Skip to:
Content

BuddyPress.org

Ticket #2599: 2599.3.diff

File 2599.3.diff, 14.6 KB (added by kawauso, 10 years ago)

Refresh. Won't cover any new AJAX calls since last patch.

  • bp-core/bp-core-cssjs.php

     
    164164        global $bp;
    165165?>
    166166
    167         <script type="text/javascript">var ajaxurl = "<?php echo site_url( 'wp-load.php' ); ?>";</script>
     167        <script type="text/javascript">var ajaxurl = "<?php echo admin_url( 'admin-ajax.php' ) ?>";</script>
    168168
    169169<?php
    170170}
  • bp-core/bp-core-functions.php

     
    867867        if ( !defined( 'WP_ADMIN' ) && isset( $_REQUEST['action'] ) )
    868868                do_action( 'wp_ajax_' . $_REQUEST['action'] );
    869869}
    870 add_action( 'bp_init', 'bp_core_add_ajax_hook' );
    871870
    872871/**
    873872 * When switching from single to multisite we need to copy blog options to
  • bp-core/bp-core-widgets.php

     
    328328                <?php _e( 'There were no members found, please try another filter.', 'buddypress' ) ?>
    329329                <?php echo "</li>"; ?>
    330330        <?php endif;
     331       
     332        die();
    331333}
    332334add_action( 'wp_ajax_widget_members', 'bp_core_ajax_widget_members' );
     335add_action( 'wp_ajax_nopriv_widget_members', 'bp_core_ajax_widget_members' );
    333336
    334337?>
     338 No newline at end of file
  • bp-groups/bp-groups-widgets.php

     
    187187
    188188        <?php endif;
    189189
     190        die();
    190191}
    191192add_action( 'wp_ajax_widget_groups_list', 'groups_ajax_widget_groups_list' );
     193add_action( 'wp_ajax_nopriv_widget_groups_list', 'groups_ajax_widget_groups_list' );
     194
    192195?>
  • bp-themes/bp-default/_inc/ajax.php

     
    1818        global $bp;
    1919
    2020        if ( empty( $object ) )
    21                 return false;
     21                die(); // return false
    2222
    2323        /* Set up the cookies passed on this AJAX request. Store a local var to avoid conflicts */
    2424        if ( !empty( $_POST['cookie'] ) )
     
    8585function bp_dtheme_object_template_loader() {
    8686        $object = esc_attr( $_POST['object'] );
    8787        locate_template( array( "$object/$object-loop.php" ), true );
     88        die();
    8889}
    8990add_action( 'wp_ajax_members_filter', 'bp_dtheme_object_template_loader' );
    9091add_action( 'wp_ajax_groups_filter', 'bp_dtheme_object_template_loader' );
    9192add_action( 'wp_ajax_blogs_filter', 'bp_dtheme_object_template_loader' );
    9293add_action( 'wp_ajax_forums_filter', 'bp_dtheme_object_template_loader' );
     94add_action( 'wp_ajax_nopriv_members_filter', 'bp_dtheme_object_template_loader' );
     95add_action( 'wp_ajax_nopriv_groups_filter', 'bp_dtheme_object_template_loader' );
     96add_action( 'wp_ajax_nopriv_blogs_filter', 'bp_dtheme_object_template_loader' );
     97add_action( 'wp_ajax_nopriv_forums_filter', 'bp_dtheme_object_template_loader' );
    9398
    9499// This function will load the activity loop template when activity is requested via AJAX
    95100function bp_dtheme_activity_template_loader() {
     
    127132        ob_end_clean();
    128133
    129134        echo json_encode( $result );
     135        die();
    130136}
    131137add_action( 'wp_ajax_activity_widget_filter', 'bp_dtheme_activity_template_loader' );
    132138add_action( 'wp_ajax_activity_get_older_updates', 'bp_dtheme_activity_template_loader' );
     139add_action( 'wp_ajax_nopriv_activity_widget_filter', 'bp_dtheme_activity_template_loader' );
     140add_action( 'wp_ajax_nopriv_activity_get_older_updates', 'bp_dtheme_activity_template_loader' );
    133141
    134142/* AJAX update posting */
    135143function bp_dtheme_post_update() {
     
    138146        // Check the nonce
    139147        check_admin_referer( 'post_update', '_wpnonce_post_update' );
    140148
    141         if ( !is_user_logged_in() ) {
    142                 echo '-1';
    143                 return false;
    144         }
    145 
    146149        if ( empty( $_POST['content'] ) ) {
    147150                echo '-1<div id="message" class="error"><p>' . __( 'Please enter some content to post.', 'buddypress' ) . '</p></div>';
    148                 return false;
     151                die(); // return false
    149152        }
    150153
    151154        $activity_id = 0;
     
