Ticket #6504: 6504.01.patch
File 6504.01.patch, 3.0 KB (added by , 10 years ago) |
---|
-
src/bp-messages/bp-messages-filters.php
65 65 add_filter( 'bp_get_messages_content_value', 'stripslashes_deep' ); 66 66 add_filter( 'bp_get_the_thread_message_content', 'stripslashes_deep' ); 67 67 add_filter( 'bp_get_the_thread_subject', 'stripslashes_deep' ); 68 69 /** 70 * Enforce limitations on viewing private message contents 71 * 72 * @since BuddyPress (2.3.2) 73 * 74 * @see bp_has_message_threads() for description of parameters 75 * 76 * @param array|string $args See {@link bp_has_message_threads()}. 77 */ 78 function bp_messages_enforce_current_user( $args = array() ) { 79 80 // Logged out users can see no member's private messages 81 if ( ! is_user_logged_in() ) { 82 $args = array(); 83 84 // Non-community moderators can only ever see their own messages 85 } elseif ( ! bp_current_user_can( 'bp_moderate' ) ) { 86 $_user_id = (int) bp_loggedin_user_id(); 87 if ( $_user_id !== (int) $args['user_id'] ) { 88 $args['user_id'] = $_user_id; 89 } 90 } 91 92 // Return possibly modified $args array 93 return $args; 94 } 95 add_filter( 'bp_after_has_message_threads_parse_args', 'bp_messages_enforce_current_user' ); -
src/bp-messages/classes/class-bp-messages-thread.php
439 439 'meta_query' => array() 440 440 ) ); 441 441 442 $pag_sql = $type_sql = $search_sql = $user_id_sql = $sender_sql = ''; 442 $user_id_sql = 'AND m.sender_id = 0'; 443 $sender_sql = 'AND m.sender_id = r.user_id'; 444 $pag_sql = $type_sql = $search_sql = ''; 443 445 $meta_query_sql = array( 444 446 'join' => '', 445 447 'where' => '' 446 448 ); 447 449 448 450 if ( $r['limit'] && $r['page'] ) { 449 $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $r['page'] - 1 ) * $r['limit'] ), intval( $r['limit'] ) );451 $pag_sql = $wpdb->prepare( 'LIMIT %d, %d', intval( ( $r['page'] - 1 ) * $r['limit'] ), intval( $r['limit'] ) ); 450 452 } 451 453 452 454 if ( $r['type'] == 'unread' ) { 453 $type_sql = " AND r.unread_count != 0 ";455 $type_sql = 'AND r.unread_count != 0 '; 454 456 } elseif ( $r['type'] == 'read' ) { 455 $type_sql = " AND r.unread_count = 0 ";457 $type_sql = 'AND r.unread_count = 0 '; 456 458 } 457 459 458 460 if ( ! empty( $r['search_terms'] ) ) { 459 461 $search_terms_like = '%' . bp_esc_like( $r['search_terms'] ) . '%'; 460 $search_sql = $wpdb->prepare( "AND ( subject LIKE %s OR message LIKE %s )", $search_terms_like, $search_terms_like );462 $search_sql = $wpdb->prepare( 'AND ( subject LIKE %s OR message LIKE %s )', $search_terms_like, $search_terms_like ); 461 463 } 462 464 463 465 if ( ! empty( $r['user_id'] ) ) { 464 466 if ( 'sentbox' == $r['box'] ) { 465 467 $user_id_sql = 'AND ' . $wpdb->prepare( 'm.sender_id = %d', $r['user_id'] ); 466 $sender_sql = ' 468 $sender_sql = 'AND m.sender_id = r.user_id'; 467 469 } else { 468 470 $user_id_sql = 'AND ' . $wpdb->prepare( 'r.user_id = %d', $r['user_id'] ); 469 $sender_sql = ' 471 $sender_sql = 'AND r.sender_only = 0'; 470 472 } 471 473 } 472 474