filters('bbp_edit_reply_redirect_to', $reply_url, $redirect_to); /** Successful Edit ***************************************************/ // Redirect back to new reply wp_safe_redirect($reply_url); // For good measure exit; /** Errors ****************************************************************/ } else { $append_error = is_wp_error($reply_id) && $reply_id->get_error_message() ? $reply_id->get_error_message() . ' ' : ''; bbp_add_error('bbp_reply_error', __('<strong>ERROR</strong>: The following problem(s) have been found with your reply:' . $append_error . 'Please try again.', 'bbpress')); } }
/** * Handles user email address updating from GET requests * * @since 2.6.0 bbPress (r5660) * * @param string $action * * @uses bbp_is_user_home_edit() To check if on the current users profile edit page * @uses bbp_get_displayed_user_id() To get the ID of the user being edited * @uses bbp_get_user_profile_edit_url() To get the URL of the user being edited * @uses bbp_redirect() To redirect away from the current page * @uses hash_equals() To compare email hash to saved option hash * @uses email_exists() To check if user has email address already * @uses bbp_add_error() To add user feedback * @uses wp_update_user() To update the user with their new email address * @uses bbp_verify_nonce_request() To verify the intent of the user */ function bbp_user_email_change_handler($action = '') { // Bail if action is not `bbp-update-user-email` if ('bbp-update-user-email' !== $action) { return; } // Bail if not on users own profile if (!bbp_is_user_home_edit()) { return; } // Bail if not attempting to modify user email address if (empty($_GET['newuseremail']) && empty($_GET['dismiss'])) { return; } // Get the displayed user ID & option key $user_id = bbp_get_displayed_user_id(); $key = $user_id . '_new_email'; $redirect_to = bbp_get_user_profile_edit_url($user_id); // Execute confirmed email change. if (!empty($_GET['newuseremail'])) { // Check for email address change option $new_email = get_option($key); // Redirect if *no* email address change exists if (false === $new_email) { bbp_redirect($redirect_to); } // Cleanup & redirect if *invalid* email address change exists if (empty($new_email['hash']) || empty($new_email['newemail'])) { delete_option($key); bbp_redirect($redirect_to); } // Compare hashes, and update user if hashes match if (hash_equals($new_email['hash'], $_GET['newuseremail'])) { // Does another user have this email address already? if (email_exists($new_email['newemail'])) { delete_option($key); bbp_add_error('bbp_user_email_taken', __('<strong>ERROR</strong>: That email address is already in use.', 'bbpress'), array('form-field' => 'email')); // Email address is good to change to } else { // Create a stdClass (for easy call to wp_update_user()) $user = new stdClass(); $user->ID = $user_id; $user->user_email = esc_html(trim($new_email['newemail'])); // Attempt to update user email $update_user = wp_update_user($user); // Error(s) editing the user, so copy them into the global if (is_wp_error($update_user)) { bbpress()->errors = $update_user; // All done, so redirect and show the updated message } else { // Update signups table, if signups table & entry exists // For Multisite & BuddyPress compatibility $bbp_db = bbp_db(); if (!empty($bbp_db->signups) && $bbp_db->get_var($bbp_db->prepare("SELECT user_login FROM {$bbp_db->signups} WHERE user_login = %s", bbp_get_displayed_user_field('user_login', 'raw')))) { $bbp_db->query($bbp_db->prepare("UPDATE {$bbp_db->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, bbp_get_displayed_user_field('user_login', 'raw'))); } delete_option($key); bbp_redirect(add_query_arg(array('updated' => 'true'), $redirect_to)); } } } // Delete new email address from user options } elseif (!empty($_GET['dismiss']) && $key === $_GET['dismiss']) { if (!bbp_verify_nonce_request("dismiss-{$key}")) { bbp_add_error('bbp_dismiss_new_email_nonce', __('<strong>ERROR</strong>: Are you sure you wanted to do that?', 'bbpress')); return; } delete_option($key); bbp_redirect($redirect_to); } }