    162165
    163166        if ( empty( $activity_id ) ) {
    164167                echo '-1<div id="message" class="error"><p>' . __( 'There was a problem posting your update, please try again.', 'buddypress' ) . '</p></div>';
    165                 return false;
     168                die(); // return false
    166169        }
    167170
    168171        if ( bp_has_activities ( 'include=' . $activity_id ) ) : ?>
     
    170173                        <?php locate_template( array( 'activity/entry.php' ), true ) ?>
    171174                <?php endwhile; ?>
    172175         <?php endif;
     176
     177        die();
    173178}
    174179add_action( 'wp_ajax_post_update', 'bp_dtheme_post_update' );
    175180
     
    180185        /* Check the nonce */
    181186        check_admin_referer( 'new_activity_comment', '_wpnonce_new_activity_comment' );
    182187
    183         if ( !is_user_logged_in() ) {
    184                 echo '-1';
    185                 return false;
    186         }
    187 
    188188        if ( empty( $_POST['content'] ) ) {
    189189                echo '-1<div id="message" class="error"><p>' . __( 'Please do not leave the comment area blank.', 'buddypress' ) . '</p></div>';
    190                 return false;
     190                die(); // return false
    191191        }
    192192
    193193        if ( empty( $_POST['form_id'] ) || empty( $_POST['comment_id'] ) || !is_numeric( $_POST['form_id'] ) || !is_numeric( $_POST['comment_id'] ) ) {
    194194                echo '-1<div id="message" class="error"><p>' . __( 'There was an error posting that reply, please try again.', 'buddypress' ) . '</p></div>';
    195                 return false;
     195                die(); // return false
    196196        }
    197197
    198198        $comment_id = bp_activity_new_comment( array(
     
    203203
    204204        if ( !$comment_id ) {
    205205                echo '-1<div id="message" class="error"><p>' . __( 'There was an error posting that reply, please try again.', 'buddypress' ) . '</p></div>';
    206                 return false;
     206                die(); // return false
    207207        }
    208208
    209209        if ( bp_has_activities ( 'display_comments=stream&include=' . $comment_id ) ) : ?>
     
    225225                        </li>
    226226                <?php endwhile; ?>
    227227         <?php endif;
     228
     229        die();
    228230}
    229231add_action( 'wp_ajax_new_activity_comment', 'bp_dtheme_new_activity_comment' );
    230232
     
    235237        // Check the nonce
    236238        check_admin_referer( 'bp_activity_delete_link' );
    237239
    238         if ( !is_user_logged_in() ) {
    239                 echo '-1';
    240                 return false;
    241         }
    242 
    243240        if ( empty( $_POST['id'] ) || !is_numeric( $_POST['id'] ) )
    244                 return false;
     241                die(); // return false
    245242
    246243        $activity = new BP_Activity_Activity( (int) $_POST['id'] );
    247244
    248245        // Check access
    249246        if ( !bp_activity_user_can_delete() )
    250                 return false;
     247                die(); // return false
    251248
    252249        // Call the action before the delete so plugins can still fetch information about it
    253250        do_action( 'bp_activity_before_action_delete_activity', $activity->id, $activity->user_id );
    254251
    255252        if ( !bp_activity_delete( array( 'id' => $activity->id, 'user_id' => $activity->user_id ) ) ) {
    256253                echo '-1<div id="message" class="error"><p>' . __( 'There was a problem when deleting. Please try again.', 'buddypress' ) . '</p></div>';
    257                 return false;
     254                die(); // return false
    258255        }
    259256       
    260257        do_action( 'bp_activity_action_delete_activity', $activity->id, $activity->user_id );
    261258
    262         return true;
     259        die(); // return true
    263260}
    264261add_action( 'wp_ajax_delete_activity', 'bp_dtheme_delete_activity' );
    265262
     
