Skip to:
Content

BuddyPress.org

Ticket #2599: 2599.2.diff

File 2599.2.diff, 14.7 KB (added by kawauso, 10 years ago)

Everyone has to die() sometime

  • bp-core/bp-core-cssjs.php

     
    185185        global $bp;
    186186?>
    187187
    188         <script type="text/javascript">var ajaxurl = "<?php echo site_url( 'wp-load.php' ); ?>";</script>
     188        <script type="text/javascript">var ajaxurl = "<?php echo admin_url( 'admin-ajax.php' ) ?>";</script>
    189189
    190190<?php
    191191}
  • bp-core/bp-core-functions.php

     
    634634        if ( !defined( 'WP_ADMIN' ) && isset( $_REQUEST['action'] ) )
    635635                do_action( 'wp_ajax_' . $_REQUEST['action'] );
    636636}
    637 add_action( 'bp_init', 'bp_core_add_ajax_hook' );
     637//add_action( 'bp_init', 'bp_core_add_ajax_hook' );
    638638
    639639/**
    640640 * When switching from single to multisite we need to copy blog options to
  • bp-core/bp-core-widgets.php

     
    313313                <?php _e( 'There were no members found, please try another filter.', 'buddypress' ) ?>
    314314                <?php echo "</li>"; ?>
    315315        <?php endif;
     316       
     317        die();
    316318}
    317319add_action( 'wp_ajax_widget_members', 'bp_core_ajax_widget_members' );
     320add_action( 'wp_ajax_nopriv_widget_members', 'bp_core_ajax_widget_members' );
    318321
    319322?>
     323 No newline at end of file
  • bp-groups/bp-groups-widgets.php

     
    183183
    184184        <?php endif;
    185185
     186        die();
    186187}
    187188add_action( 'wp_ajax_widget_groups_list', 'groups_ajax_widget_groups_list' );
    188 ?>
     189add_action( 'wp_ajax_nopriv_widget_groups_list', 'groups_ajax_widget_groups_list' );
     190
     191?>
     192 No newline at end of file
  • bp-themes/bp-default/_inc/ajax.php

     
    2121        global $bp;
    2222
    2323        if ( empty( $object ) )
    24                 return false;
     24                die(); // return false
    2525
    2626        /* Set up the cookies passed on this AJAX request. Store a local var to avoid conflicts */
    2727        if ( !empty( $_POST['cookie'] ) )
     
    8888function bp_dtheme_object_template_loader() {
    8989        $object = esc_attr( $_POST['object'] );
    9090        locate_template( array( "$object/$object-loop.php" ), true );
     91        die();
    9192}
    9293add_action( 'wp_ajax_members_filter', 'bp_dtheme_object_template_loader' );
    9394add_action( 'wp_ajax_groups_filter', 'bp_dtheme_object_template_loader' );
    9495add_action( 'wp_ajax_blogs_filter', 'bp_dtheme_object_template_loader' );
    9596add_action( 'wp_ajax_forums_filter', 'bp_dtheme_object_template_loader' );
     97add_action( 'wp_ajax_nopriv_members_filter', 'bp_dtheme_object_template_loader' );
     98add_action( 'wp_ajax_nopriv_groups_filter', 'bp_dtheme_object_template_loader' );
     99add_action( 'wp_ajax_nopriv_blogs_filter', 'bp_dtheme_object_template_loader' );
     100add_action( 'wp_ajax_nopriv_forums_filter', 'bp_dtheme_object_template_loader' );
    96101
    97102// This function will load the activity loop template when activity is requested via AJAX
    98103function bp_dtheme_activity_template_loader() {
     
    125130        ob_end_clean();
    126131
    127132        echo json_encode( $result );
     133        die();
    128134}
    129135add_action( 'wp_ajax_activity_widget_filter', 'bp_dtheme_activity_template_loader' );
    130136add_action( 'wp_ajax_activity_get_older_updates', 'bp_dtheme_activity_template_loader' );
     137add_action( 'wp_ajax_nopriv_activity_widget_filter', 'bp_dtheme_activity_template_loader' );
     138add_action( 'wp_ajax_nopriv_activity_get_older_updates', 'bp_dtheme_activity_template_loader' );
    131139
    132140/* AJAX update posting */
    133141function bp_dtheme_post_update() {
     
    136144        /* Check the nonce */
    137145        check_admin_referer( 'post_update', '_wpnonce_post_update' );
    138146
    139         if ( !is_user_logged_in() ) {
    140                 echo '-1';
    141                 return false;
    142         }
    143 
    144147        if ( empty( $_POST['content'] ) ) {
    145148                echo '-1<div id="message" class="error"><p>' . __( 'Please enter some content to post.', 'buddypress' ) . '</p></div>';
    146                 return false;
     149                die(); // return false
    147150        }
    148151
    149152        if ( empty( $_POST['object'] ) && bp_is_active( 'activity' ) ) {
     
