diff --git a/src/bp-core/bp-core-functions.php b/src/bp-core/bp-core-functions.php
index 09e5c3ee0..102909b25 100644
a
|
b
|
function bp_get_allowedtags() { |
3900 | 3900 | function bp_strip_script_and_style_tags( $string ) { |
3901 | 3901 | return preg_replace( '@<(script|style)[^>]*?>.*?</\\1>@si', '', $string ); |
3902 | 3902 | } |
| 3903 | |
| 3904 | /** |
| 3905 | * Produce WordPress nonces with the capability to specify the id of the input. |
| 3906 | * |
| 3907 | * @since 5.0 |
| 3908 | * |
| 3909 | * @param int|string $action Optional. Action name. Default -1. |
| 3910 | * @param string $id Optional. Nonce input id. Default '_wpnonce'. |
| 3911 | * @param string $name Optional. Nonce name. Default '_wpnonce'. |
| 3912 | * @param bool $referer Optional. Whether to set the referer field for validation. Default true. |
| 3913 | * @param bool $echo Optional. Whether to display or return hidden form field. Default true. |
| 3914 | * @return string Nonce field HTML markup. |
| 3915 | */ |
| 3916 | function bp_nonce_field( $action = -1, $id = "_wpnonce", $name = "_wpnonce", $referer = true , $echo = true ) { |
| 3917 | $nonce_field = '<input type="hidden" id="' . esc_attr( $id ) . '" name="' . esc_attr( $name ) . '" value="' . wp_create_nonce( $action ) . '" />'; |
| 3918 | |
| 3919 | if ( $referer ) { |
| 3920 | $nonce_field .= wp_referer_field( false ); |
| 3921 | } |
| 3922 | |
| 3923 | if ( $echo ) { |
| 3924 | echo $nonce_field; |
| 3925 | } |
| 3926 | |
| 3927 | return $nonce_field; |
| 3928 | } |
diff --git a/src/bp-templates/bp-legacy/buddypress/activity/entry.php b/src/bp-templates/bp-legacy/buddypress/activity/entry.php
index c8510e7c4..6e8e091f3 100644
a
|
b
|
do_action( 'bp_before_activity_entry' ); ?> |
140 | 140 | */ |
141 | 141 | do_action( 'bp_activity_entry_comments' ); ?> |
142 | 142 | |
143 | | <?php wp_nonce_field( 'new_activity_comment', '_wpnonce_new_activity_comment' ); ?> |
| 143 | <?php bp_nonce_field( 'new_activity_comment', '_wpnonce_new_activity_comment_' . bp_get_activity_id(), '_wpnonce_new_activity_comment' );?> |
144 | 144 | |
145 | 145 | </form> |
146 | 146 | |
diff --git a/src/bp-templates/bp-legacy/js/buddypress.js b/src/bp-templates/bp-legacy/js/buddypress.js
index d608a6dfe..56986a336 100644
a
|
b
|
jq(document).ready( function() { |
610 | 610 | ajaxdata = { |
611 | 611 | action: 'new_activity_comment', |
612 | 612 | 'cookie': bp_get_cookies(), |
613 | | '_wpnonce_new_activity_comment': jq('#_wpnonce_new_activity_comment').val(), |
| 613 | '_wpnonce_new_activity_comment': jq('#_wpnonce_new_activity_comment_' + form_id[2]).val() || jq('#_wpnonce_new_activity_comment').val(), |
614 | 614 | 'comment_id': comment_id, |
615 | 615 | 'form_id': form_id[2], |
616 | 616 | 'content': content.val() |
diff --git a/src/bp-templates/bp-nouveau/buddypress/activity/comment-form.php b/src/bp-templates/bp-nouveau/buddypress/activity/comment-form.php
index b0d4b9ee1..fea26e1d7 100644
a
|
b
|
if ( ! bp_nouveau_current_user_can( 'comment_activity' ) || ! bp_activity_can_co |
23 | 23 | <input type="hidden" name="comment_form_id" value="<?php bp_activity_id(); ?>" /> |
24 | 24 | |
25 | 25 | <?php |
26 | | bp_nouveau_submit_button( 'activity-new-comment' ); |
| 26 | bp_nouveau_submit_button( 'activity-new-comment', bp_get_activity_id() ); |
27 | 27 | printf( |
28 | 28 | ' <button type="button" class="ac-reply-cancel">%s</button>', |
29 | 29 | esc_html( _x( 'Cancel', 'button', 'buddypress' ) ) |
diff --git a/src/bp-templates/bp-nouveau/includes/functions.php b/src/bp-templates/bp-nouveau/includes/functions.php
