Skip to:
Content

BuddyPress.org

Ticket #3280: 3280-1.patch

File 3280-1.patch, 6.0 KB (added by DJPaul, 14 years ago)
  • bp-xprofile/bp-xprofile-screens.php

     
    2828 * @uses bp_core_load_template() Looks for and loads a template file within the current member theme (folder/filename)
    2929 */
    3030function xprofile_screen_edit_profile() {
    31         global $bp;
     31        global $bp, $wp_query;
    3232
    3333        if ( !bp_is_my_profile() && !is_super_admin() )
    3434                return false;
     
    3838                bp_core_redirect( $bp->displayed_user->domain . $bp->profile->slug . '/edit/group/1' );
    3939
    4040        // Check the field group exists
    41         if ( !xprofile_get_field_group( $bp->action_variables[1] ) )
    42                 bp_core_redirect( bp_get_root_domain() );
     41        if ( !xprofile_get_field_group( $bp->action_variables[1] ) ) {
     42                $wp_query->set_404();
     43                status_header( 404 );
     44                nocache_headers();
     45                return;
     46        }
    4347
    4448        // Check to see if any new information has been submitted
    4549        if ( isset( $_POST['field_ids'] ) ) {
  • bp-core/bp-core-catchuri.php

     
    351351 * @since 1.3
    352352 */
    353353function bp_core_catch_no_access() {
    354         global $bp, $wp_query, $bp_unfiltered_uri, $bp_no_status_set;
     354        global $bp, $bp_no_status_set, $wp_query;
    355355
    356356        // If bp_core_redirect() and $bp_no_status_set is true,
    357357        // we are redirecting to an accessible page, so skip this check.
    358358        if ( $bp_no_status_set )
    359359                return false;
    360360
    361         // If the displayed user was marked as a spammer and the logged-in user is not a super admin, redirect
     361        // If the displayed user was marked as a spammer and the logged-in user is not a super admin, 404.
    362362        if ( isset( $bp->displayed_user->id ) && bp_core_is_user_spammer( $bp->displayed_user->id ) ) {
    363                 if ( !is_super_admin() )
    364                         bp_core_redirect( $bp->root_domain );
    365                 else
     363                if ( !$bp->loggedin_user->is_super_admin ) {
     364                        $wp_query->set_404();
     365                        status_header( 404 );
     366                        nocache_headers();
     367                        return;
     368
     369                } else {
    366370                        bp_core_add_message( __( 'This user has been marked as a spammer. Only site admins can view this profile.', 'buddypress' ), 'error' );
     371                }
    367372        }
    368373
    369         // If BP_ENABLE_ROOT_PROFILES is not defined and the displayed user does not exist, redirect
    370         if ( !$bp->displayed_user->id && isset( $bp_unfiltered_uri[0] ) && $bp_unfiltered_uri[0] == $bp->members->slug && isset( $bp_unfiltered_uri[1] ) )
    371                 bp_core_redirect( $bp->root_domain );
    372 
    373         // Access control!
    374374        if ( !isset( $wp_query->queried_object ) && !bp_is_blog_page() ) {
    375                 if ( is_user_logged_in() ) {
    376                         bp_core_no_access( array( 'redirect' => false, 'message' => __( 'You do not have access to that page', 'buddypress' ) ) );
    377                 } else {
    378                         bp_core_no_access();
    379                 }
     375                $wp_query->set_404();
     376                status_header( 404 );
     377                nocache_headers();
    380378        }
    381379}
    382380add_action( 'wp', 'bp_core_catch_no_access' );
     
    402400        $r = wp_parse_args( $args, $defaults );
    403401        extract( $r, EXTR_SKIP );
    404402
    405         // Group filtering
    406         // When a user doesn't have access to a group's activity / secondary page, redirect to group's homepage
    407         if ( !$redirect ) {
    408                 if ( bp_is_active( 'groups' ) && bp_is_current_component( 'groups' ) ) {
    409                         $root = bp_get_group_permalink( $bp->groups->current_group );
    410                         $message = false;
    411                 }
    412         }
    413 
    414403        // Apply filters to these variables
    415404        $mode           = apply_filters( 'bp_no_access_mode', $mode, $root, $redirect, $message );
    416405        $redirect       = apply_filters( 'bp_no_access_redirect', $redirect, $root, $message, $mode );
  • bp-activity/bp-activity-actions.php

     
    1313add_action( 'bp_init', 'bp_register_activity_actions', 8 );
    1414
    1515function bp_activity_action_permalink_router() {
    16         global $bp;
     16        global $bp, $wp_query;
    1717
    1818        // Not viewing activity
    1919        if ( ( $bp->activity->slug != bp_current_component() ) || !bp_is_current_action( 'p' ) )
     
    2626        // Get the activity details
    2727        $activity = bp_activity_get_specific( array( 'activity_ids' => $bp->action_variables[0] ) );
    2828
    29         // Redirect to root if activity does not exist
    30         if ( !$activity = $activity['activities'][0] )
    31                 bp_core_redirect( bp_get_root_domain() );
     29        // 404 if activity does not exist
     30        if ( !$activity = $activity['activities'][0] ) {
     31                $wp_query->set_404();
     32                status_header( 404 );
     33                nocache_headers();
     34                return;
     35        }
    3236
    3337        // Do not redirect at default
    3438        $redirect = false;
  • bp-activity/bp-activity-screens.php

     
    8383add_action( 'bp_activity_screen_mentions', 'bp_activity_reset_my_new_mentions' );
    8484
    8585function bp_activity_screen_single_activity_permalink() {
    86         global $bp;
     86        global $bp, $wp_query;
    8787
    8888        // No displayed user or not viewing activity component
    8989        if ( !bp_is_activity_component() )
     
    9595        // Get the activity details
    9696        $activity = bp_activity_get_specific( array( 'activity_ids' => bp_current_action() ) );
    9797
    98         if ( !$activity = $activity['activities'][0] )
    99                 bp_core_redirect( bp_get_root_domain() );
     98        // 404 if activity does not exist
     99        if ( !$activity = $activity['activities'][0] ) {
     100                $wp_query->set_404();
     101                status_header( 404 );
     102                nocache_headers();
     103                return;
     104        }
    100105
    101106        // Default access is true
    102107        $has_access = true;
     
    105110        if ( isset( $bp->groups->id ) && $activity->component == $bp->groups->id ) {
    106111
    107112                // Activity is from a group, but groups is currently disabled
    108                 if ( !bp_is_active( 'groups') )
    109                         bp_core_redirect( bp_get_root_domain() );
     113                if ( !bp_is_active( 'groups') ) {
     114                        $wp_query->set_404();
     115                        status_header( 404 );
     116                        nocache_headers();
     117                        return;
     118                }
    110119
    111120                // Check to see if the group is not public, if so, check the
    112121                // user has access to see this activity