    156159
    157160        if ( !$activity_id ) {
    158161                echo '-1<div id="message" class="error"><p>' . __( 'There was a problem posting your update, please try again.', 'buddypress' ) . '</p></div>';
    159                 return false;
     162                die(); // return false
    160163        }
    161164
    162165        if ( bp_has_activities ( 'include=' . $activity_id ) ) : ?>
     
    164167                        <?php locate_template( array( 'activity/entry.php' ), true ) ?>
    165168                <?php endwhile; ?>
    166169         <?php endif;
     170
     171        die();
    167172}
    168173add_action( 'wp_ajax_post_update', 'bp_dtheme_post_update' );
    169174
     
    174179        /* Check the nonce */
    175180        check_admin_referer( 'new_activity_comment', '_wpnonce_new_activity_comment' );
    176181
    177         if ( !is_user_logged_in() ) {
    178                 echo '-1';
    179                 return false;
    180         }
    181 
    182182        if ( empty( $_POST['content'] ) ) {
    183183                echo '-1<div id="message" class="error"><p>' . __( 'Please do not leave the comment area blank.', 'buddypress' ) . '</p></div>';
    184                 return false;
     184                die(); // return false
    185185        }
    186186
    187187        if ( empty( $_POST['form_id'] ) || empty( $_POST['comment_id'] ) || !is_numeric( $_POST['form_id'] ) || !is_numeric( $_POST['comment_id'] ) ) {
    188188                echo '-1<div id="message" class="error"><p>' . __( 'There was an error posting that reply, please try again.', 'buddypress' ) . '</p></div>';
    189                 return false;
     189                die(); // return false
    190190        }
    191191
    192192        $comment_id = bp_activity_new_comment( array(
     
    197197
    198198        if ( !$comment_id ) {
    199199                echo '-1<div id="message" class="error"><p>' . __( 'There was an error posting that reply, please try again.', 'buddypress' ) . '</p></div>';
    200                 return false;
     200                die(); // return false
    201201        }
    202202
    203203        if ( bp_has_activities ( 'display_comments=stream&include=' . $comment_id ) ) : ?>
     
    219219                        </li>
    220220                <?php endwhile; ?>
    221221         <?php endif;
     222
     223        die();
    222224}
    223225add_action( 'wp_ajax_new_activity_comment', 'bp_dtheme_new_activity_comment' );
    224226
     
    229231        // Check the nonce
    230232        check_admin_referer( 'bp_activity_delete_link' );
    231233
    232         if ( !is_user_logged_in() ) {
    233                 echo '-1';
    234                 return false;
    235         }
    236 
    237234        if ( empty( $_POST['id'] ) || !is_numeric( $_POST['id'] ) )
    238                 return false;
     235                die(); // return false
    239236
    240237        $activity = new BP_Activity_Activity( $_POST['id'] );
    241238
    242239        // Check access
    243240        if ( !is_super_admin() && $activity->user_id != $bp->loggedin_user->id )
    244                 return false;
     241                die(); // return false
    245242
    246243        // Call the action before the delete so plugins can still fetch information about it
    247244        do_action( 'bp_activity_before_action_delete_activity', $_POST['id'], $activity->user_id );
    248245
    249246        if ( !bp_activity_delete( array( 'id' => $_POST['id'], 'user_id' => $activity->user_id ) ) ) {
    250247                echo '-1<div id="message" class="error"><p>' . __( 'There was a problem when deleting. Please try again.', 'buddypress' ) . '</p></div>';
    251                 return false;
     248                die(); // return false
    252249        }
    253250
    254251        do_action( 'bp_activity_action_delete_activity', $_POST['id'], $activity->user_id );
    255252
    256         return true;
     253        die(); // return true
    257254}
    258255add_action( 'wp_ajax_delete_activity', 'bp_dtheme_delete_activity' );
    259256
     