index 711596337..ccbe99287 100644
a
|
b
|
function bp_nouveau_get_signup_fields( $section = '' ) { |
1231 | 1231 | * @since 3.0.0 |
1232 | 1232 | * |
1233 | 1233 | * @param string $action The action requested. |
| 1234 | * @param string $id An associated ID to use to customize the button. Optional. |
1234 | 1235 | * |
1235 | 1236 | * @return array|false The list of the submit button parameters for the requested action |
1236 | 1237 | * False if no actions were found. |
1237 | 1238 | */ |
1238 | | function bp_nouveau_get_submit_button( $action = '' ) { |
| 1239 | function bp_nouveau_get_submit_button( $action = '', $assoc_id = '' ) { |
1239 | 1240 | if ( empty( $action ) ) { |
1240 | 1241 | return false; |
1241 | 1242 | } |
… |
… |
function bp_nouveau_get_submit_button( $action = '' ) { |
1337 | 1338 | 'after' => 'bp_activity_entry_comments', |
1338 | 1339 | 'nonce' => 'new_activity_comment', |
1339 | 1340 | 'nonce_key' => '_wpnonce_new_activity_comment', |
| 1341 | 'nonce_id' => ( $assoc_id ) ? "_wpnonce_new_activity_comment_{$assoc_id}" : '_wpnonce_new_activity_comment', |
1340 | 1342 | 'wrapper' => false, |
1341 | 1343 | 'attributes' => array( |
1342 | 1344 | 'name' => 'ac_form_submit', |
diff --git a/src/bp-templates/bp-nouveau/includes/template-tags.php b/src/bp-templates/bp-nouveau/includes/template-tags.php
index a0341a0bd..88875ada9 100644
a
|
b
|
function bp_nouveau_signup_privacy_policy_acceptance_section() { |
2492 | 2492 | * @since 3.0.0 |
2493 | 2493 | * |
2494 | 2494 | * @param string $action The action to get the submit button for. Required. |
| 2495 | * @param string $id An associated ID to use to customize the button. Optional. |
2495 | 2496 | */ |
2496 | | function bp_nouveau_submit_button( $action ) { |
2497 | | $submit_data = bp_nouveau_get_submit_button( $action ); |
| 2497 | function bp_nouveau_submit_button( $action, $assoc_id = '' ) { |
| 2498 | $submit_data = bp_nouveau_get_submit_button( $action, $assoc_id ); |
2498 | 2499 | if ( empty( $submit_data['attributes'] ) || empty( $submit_data['nonce'] ) ) { |
2499 | 2500 | return; |
2500 | 2501 | } |
… |
… |
function bp_nouveau_submit_button( $action ) { |
2524 | 2525 | printf( '<div class="submit">%s</div>', $submit_input ); |
2525 | 2526 | } |
2526 | 2527 | |
2527 | | if ( empty( $submit_data['nonce_key'] ) ) { |
2528 | | wp_nonce_field( $submit_data['nonce'] ); |
2529 | | } else { |
2530 | | wp_nonce_field( $submit_data['nonce'], $submit_data['nonce_key'] ); |
2531 | | } |
| 2528 | $nonce_args = array( |
| 2529 | 'nonce' => $submit_data['nonce'], |
| 2530 | 'nonce_id' => ! empty( $submit_data['nonce_id'] ) ? $submit_data['nonce_id'] : '_wpnonce', |
| 2531 | 'nonce_name' => ! empty( $submit_data['nonce_key'] ) ? $submit_data['nonce_key'] : '_wpnonce' |
| 2532 | ); |
| 2533 | bp_nonce_field( $nonce_args['nonce'], $nonce_args['nonce_id'], $nonce_args['nonce_name'] ); |
2532 | 2534 | |
2533 | 2535 | if ( ! empty( $submit_data['after'] ) ) { |
2534 | 2536 | |
diff --git a/src/bp-templates/bp-nouveau/js/buddypress-activity.js b/src/bp-templates/bp-nouveau/js/buddypress-activity.js
index f7c3178f5..35d620c5f 100644
a
|
b
|
window.bp = window.bp || {}; |
731 | 731 | |
732 | 732 | comment_data = { |
733 | 733 | action : 'new_activity_comment', |
734 | | _wpnonce_new_activity_comment : $( '#_wpnonce_new_activity_comment' ).val(), |
| 734 | _wpnonce_new_activity_comment : $( '#_wpnonce_new_activity_comment_' + activity_id ).val() || $( '#_wpnonce_new_activity_comment' ).val(), |
735 | 735 | comment_id : item_id, |
736 | 736 | form_id : activity_id, |
737 | 737 | content : comment_content.val() |