    270267        /* Check the nonce */
    271268        check_admin_referer( 'bp_activity_delete_link' );
    272269
    273         if ( !is_user_logged_in() ) {
    274                 echo '-1';
    275                 return false;
    276         }
    277 
    278270        $comment = new BP_Activity_Activity( $_POST['id'] );
    279271
    280272        /* Check access */
    281273        if ( !is_super_admin() && $comment->user_id != $bp->loggedin_user->id )
    282                 return false;
     274                die(); // return false
    283275
    284276        if ( empty( $_POST['id'] ) || !is_numeric( $_POST['id'] ) )
    285                 return false;
     277                die(); // return false
    286278
    287279        /* Call the action before the delete so plugins can still fetch information about it */
    288280        do_action( 'bp_activity_before_action_delete_activity', $_POST['id'], $comment->user_id );
    289281
    290282        if ( !bp_activity_delete_comment( $comment->item_id, $comment->id ) ) {
    291283                echo '-1<div id="message" class="error"><p>' . __( 'There was a problem when deleting. Please try again.', 'buddypress' ) . '</p></div>';
    292                 return false;
     284                die(); // return false
    293285        }
    294286
    295287        do_action( 'bp_activity_action_delete_activity', $_POST['id'], $comment->user_id );
    296288
    297         return true;
     289        die(); // return true
    298290}
    299291add_action( 'wp_ajax_delete_activity_comment', 'bp_dtheme_delete_activity_comment' );
    300292
    301293/* AJAX mark an activity as a favorite */
    302294function bp_dtheme_mark_activity_favorite() {
    303         global $bp;
    304 
    305295        bp_activity_add_user_favorite( $_POST['id'] );
    306296        _e( 'Remove Favorite', 'buddypress' );
     297        die();
    307298}
    308299add_action( 'wp_ajax_activity_mark_fav', 'bp_dtheme_mark_activity_favorite' );
    309300
    310301/* AJAX mark an activity as not a favorite */
    311302function bp_dtheme_unmark_activity_favorite() {
    312         global $bp;
    313 
    314303        bp_activity_remove_user_favorite( $_POST['id'] );
    315304        _e( 'Favorite', 'buddypress' );
     305        die();
    316306}
    317307add_action( 'wp_ajax_activity_mark_unfav', 'bp_dtheme_unmark_activity_favorite' );
    318308
     
    351341        check_ajax_referer( 'groups_invite_uninvite_user' );
    352342
    353343        if ( !$_POST['friend_id'] || !$_POST['friend_action'] || !$_POST['group_id'] )
    354                 return false;
     344                die(); // return false
    355345
    356346        if ( !groups_is_user_admin( $bp->loggedin_user->id, $_POST['group_id'] ) )
    357                 return false;
     347                die(); // return false
    358348
    359349        if ( !friends_check_friendship( $bp->loggedin_user->id, $_POST['friend_id'] ) )
    360                 return false;
     350                die(); // return false
    361351
    362352        if ( 'invite' == $_POST['friend_action'] ) {
    363353
    364354                if ( !groups_invite_user( array( 'user_id' => $_POST['friend_id'], 'group_id' => $_POST['group_id'] ) ) )
    365                         return false;
     355                        die(); // return false
    366356
    367357                $user = new BP_Core_User( $_POST['friend_id'] );
    368358
     
    378368        } else if ( 'uninvite' == $_POST['friend_action'] ) {
    379369
    380370                if ( !groups_uninvite_user( $_POST['friend_id'], $_POST['group_id'] ) )
    381                         return false;
     371                        die(); // return false
    382372
    383                 return true;
     373                die(); // return true
    384374
    385375        } else {
    386                 return false;
     376                die(); // return false
    387377        }
    388378}
    389379add_action( 'wp_ajax_groups_invite_user', 'bp_dtheme_ajax_invite_user' );
     
    415405                echo __( 'Request Pending', 'buddypress' );
    416406        }
    417407
    418         return false;
     408        die(); // return false
    419409}
    420410add_action( 'wp_ajax_addremove_friend', 'bp_dtheme_ajax_addremove_friend' );
    421411
     
    426416        if ( !friends_accept_friendship( $_POST['id'] ) )
    427417                echo "-1<div id='message' class='error'><p>" . __( 'There was a problem accepting that request. Please try again.', 'buddypress' ) . '</p></div>';
    428418
    429         return true;
     419        die(); // return true
    430420}
    431421add_action( 'wp_ajax_accept_friendship', 'bp_dtheme_ajax_accept_friendship' );
    432422
     
    437427        if ( !friends_reject_friendship( $_POST['id'] ) )
    438428                echo "-1<div id='message' class='error'><p>" . __( 'There was a problem rejecting that request. Please try again.', 'buddypress' ) . '</p></div>';
    439429
    440         return true;
     430        die(); // return true
    441431}
    442432add_action( 'wp_ajax_reject_friendship', 'bp_dtheme_ajax_reject_friendship' );
    443433
     
    446436        global $bp;
    447437
    448438        if ( groups_is_user_banned( $bp->loggedin_user->id, $_POST['gid'] ) )
    449                 return false;
     439                die(); // return false
    450440
    451441        if ( !$group = new BP_Groups_Group( $_POST['gid'], false, false ) )
    452                 return false;
     442                die(); // return false
    453443
    454444        if ( !groups_is_user_member( $bp->loggedin_user->id, $group->id ) ) {
    455445
     