    264261        /* Check the nonce */
    265262        check_admin_referer( 'bp_activity_delete_link' );
    266263
    267         if ( !is_user_logged_in() ) {
    268                 echo '-1';
    269                 return false;
    270         }
    271 
    272264        $comment = new BP_Activity_Activity( $_POST['id'] );
    273265
    274266        /* Check access */
    275267        if ( !is_super_admin() && $comment->user_id != $bp->loggedin_user->id )
    276                 return false;
     268                die(); // return false
    277269
    278270        if ( empty( $_POST['id'] ) || !is_numeric( $_POST['id'] ) )
    279                 return false;
     271                die(); // return false
    280272
    281273        /* Call the action before the delete so plugins can still fetch information about it */
    282274        do_action( 'bp_activity_before_action_delete_activity', $_POST['id'], $comment->user_id );
    283275
    284276        if ( !bp_activity_delete_comment( $comment->item_id, $comment->id ) ) {
    285277                echo '-1<div id="message" class="error"><p>' . __( 'There was a problem when deleting. Please try again.', 'buddypress' ) . '</p></div>';
    286                 return false;
     278                die(); // return false
    287279        }
    288280
    289281        do_action( 'bp_activity_action_delete_activity', $_POST['id'], $comment->user_id );
    290282
    291         return true;
     283        die(); // return true
    292284}
    293285add_action( 'wp_ajax_delete_activity_comment', 'bp_dtheme_delete_activity_comment' );
    294286
    295287/* AJAX mark an activity as a favorite */
    296288function bp_dtheme_mark_activity_favorite() {
    297         global $bp;
    298 
    299289        bp_activity_add_user_favorite( $_POST['id'] );
    300290        _e( 'Remove Favorite', 'buddypress' );
     291        die();
    301292}
    302293add_action( 'wp_ajax_activity_mark_fav', 'bp_dtheme_mark_activity_favorite' );
    303294
    304295/* AJAX mark an activity as not a favorite */
    305296function bp_dtheme_unmark_activity_favorite() {
    306         global $bp;
    307 
    308297        bp_activity_remove_user_favorite( $_POST['id'] );
    309298        _e( 'Favorite', 'buddypress' );
     299        die();
    310300}
    311301add_action( 'wp_ajax_activity_mark_unfav', 'bp_dtheme_unmark_activity_favorite' );
    312302
     
    317307        check_ajax_referer( 'groups_invite_uninvite_user' );
    318308
    319309        if ( !$_POST['friend_id'] || !$_POST['friend_action'] || !$_POST['group_id'] )
    320                 return false;
     310                die(); // return false
    321311
    322312        if ( !groups_is_user_admin( $bp->loggedin_user->id, $_POST['group_id'] ) )
    323                 return false;
     313                die(); // return false
    324314
    325315        if ( !friends_check_friendship( $bp->loggedin_user->id, $_POST['friend_id'] ) )
    326                 return false;
     316                die(); // return false
    327317
    328318        if ( 'invite' == $_POST['friend_action'] ) {
    329319
    330320                if ( !groups_invite_user( array( 'user_id' => $_POST['friend_id'], 'group_id' => $_POST['group_id'] ) ) )
    331                         return false;
     321                        die(); // return false
    332322
    333323                $user = new BP_Core_User( $_POST['friend_id'] );
    334324
     
    344334        } else if ( 'uninvite' == $_POST['friend_action'] ) {
    345335
    346336                if ( !groups_uninvite_user( $_POST['friend_id'], $_POST['group_id'] ) )
    347                         return false;
     337                        die(); // return false
    348338
    349                 return true;
     339                die(); // return true
    350340
    351341        } else {
    352                 return false;
     342                die(); // return false
    353343        }
    354344}
    355345add_action( 'wp_ajax_groups_invite_user', 'bp_dtheme_ajax_invite_user' );
     
    381371                echo __( 'Request Pending', 'buddypress' );
    382372        }
    383373
    384         return false;
     374        die(); // return false
    385375}
    386376add_action( 'wp_ajax_addremove_friend', 'bp_dtheme_ajax_addremove_friend' );
    387377
     
    392382        if ( !friends_accept_friendship( $_POST['id'] ) )
    393383                echo "-1<div id='message' class='error'><p>" . __( 'There was a problem accepting that request. Please try again.', 'buddypress' ) . '</p></div>';
    394384
    395         return true;
     385        die(); // return true
    396386}
    397387add_action( 'wp_ajax_accept_friendship', 'bp_dtheme_ajax_accept_friendship' );
    398388
     
    403393        if ( !friends_reject_friendship( $_POST['id'] ) )
    404394                echo "-1<div id='message' class='error'><p>" . __( 'There was a problem rejecting that request. Please try again.', 'buddypress' ) . '</p></div>';
    405395
    406         return true;
     396        die(); // return true
    407397}
    408398add_action( 'wp_ajax_reject_friendship', 'bp_dtheme_ajax_reject_friendship' );
    409399
     
