Ticket #3280: 3280-3.patch
File 3280-3.patch, 11.5 KB (added by , 14 years ago) |
---|
-
bp-xprofile/bp-xprofile-screens.php
13 13 * @uses bp_core_load_template() Looks for and loads a template file within the current member theme (folder/filename) 14 14 */ 15 15 function xprofile_screen_display_profile() { 16 global $bp, $wp_query; 17 18 if ( empty( $bp->displayed_user->id ) ) { 19 $wp_query->set_404(); 20 status_header( 404 ); 21 nocache_headers(); 22 return; 23 } 24 16 25 $new = isset( $_GET['new'] ) ? $_GET['new'] : ''; 17 26 18 27 do_action( 'xprofile_screen_display_profile', $new ); … … 28 37 * @uses bp_core_load_template() Looks for and loads a template file within the current member theme (folder/filename) 29 38 */ 30 39 function xprofile_screen_edit_profile() { 31 global $bp ;40 global $bp, $wp_query; 32 41 33 42 if ( !bp_is_my_profile() && !is_super_admin() ) 34 43 return false; … … 38 47 bp_core_redirect( $bp->displayed_user->domain . $bp->profile->slug . '/edit/group/1' ); 39 48 40 49 // Check the field group exists 41 if ( !xprofile_get_field_group( $bp->action_variables[1] ) ) 42 bp_core_redirect( bp_get_root_domain() ); 50 if ( !xprofile_get_field_group( $bp->action_variables[1] ) ) { 51 $wp_query->set_404(); 52 status_header( 404 ); 53 nocache_headers(); 54 return; 55 } 43 56 44 57 // Check to see if any new information has been submitted 45 58 if ( isset( $_POST['field_ids'] ) ) { -
bp-core/bp-core-template.php
246 246 247 247 // A single group 248 248 } elseif ( bp_is_active( 'groups' ) && !empty( $bp->groups->current_group ) && !empty( $bp->bp_options_nav[$bp->groups->current_group->slug] ) ) { 249 $subnav = isset( $bp->bp_options_nav[$bp->groups->current_group->slug][$bp->current_action]['name'] ) ? $bp->bp_options_nav[$bp->groups->current_group->slug][$bp->current_action]['name'] : ''; 249 250 // translators: "group name | group nav section name" 250 $title = sprintf( __( '%1$s | %2$s', 'buddypress' ), $bp->bp_options_title, $ bp->bp_options_nav[$bp->groups->current_group->slug][$bp->current_action]['name']);251 $title = sprintf( __( '%1$s | %2$s', 'buddypress' ), $bp->bp_options_title, $subnav ); 251 252 252 253 // A single item from a component other than groups 253 254 } elseif ( bp_is_single_item() ) { -
bp-core/bp-core-catchuri.php
27 27 */ 28 28 function bp_core_set_uri_globals() { 29 29 global $bp, $bp_unfiltered_uri, $bp_unfiltered_uri_offset; 30 global $current_blog, $wpdb ;30 global $current_blog, $wpdb, $wp_query; 31 31 32 32 // Create global component, action, and item variables 33 33 $bp->current_component = $bp->current_action = $bp->current_item =''; … … 242 242 else 243 243 $bp->displayed_user->id = (int) bp_core_get_userid_from_nicename( urldecode( $bp_uri[$uri_offset + 1] ) ); 244 244 245 if ( empty( $bp->displayed_user->id ) ) { 246 $wp_query->set_404(); 247 status_header( 404 ); 248 nocache_headers(); 249 250 // Prevent components from loading their templates 251 $bp->current_component = ''; 252 253 // Prevent WP from guessing on a redirect 254 remove_action( 'template_redirect', 'redirect_canonical' ); 255 return; 256 } 257 245 258 // Bump the offset 246 259 if ( isset( $bp_uri[$uri_offset + 2] ) ) { 247 260 $bp_uri = array_merge( array(), array_slice( $bp_uri, $uri_offset + 2 ) ); … … 351 364 * @since 1.3 352 365 */ 353 366 function bp_core_catch_no_access() { 354 global $bp, $ wp_query, $bp_unfiltered_uri, $bp_no_status_set;367 global $bp, $bp_no_status_set, $wp_query; 355 368 356 369 // If bp_core_redirect() and $bp_no_status_set is true, 357 370 // we are redirecting to an accessible page, so skip this check. 