Skip to:
Content

BuddyPress.org

Ticket #8545: 8545.patch

File 8545.patch, 2.3 KB (added by imath, 3 years ago)
  • src/bp-activity/actions/reply.php

    diff --git src/bp-activity/actions/reply.php src/bp-activity/actions/reply.php
    index 4a42d943a..b34d8f312 100644
     
    1515 * @return bool False on failure.
    1616 */
    1717function bp_activity_action_post_comment() {
    18         if ( !is_user_logged_in() || !bp_is_activity_component() || !bp_is_current_action( 'reply' ) )
     18        if ( ! is_user_logged_in() || ! bp_is_activity_component() || ! bp_is_current_action( 'reply' ) ) {
    1919                return false;
     20        }
     21
     22        if ( ! isset( $_POST['comment_form_id'] ) ) {
     23                return false;
     24        }
     25
     26        $activity_id = absint( wp_unslash( $_POST['comment_form_id'] ) );
     27
     28        if ( ! isset( $activity_id ) ) {
     29                return false;
     30        }
    2031
    2132        // Check the nonce.
    22         check_admin_referer( 'new_activity_comment', '_wpnonce_new_activity_comment' );
     33        check_admin_referer( 'new_activity_comment', '_wpnonce_new_activity_comment_' . $activity_id );
    2334
    2435        /**
    2536         * Filters the activity ID a comment will be in reply to.
    2637         *
    2738         * @since 1.2.0
    2839         *
    29          * @param string $value ID of the activity being replied to.
     40         * @param string $activity_id ID of the activity being replied to.
    3041         */
    31         $activity_id = apply_filters( 'bp_activity_post_comment_activity_id', $_POST['comment_form_id'] );
     42        $activity_id = apply_filters( 'bp_activity_post_comment_activity_id', $activity_id );
    3243
    3344        /**
    3445         * Filters the comment content for a comment reply.
    function bp_activity_action_post_comment() { 
    5061                bp_core_redirect( wp_get_referer() . '#ac-form-' . $activity_id );
    5162        }
    5263
    53         $comment_id = bp_activity_new_comment( array(
    54                 'content'     => $content,
    55                 'activity_id' => $activity_id,
    56                 'parent_id'   => false
    57         ));
     64        $comment_id = bp_activity_new_comment(
     65                array(
     66                        'content'     => $content,
     67                        'activity_id' => $activity_id,
     68                        'parent_id'   => false
     69                )
     70        );
    5871
    59         if ( !empty( $comment_id ) )
     72        if ( ! empty( $comment_id ) ) {
    6073                bp_core_add_message( __( 'Reply Posted!', 'buddypress' ) );
    61         else
     74        } else {
    6275                bp_core_add_message( __( 'There was an error posting that reply. Please try again.', 'buddypress' ), 'error' );
     76        }
    6377
    6478        bp_core_redirect( wp_get_referer() . '#ac-form-' . $activity_id );
    6579}
    66 add_action( 'bp_actions', 'bp_activity_action_post_comment' );
    67  No newline at end of file
     80add_action( 'bp_actions', 'bp_activity_action_post_comment' );