    412402        global $bp;
    413403
    414404        if ( groups_is_user_banned( $bp->loggedin_user->id, $_POST['gid'] ) )
    415                 return false;
     405                die(); // return false
    416406
    417407        if ( !$group = new BP_Groups_Group( $_POST['gid'], false, false ) )
    418                 return false;
     408                die(); // return false
    419409
    420410        if ( !groups_is_user_member( $bp->loggedin_user->id, $group->id ) ) {
    421411
     
    454444                        }
    455445                }
    456446        }
     447
     448        die();
    457449}
    458450add_action( 'wp_ajax_joinleave_group', 'bp_dtheme_ajax_joinleave_group' );
    459451
     
    470462
    471463                update_user_meta( $userdata->ID, 'closed_notices', $notice_ids );
    472464        }
     465
     466        die();
    473467}
    474468add_action( 'wp_ajax_messages_close_notice', 'bp_dtheme_ajax_close_notice' );
    475469
     
    506500        } else {
    507501                echo "-1<div id='message' class='error'><p>" . __( 'There was a problem sending that reply. Please try again.', 'buddypress' ) . '</p></div>';
    508502        }
     503
     504        die();
    509505}
    510506add_action( 'wp_ajax_messages_send_reply', 'bp_dtheme_ajax_messages_send_reply' );
    511507
    512508/* AJAX mark a private message as unread in your inbox */
    513509function bp_dtheme_ajax_message_markunread() {
    514         global $bp;
    515 
    516510        if ( !isset($_POST['thread_ids']) ) {
    517511                echo "-1<div id='message' class='error'><p>" . __('There was a problem marking messages as unread.', 'buddypress' ) . '</p></div>';
    518512        } else {
     
    522516                        BP_Messages_Thread::mark_as_unread($thread_ids[$i]);
    523517                }
    524518        }
     519
     520        die();
    525521}
    526522add_action( 'wp_ajax_messages_markunread', 'bp_dtheme_ajax_message_markunread' );
    527523
    528524/* AJAX mark a private message as read in your inbox */
    529525function bp_dtheme_ajax_message_markread() {
    530         global $bp;
    531 
    532526        if ( !isset($_POST['thread_ids']) ) {
    533527                echo "-1<div id='message' class='error'><p>" . __('There was a problem marking messages as read.', 'buddypress' ) . '</p></div>';
    534528        } else {
     
    538532                        BP_Messages_Thread::mark_as_read($thread_ids[$i]);
    539533                }
    540534        }
     535
     536        die();
    541537}
    542538add_action( 'wp_ajax_messages_markread', 'bp_dtheme_ajax_message_markread' );
    543539
    544540/* AJAX delete a private message or array of messages in your inbox */
    545541function bp_dtheme_ajax_messages_delete() {
    546         global $bp;
    547 
    548542        if ( !isset($_POST['thread_ids']) ) {
    549543                echo "-1<div id='message' class='error'><p>" . __( 'There was a problem deleting messages.', 'buddypress' ) . '</p></div>';
    550544        } else {
     
    555549
    556550                _e('Messages deleted.', 'buddypress');
    557551        }
     552
     553        die();
    558554}
    559555add_action( 'wp_ajax_messages_delete', 'bp_dtheme_ajax_messages_delete' );
    560556
     
    612608                        ';
    613609                }
    614610        }
     611
     612        die();
    615613}
    616614add_action( 'wp_ajax_messages_autocomplete_results', 'bp_dtheme_ajax_messages_autocomplete_results' );
    617615
  • bp-xprofile/bp-xprofile-admin.php

     
    308308 Handles the ajax reordering of fields within a group
    309309**************************************************************************/
    310310function xprofile_ajax_reorder_fields() {
    311         global $bp;
    312 
    313311        // Check the nonce
    314312        check_admin_referer( 'bp_reorder_fields', '_wpnonce_reorder_fields' );
    315313
     
    322320        foreach ( (array) $order['field'] as $position => $field_id )
    323321                xprofile_update_field_position( (int) $field_id, (int) $position, (int) $field_group_id );
    324322
     323        die();
    325324}
    326325add_action( 'wp_ajax_xprofile_reorder_fields', 'xprofile_ajax_reorder_fields' );
    327326
     
    331330 Handles the reordering of field groups
    332331**************************************************************************/
    333332function xprofile_ajax_reorder_field_groups() {
    334         global $bp;
    335 
    336333        // Check the nonce
    337334        check_admin_referer( 'bp_reorder_groups', '_wpnonce_reorder_groups' );
    338335
     
    344341        foreach ( (array) $order['group'] as $position => $field_group_id )
    345342                xprofile_update_field_group_position( (int) $field_group_id, (int) $position );
    346343
     344        die();
    347345}
    348346add_action( 'wp_ajax_xprofile_reorder_groups', 'xprofile_ajax_reorder_field_groups' );
    349347