358 371 if ( $bp_no_status_set ) 359 372 return false; 360 373 361 // If the displayed user was marked as a spammer and the logged-in user is not a super admin, redirect374 // If the displayed user was marked as a spammer and the logged-in user is not a super admin, 404. 362 375 if ( isset( $bp->displayed_user->id ) && bp_core_is_user_spammer( $bp->displayed_user->id ) ) { 363 if ( !is_super_admin() ) 364 bp_core_redirect( $bp->root_domain ); 365 else 376 if ( !$bp->loggedin_user->is_super_admin ) { 377 $wp_query->set_404(); 378 status_header( 404 ); 379 nocache_headers(); 380 return; 381 382 } else { 366 383 bp_core_add_message( __( 'This user has been marked as a spammer. Only site admins can view this profile.', 'buddypress' ), 'error' ); 384 } 367 385 } 368 386 369 // If BP_ENABLE_ROOT_PROFILES is not defined and the displayed user does not exist, redirect370 if ( !$bp->displayed_user->id && isset( $bp_unfiltered_uri[0] ) && $bp_unfiltered_uri[0] == $bp->members->slug && isset( $bp_unfiltered_uri[1] ) )371 bp_core_redirect( $bp->root_domain );372 373 // Access control!374 387 if ( !isset( $wp_query->queried_object ) && !bp_is_blog_page() ) { 375 if ( is_user_logged_in() ) { 376 bp_core_no_access( array( 'redirect' => false, 'message' => __( 'You do not have access to that page', 'buddypress' ) ) ); 377 } else { 378 bp_core_no_access(); 379 } 388 $wp_query->set_404(); 389 status_header( 404 ); 390 nocache_headers(); 380 391 } 381 392 } 382 393 add_action( 'wp', 'bp_core_catch_no_access' ); … … 402 413 $r = wp_parse_args( $args, $defaults ); 403 414 extract( $r, EXTR_SKIP ); 404 415 405 // Group filtering406 // When a user doesn't have access to a group's activity / secondary page, redirect to group's homepage407 if ( !$redirect ) {408 if ( bp_is_active( 'groups' ) && bp_is_current_component( 'groups' ) ) {409 $root = bp_get_group_permalink( $bp->groups->current_group );410 $message = false;411 }412 }413 414 416 // Apply filters to these variables 415 417 $mode = apply_filters( 'bp_no_access_mode', $mode, $root, $redirect, $message ); 416 418 $redirect = apply_filters( 'bp_no_access_redirect', $redirect, $root, $message, $mode ); -
bp-core/bp-core-component.php
98 98 * @param arr $args Used to 99 99 */ 100 100 function _setup_globals( $args = '' ) { 101 global $bp ;101 global $bp, $wp_query; 102 102 103 103 /** Slugs *************************************************************/ 104 104 … … 127 127 if ( !empty( $r['global_tables'] ) ) 128 128 foreach ( $r['global_tables'] as $global_name => $table_name ) 129 129 $this->$global_name = $table_name; 130 130 131 /* if ( empty( $bp->displayed_user->id ) ) { 132 $wp_query->set_404(); 133 status_header( 404 ); 134 nocache_headers(); 135 return; 136 }*/ 137 131 138 /** BuddyPress ********************************************************/ 132 139 133 140 // Register this component in the active components array -
bp-activity/bp-activity-actions.php
13 13 add_action( 'bp_init', 'bp_register_activity_actions', 8 ); 14 14 15 15 function bp_activity_action_permalink_router() { 16 global $bp ;16 global $bp, $wp_query; 17 17 18 18 // Not viewing activity 19 19 if ( ( $bp->activity->slug != bp_current_component() ) || !bp_is_current_action( 'p' ) ) … … 26 26 // Get the activity details 27 27 $activity = bp_activity_get_specific( array( 'activity_ids' => $bp->action_variables[0] ) ); 28 28 29 // Redirect to root if activity does not exist 30 if ( !$activity = $activity['activities'][0] ) 31 bp_core_redirect( bp_get_root_domain() ); 29 // 404 if activity does not exist 30 if ( !$activity = $activity['activities'][0] ) { 31 $wp_query->set_404(); 32 status_header( 404 ); 33 nocache_headers(); 34 return; 35 } 32 36 33 37 // Do not redirect at default 34 38 $redirect = false; -
