Skip to:
Content

BuddyPress.org

Changeset 10232


Ignore:
Timestamp:
10/10/2015 04:13:02 PM (9 years ago)
Author:
djpaul
Message:

xprofile: remove is_admin() logic from required field check

The function should return the same thing for everyone, as it’s a
property of the field only (not the field-user combo). In the relevant
places where these functions are used in BP - namely, during form
submission - bp_moderate users are able to bypass the requirement.

This change breaks backwards compatibility in cases where the
field_is_required() functions are called directly, and the plugin
expects the function to return true for bp_moderate users. This is
unlikely, and given that if there were, they’d run into this same bug,
let’s fix it.

Fixes #6520

Props boonebgorges

Location:
trunk/src
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-members/bp-members-screens.php

    r10219 r10232  
    144144
    145145                    // Create errors for required fields without values
    146                     if ( xprofile_check_is_required_field( $field_id ) && empty( $_POST['field_' . $field_id] ) )
     146                    if ( xprofile_check_is_required_field( $field_id ) && empty( $_POST[ 'field_' . $field_id ] ) && ! bp_current_user_can( 'bp_moderate' ) )
    147147                        $bp->signup->errors['field_' . $field_id] = __( 'This is a required field', 'buddypress' );
    148148                }
  • trunk/src/bp-xprofile/bp-xprofile-admin.php

    r10229 r10232  
    888888                }
    889889
    890                 $is_required[ $field_id ] = xprofile_check_is_required_field( $field_id );
     890                $is_required[ $field_id ] = xprofile_check_is_required_field( $field_id ) && ! bp_current_user_can( 'bp_moderate' );
    891891                if ( $is_required[ $field_id ] && empty( $_POST['field_' . $field_id ] ) ) {
    892892                    $redirect_to = add_query_arg( 'error', '2', $redirect_to );
  • trunk/src/bp-xprofile/bp-xprofile-functions.php

    r10200 r10232  
    541541
    542542function xprofile_check_is_required_field( $field_id ) {
    543     $field = new BP_Xprofile_Field( $field_id );
    544 
    545     // Define locale variable(s).
     543    $field  = new BP_Xprofile_Field( $field_id );
    546544    $retval = false;
    547545
    548     // Super admins can skip required check.
    549     if ( bp_current_user_can( 'bp_moderate' ) && ! is_admin() ) {
    550         $retval = false;
    551 
    552     // All other users will use the field's setting.
    553     } elseif ( isset( $field->is_required ) ) {
     546    if ( isset( $field->is_required ) ) {
    554547        $retval = $field->is_required;
    555548    }
  • trunk/src/bp-xprofile/bp-xprofile-screens.php

    r10163 r10232  
    9999            }
    100100
    101             $is_required[$field_id] = xprofile_check_is_required_field( $field_id );
     101            $is_required[ $field_id ] = xprofile_check_is_required_field( $field_id ) && ! bp_current_user_can( 'bp_moderate' );
    102102            if ( $is_required[$field_id] && empty( $_POST['field_' . $field_id] ) ) {
    103103                $errors = true;
  • trunk/src/bp-xprofile/bp-xprofile-template.php

    r10201 r10232  
    836836        global $field;
    837837
    838         // Define locale variable(s).
    839838        $retval = false;
    840839
    841         // Super admins can skip required check.
    842         if ( bp_current_user_can( 'bp_moderate' ) && !is_admin() ) {
    843             $retval = false;
    844 
    845         // All other users will use the field's setting.
    846         } elseif ( isset( $field->is_required ) ) {
     840        if ( isset( $field->is_required ) ) {
    847841            $retval = $field->is_required;
    848842        }
Note: See TracChangeset for help on using the changeset viewer.