Changeset 11270 for trunk/src/bp-templates/bp-legacy/buddypress-functions.php

Timestamp:

12/05/2016 10:41:20 PM (8 years ago)

Author:

slaffik

Message:

Prevent possible warning in bp_legacy_theme_delete_activity_comment().

Firstly, check $_POST['id'] itself, only after that - for logged-in user status. Prevents warnings when the AJAX request is sent with wrong params, which doesn't allow to proceed and run additional code.

Props jonas-lundman.
Fixes #7324.

File:

• trunk/src/bp-templates/bp-legacy/buddypress-functions.php (modified) (2 diffs)

trunk/src/bp-templates/bp-legacy/buddypress-functions.php

@@ -1104 +1104 @@
     check_admin_referer( 'bp_activity_delete_link' );
 
-    if ( ! is_user_logged_in() )
+    if ( empty( $_POST['id'] ) || ! is_numeric( $_POST['id'] ) ) {
         exit( '-1' );
+    }
+
+    if ( ! is_user_logged_in() ) {
+        exit( '-1' );
+    }
 
     $comment = new BP_Activity_Activity( $_POST['id'] );
@@ -1111 +1116 @@
     // Check access.
     if ( ! bp_current_user_can( 'bp_moderate' ) && $comment->user_id != bp_loggedin_user_id() )
-        exit( '-1' );
-
-    if ( empty( $_POST['id'] ) || ! is_numeric( $_POST['id'] ) )
         exit( '-1' );