bp-activity/bp-activity-screens.php
83 83 add_action( 'bp_activity_screen_mentions', 'bp_activity_reset_my_new_mentions' ); 84 84 85 85 function bp_activity_screen_single_activity_permalink() { 86 global $bp ;86 global $bp, $wp_query; 87 87 88 88 // No displayed user or not viewing activity component 89 89 if ( !bp_is_activity_component() ) … … 95 95 // Get the activity details 96 96 $activity = bp_activity_get_specific( array( 'activity_ids' => bp_current_action() ) ); 97 97 98 if ( !$activity = $activity['activities'][0] ) 99 bp_core_redirect( bp_get_root_domain() ); 98 // 404 if activity does not exist 99 if ( !$activity = $activity['activities'][0] ) { 100 $wp_query->set_404(); 101 status_header( 404 ); 102 nocache_headers(); 103 return; 104 } 100 105 101 106 // Default access is true 102 107 $has_access = true; … … 105 110 if ( isset( $bp->groups->id ) && $activity->component == $bp->groups->id ) { 106 111 107 112 // Activity is from a group, but groups is currently disabled 108 if ( !bp_is_active( 'groups') ) 109 bp_core_redirect( bp_get_root_domain() ); 113 if ( !bp_is_active( 'groups') ) { 114 $wp_query->set_404(); 115 status_header( 404 ); 116 nocache_headers(); 117 return; 118 } 110 119 111 120 // Check to see if the group is not public, if so, check the 112 121 // user has access to see this activity -
bp-groups/bp-groups-screens.php
107 107 108 108 if ( !bp_is_active( 'forums' ) || !bp_forums_is_installed_correctly() ) 109 109 return false; 110 111 if ( !$bp->groups->current_group->user_has_access ) { 112 bp_core_no_access(); 113 return; 114 } 110 115 111 if ( bp_is_single_item() && $bp->groups->current_group->user_has_access) {116 if ( bp_is_single_item() ) { 112 117 113 118 // Fetch the details we need 114 119 $topic_slug = !empty( $bp->action_variables[1] ) ? $bp->action_variables[1] : false; -
bp-groups/bp-groups-loader.php
61 61 * @global obj $bp 62 62 */ 63 63 function _setup_globals() { 64 global $bp ;64 global $bp, $wp_query; 65 65 66 66 // Define a slug, if necessary 67 67 if ( !defined( 'BP_GROUPS_SLUG' ) ) … … 155 155 $this->root_slug, 156 156 ) ); 157 157 158 // If the user was attempting to access a group, but no group by that name was 159 // found, 404 160 if ( empty( $this->current_group ) && !empty( $bp->current_action ) && !in_array( $bp->current_action, $this->forbidden_names ) ) { 161 $wp_query->set_404(); 162 status_header( 404 ); 163 nocache_headers(); 164 } 165 166 // Group access control 167 if ( !empty( $this->current_group ) && !$this->current_group->user_has_access ) { 168 bp_core_no_access(); 169 } 170 158 171 // Preconfigured group creation steps 159 172 $this->group_creation_steps = apply_filters( 'groups_create_group_steps', array( 160 173 'group-details' => array( -
bp-groups/bp-groups-filters.php
105 105 elseif ( is_super_admin() ) 106 106 unset( $parts['private'] ); 107 107 108 // Are we a member of this group109 elseif ( bp_is_single_item() && bp_group_is_member( $bp->groups->current_group->id ))108 // No need to filter on a single item 109 elseif ( bp_is_single_item() ) 110 110 unset( $parts['private'] ); 111 111 112 112 // Check the SQL filter that was passed