示例#1
0
 /**
  * Makes sure that a user was referred from another admin page.
  *
  * To avoid security exploits.
  *
  * @since 1.2.0
  * @uses do_action() Calls 'check_admin_referer' on $action.
  *
  * @param string $action Action nonce
  * @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
  */
 function check_admin_referer($action = -1, $query_arg = '_nxtnonce')
 {
     if (-1 == $action) {
         _doing_it_wrong(__FUNCTION__, __('You should specify a nonce action to be verified by using the first parameter.'), '3.2');
     }
     $adminurl = strtolower(admin_url());
     $referer = strtolower(nxt_get_referer());
     $result = isset($_REQUEST[$query_arg]) ? nxt_verify_nonce($_REQUEST[$query_arg], $action) : false;
     if (!$result && !(-1 == $action && strpos($referer, $adminurl) === 0)) {
         nxt_nonce_ays($action);
         die;
     }
     do_action('check_admin_referer', $action, $result);
     return $result;
 }
示例#2
0
/**
 * Loads the create Achievement page. Also implements controller logic.
 *
 * @global DPA_Achievement_Template $achievements_template Achievements template tag object
 * @global nxt_Error $achievements_errors Achievement creation error object
 * @global object $bp BuddyPress global settings
 * @since 2.0
 * @uses DPA_Achievement
 */
function dpa_screen_achievement_create()
{
    global $achievements_template, $achievements_errors, $bp, $current_blog;
    if (!bp_is_current_component($bp->achievements->slug) || DPA_SLUG_CREATE != $bp->current_action || !dpa_permission_can_user_create()) {
        return;
    }
    $bp->achievements->current_achievement = new DPA_Achievement();
    $achievement =& $bp->achievements->current_achievement;
    // Has form been submitted?
    if (empty($_POST['achievement-create'])) {
        $achievement->points = '';
        $achievement->action_count = 1;
        $achievement->is_active = 1;
        do_action('dpa_screen_achievement_create', $achievement);
        bp_core_load_template(apply_filters('dpa_screen_achievement_create_template', 'achievements/create'));
        return;
    }
    if (!nxt_verify_nonce($_POST['_nxtnonce'], 'achievement-create')) {
        nxt_nonce_ays('');
        die;
    }
    /* We can't use template tags because if the new details fail validation and do not save, the template loop will fetch the old version. */
    if ('badge' == stripslashes($_POST['achievement_type'])) {
        $achievement->action_count = 1;
        $achievement->action_id = -1;
    } else {
        $achievement->action_count = (int) $_POST['action_count'];
        $achievement->action_id = (int) $_POST['action_id'];
    }
    if (is_multisite() && bp_is_active('blogs')) {
        $achievement->site_id = (int) $_POST['site_id'];
    } else {
        $achievement->site_id = BP_ROOT_BLOG;
    }
    if (bp_is_active('groups')) {
        $achievement->group_id = (int) $_POST['group_id'];
    } else {
        $achievement->group_id = -1;
    }
    if (!empty($_POST['is_hidden'])) {
        $achievement->is_active = 2;
    } elseif (!empty($_POST['is_active'])) {
        $achievement->is_active = 1;
    } else {
        $achievement->is_active = 0;
    }
    $achievement->name = stripslashes($_POST['name']);
    $achievement->description = stripslashes($_POST['description']);
    $achievement->points = (int) $_POST['points'];
    $achievement->slug = stripslashes($_POST['slug']);
    $achievement->picture_id = -1;
    // A pictures is chosen on its own page, after creation.
    $achievements_errors = $achievement->save();
    if (!is_nxt_error($achievements_errors)) {
        $achievements_template->achievement = $achievement;
        // Required for dpa_record_activity()
        if (1 == $achievement->is_active) {
            dpa_record_activity($bp->loggedin_user->id, dpa_format_activity($bp->loggedin_user->id, $achievement->id), $achievement->id, 'achievement_created');
        }
        bp_core_add_message(__("Achievement created succesfully!", 'dpa'));
        do_action('dpa_screen_achievement_create_success', $achievement);
        if (dpa_permission_can_user_change_picture()) {
            bp_core_redirect(dpa_get_achievements_permalink() . '/' . $achievement->slug . '/' . DPA_SLUG_ACHIEVEMENT_CHANGE_PICTURE);
        } else {
            bp_core_redirect(dpa_get_achievements_permalink() . '/' . $achievement->slug);
        }
    } else {
        if (!$achievement->points) {
            $achievement->points = '';
        }
        if (!$achievement->action_count) {
            $achievement->action_count = '';
        }
        do_action('dpa_screen_achievement_create_fail', $achievement, $achievements_errors);
        bp_core_add_message(__('An error has occurred and the Achievement has not been created. See below for details.', 'dpa'), 'error');
        bp_core_load_template(apply_filters('dpa_screen_achievement_create_template', 'achievements/create'));
    }
}