Ticket #3280: 3280-1.patch
File 3280-1.patch, 6.0 KB (added by , 14 years ago) |
---|
-
bp-xprofile/bp-xprofile-screens.php
28 28 * @uses bp_core_load_template() Looks for and loads a template file within the current member theme (folder/filename) 29 29 */ 30 30 function xprofile_screen_edit_profile() { 31 global $bp ;31 global $bp, $wp_query; 32 32 33 33 if ( !bp_is_my_profile() && !is_super_admin() ) 34 34 return false; … … 38 38 bp_core_redirect( $bp->displayed_user->domain . $bp->profile->slug . '/edit/group/1' ); 39 39 40 40 // Check the field group exists 41 if ( !xprofile_get_field_group( $bp->action_variables[1] ) ) 42 bp_core_redirect( bp_get_root_domain() ); 41 if ( !xprofile_get_field_group( $bp->action_variables[1] ) ) { 42 $wp_query->set_404(); 43 status_header( 404 ); 44 nocache_headers(); 45 return; 46 } 43 47 44 48 // Check to see if any new information has been submitted 45 49 if ( isset( $_POST['field_ids'] ) ) { -
bp-core/bp-core-catchuri.php
351 351 * @since 1.3 352 352 */ 353 353 function bp_core_catch_no_access() { 354 global $bp, $ wp_query, $bp_unfiltered_uri, $bp_no_status_set;354 global $bp, $bp_no_status_set, $wp_query; 355 355 356 356 // If bp_core_redirect() and $bp_no_status_set is true, 357 357 // we are redirecting to an accessible page, so skip this check. 358 358 if ( $bp_no_status_set ) 359 359 return false; 360 360 361 // If the displayed user was marked as a spammer and the logged-in user is not a super admin, redirect361 // If the displayed user was marked as a spammer and the logged-in user is not a super admin, 404. 362 362 if ( isset( $bp->displayed_user->id ) && bp_core_is_user_spammer( $bp->displayed_user->id ) ) { 363 if ( !is_super_admin() ) 364 bp_core_redirect( $bp->root_domain ); 365 else 363 if ( !$bp->loggedin_user->is_super_admin ) { 364 $wp_query->set_404(); 365 status_header( 404 ); 366 nocache_headers(); 367 return; 368 369 } else { 366 370 bp_core_add_message( __( 'This user has been marked as a spammer. Only site admins can view this profile.', 'buddypress' ), 'error' ); 371 } 367 372 } 368 373 369 // If BP_ENABLE_ROOT_PROFILES is not defined and the displayed user does not exist, redirect370 if ( !$bp->displayed_user->id && isset( $bp_unfiltered_uri[0] ) && $bp_unfiltered_uri[0] == $bp->members->slug && isset( $bp_unfiltered_uri[1] ) )371 bp_core_redirect( $bp->root_domain );372 373 // Access control!374 374 if ( !isset( $wp_query->queried_object ) && !bp_is_blog_page() ) { 375 if ( is_user_logged_in() ) { 376 bp_core_no_access( array( 'redirect' => false, 'message' => __( 'You do not have access to that page', 'buddypress' ) ) ); 377 } else { 378 bp_core_no_access(); 379 } 375 $wp_query->set_404(); 376 status_header( 404 ); 377 nocache_headers(); 380 378 } 381 379 } 382 380 add_action( 'wp', 'bp_core_catch_no_access' ); … … 402 400 $r = wp_parse_args( $args, $defaults ); 403 401 extract( $r, EXTR_SKIP ); 404 402 405 // Group filtering406 // When a user doesn't have access to a group's activity / secondary page, redirect to group's homepage407 if ( !$redirect ) {408 if ( bp_is_active( 'groups' ) && bp_is_current_component( 'groups' ) ) {409 $root = bp_get_group_permalink( $bp->groups->current_group );410 $message = false;411 }412 }413 414 403 // Apply filters to these variables 415 404 $mode = apply_filters( 'bp_no_access_mode', $mode, $root, $redirect, $message ); 416 405 $redirect = apply_filters( 'bp_no_access_redirect', $redirect, $root, $message, $mode ); -
bp-activity/bp-activity-actions.php
13 13 add_action( 'bp_init', 'bp_register_activity_actions', 8 ); 14 14 15 15 function bp_activity_action_permalink_router() { 16 global $bp ;16 global $bp, $wp_query; 17 17 18 18 // Not viewing activity 19 19 if ( ( $bp->activity->slug != bp_current_component() ) || !bp_is_current_action( 'p' ) ) … … 26 26 // Get the activity details 27 27 $activity = bp_activity_get_specific( array( 'activity_ids' => $bp->action_variables[0] ) ); 28 28 29 // Redirect to root if activity does not exist 30 if ( !$activity = $activity['activities'][0] ) 31 bp_core_redirect( bp_get_root_domain() ); 29 // 404 if activity does not exist 30 if ( !$activity = $activity['activities'][0] ) { 31 $wp_query->set_404(); 32 status_header( 404 ); 33 nocache_headers(); 34 return; 35 } 32 36 33 37 // Do not redirect at default 34 38 $redirect = false; -
bp-activity/bp-activity-screens.php
83 83 add_action( 'bp_activity_screen_mentions', 'bp_activity_reset_my_new_mentions' ); 84 84 85 85 function bp_activity_screen_single_activity_permalink() { 86 global $bp ;86 global $bp, $wp_query; 87 87 88 88 // No displayed user or not viewing activity component 89 89 if ( !bp_is_activity_component() ) … … 95 95 // Get the activity details 96 96 $activity = bp_activity_get_specific( array( 'activity_ids' => bp_current_action() ) ); 97 97 98 if ( !$activity = $activity['activities'][0] ) 99 bp_core_redirect( bp_get_root_domain() ); 98 // 404 if activity does not exist 99 if ( !$activity = $activity['activities'][0] ) { 100 $wp_query->set_404(); 101 status_header( 404 ); 102 nocache_headers(); 103 return; 104 } 100 105 101 106 // Default access is true 102 107 $has_access = true; … … 105 110 if ( isset( $bp->groups->id ) && $activity->component == $bp->groups->id ) { 106 111 107 112 // Activity is from a group, but groups is currently disabled 108 if ( !bp_is_active( 'groups') ) 109 bp_core_redirect( bp_get_root_domain() ); 113 if ( !bp_is_active( 'groups') ) { 114 $wp_query->set_404(); 115 status_header( 404 ); 116 nocache_headers(); 117 return; 118 } 110 119 111 120 // Check to see if the group is not public, if so, check the 112 121 // user has access to see this activity