    488478                        }
    489479                }
    490480        }
     481
     482        die();
    491483}
    492484add_action( 'wp_ajax_joinleave_group', 'bp_dtheme_ajax_joinleave_group' );
    493485
     
    504496
    505497                update_user_meta( $userdata->ID, bp_get_user_meta_key( 'closed_notices' ), $notice_ids );
    506498        }
     499
     500        die();
    507501}
    508502add_action( 'wp_ajax_messages_close_notice', 'bp_dtheme_ajax_close_notice' );
    509503
     
    540534        } else {
    541535                echo "-1<div id='message' class='error'><p>" . __( 'There was a problem sending that reply. Please try again.', 'buddypress' ) . '</p></div>';
    542536        }
     537
     538        die();
    543539}
    544540add_action( 'wp_ajax_messages_send_reply', 'bp_dtheme_ajax_messages_send_reply' );
    545541
    546542/* AJAX mark a private message as unread in your inbox */
    547543function bp_dtheme_ajax_message_markunread() {
    548         global $bp;
    549 
    550544        if ( !isset($_POST['thread_ids']) ) {
    551545                echo "-1<div id='message' class='error'><p>" . __('There was a problem marking messages as unread.', 'buddypress' ) . '</p></div>';
    552546        } else {
     
    556550                        BP_Messages_Thread::mark_as_unread($thread_ids[$i]);
    557551                }
    558552        }
     553
     554        die();
    559555}
    560556add_action( 'wp_ajax_messages_markunread', 'bp_dtheme_ajax_message_markunread' );
    561557
    562558/* AJAX mark a private message as read in your inbox */
    563559function bp_dtheme_ajax_message_markread() {
    564         global $bp;
    565 
    566560        if ( !isset($_POST['thread_ids']) ) {
    567561                echo "-1<div id='message' class='error'><p>" . __('There was a problem marking messages as read.', 'buddypress' ) . '</p></div>';
    568562        } else {
     
    572566                        BP_Messages_Thread::mark_as_read($thread_ids[$i]);
    573567                }
    574568        }
     569
     570        die();
    575571}
    576572add_action( 'wp_ajax_messages_markread', 'bp_dtheme_ajax_message_markread' );
    577573
    578574/* AJAX delete a private message or array of messages in your inbox */
    579575function bp_dtheme_ajax_messages_delete() {
    580         global $bp;
    581 
    582576        if ( !isset($_POST['thread_ids']) ) {
    583577                echo "-1<div id='message' class='error'><p>" . __( 'There was a problem deleting messages.', 'buddypress' ) . '</p></div>';
    584578        } else {
     
    589583
    590584                _e('Messages deleted.', 'buddypress');
    591585        }
     586
     587        die();
    592588}
    593589add_action( 'wp_ajax_messages_delete', 'bp_dtheme_ajax_messages_delete' );
    594590
     
    653649                        ';
    654650                }
    655651        }
     652
     653        die();
    656654}
    657655add_action( 'wp_ajax_messages_autocomplete_results', 'bp_dtheme_ajax_messages_autocomplete_results' );
    658656
  • bp-xprofile/bp-xprofile-admin.php

     
    313313 Handles the ajax reordering of fields within a group
    314314**************************************************************************/
    315315function xprofile_ajax_reorder_fields() {
    316         global $bp;
    317 
    318316        // Check the nonce
    319317        check_admin_referer( 'bp_reorder_fields', '_wpnonce_reorder_fields' );
    320318
     
    327325        foreach ( (array) $order['field'] as $position => $field_id )
    328326                xprofile_update_field_position( (int) $field_id, (int) $position, (int) $field_group_id );
    329327
     328        die();
    330329}
    331330add_action( 'wp_ajax_xprofile_reorder_fields', 'xprofile_ajax_reorder_fields' );
    332331
     
    336335 Handles the reordering of field groups
    337336**************************************************************************/
    338337function xprofile_ajax_reorder_field_groups() {
    339         global $bp;
    340 
    341338        // Check the nonce
    342339        check_admin_referer( 'bp_reorder_groups', '_wpnonce_reorder_groups' );
    343340
     
    349346        foreach ( (array) $order['group'] as $position => $field_group_id )
    350347                xprofile_update_field_group_position( (int) $field_group_id, (int) $position );
    351348
     349        die();
    352350}
    353351add_action( 'wp_ajax_xprofile_reorder_groups', 'xprofile_ajax_reorder_field_groups' );
    354352