Changeset 11449
- Timestamp:
- 03/08/2017 04:37:18 PM (8 years ago)
- Location:
- trunk/src
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/bp-messages/bp-messages-template.php
r11447 r11449 943 943 <a href="#" id="mark_as_unread"><?php _ex('Mark as Unread', 'Message management markup', 'buddypress') ?></a> 944 944 945 <?php wp_nonce_field( 'bp_messages_mark_messages_read', 'mark-messages-read-nonce', false ); ?> 946 <?php wp_nonce_field( 'bp_messages_mark_messages_unread', 'mark-messages-unread-nonce', false ); ?> 947 945 948 <?php endif; ?> 946 949 947 950 <a href="#" id="delete_<?php echo bp_current_action(); ?>_messages"><?php _e( 'Delete Selected', 'buddypress' ); ?></a> 948 951 <?php wp_nonce_field( 'bp_messages_delete_selected', 'delete-selected-nonce', false ); ?> 949 952 <?php 950 953 } … … 1266 1269 <?php echo stripslashes( wp_filter_kses( $notice->message) ) ?> 1267 1270 <a href="#" id="close-notice"><?php _e( 'Close', 'buddypress' ) ?></a> 1271 <?php wp_nonce_field( 'bp_messages_close_notice', 'close-notice-nonce' ); ?> 1268 1272 </p> 1269 1273 </div> -
trunk/src/bp-templates/bp-legacy/buddypress-functions.php
r11447 r11449 876 876 case 'mentions': 877 877 $feed_url = bp_loggedin_user_domain() . bp_get_activity_slug() . '/mentions/feed/'; 878 bp_activity_clear_new_mentions( bp_loggedin_user_id() ); 878 879 if ( isset( $_POST['_wpnonce_activity_filter'] ) && wp_verify_nonce( wp_unslash( $_POST['_wpnonce_activity_filter'] ), 'activity_filter' ) ) { 880 bp_activity_clear_new_mentions( bp_loggedin_user_id() ); 881 } 882 879 883 break; 880 884 default: … … 1198 1202 return; 1199 1203 1204 if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( wp_unslash( $_POST['nonce'] ), 'mark_favorite' ) ) { 1205 return; 1206 } 1207 1200 1208 if ( bp_activity_add_user_favorite( $_POST['id'] ) ) 1201 1209 _e( 'Remove Favorite', 'buddypress' ); … … 1217 1225 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) 1218 1226 return; 1227 1228 if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( wp_unslash( $_POST['nonce'] ), 'unmark_favorite' ) ) { 1229 return; 1230 } 1219 1231 1220 1232 if ( bp_activity_remove_user_favorite( $_POST['id'] ) ) … … 1527 1539 return; 1528 1540 1529 if ( ! isset( $_POST['notice_id'] ) ) { 1541 $nonce_check = isset( $_POST['nonce'] ) && wp_verify_nonce( wp_unslash( $_POST['nonce'] ), 'bp_messages_close_notice' ); 1542 1543 if ( ! $nonce_check || ! isset( $_POST['notice_id'] ) ) { 1530 1544 echo "-1<div id='message' class='error'><p>" . __( 'There was a problem closing the notice.', 'buddypress' ) . '</p></div>'; 1531 1545 … … 1604 1618 * Mark a private message as unread in your inbox via a POST request. 1605 1619 * 1620 * No longer used. 1621 * 1606 1622 * @since 1.2.0 1623 * @deprecated 2.2.0 1607 1624 * 1608 1625 * @return mixed String on error, void on success. 1609 1626 */ 1610 1627 function bp_legacy_theme_ajax_message_markunread() { 1611 // Bail if not a POST action. 1612 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) 1613 return; 1614 1615 if ( ! isset($_POST['thread_ids']) ) { 1616 echo "-1<div id='message' class='error'><p>" . __( 'There was a problem marking messages as unread.', 'buddypress' ) . '</p></div>'; 1617 1618 } else { 1619 $thread_ids = explode( ',', $_POST['thread_ids'] ); 1620 1621 for ( $i = 0, $count = count( $thread_ids ); $i < $count; ++$i ) { 1622 BP_Messages_Thread::mark_as_unread( (int) $thread_ids[$i] ); 1623 } 1624 } 1625 1626 exit; 1628 die( '-1' ); 1627 1629 } 1628 1630 … … 1630 1632 * Mark a private message as read in your inbox via a POST request. 1631 1633 * 1634 * No longer used. 1635 * 1632 1636 * @since 1.2.0 1637 * @deprecated 2.2.0 1633 1638 * 1634 1639 * @return mixed String on error, void on success. 1635 1640 */ 1636 1641 function bp_legacy_theme_ajax_message_markread() { 1637 // Bail if not a POST action. 1638 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) 1639 return; 1640 1641 if ( ! isset($_POST['thread_ids']) ) { 1642 echo "-1<div id='message' class='error'><p>" . __('There was a problem marking messages as read.', 'buddypress' ) . '</p></div>'; 1643 1644 } else { 1645 $thread_ids = explode( ',', $_POST['thread_ids'] ); 1646 1647 for ( $i = 0, $count = count( $thread_ids ); $i < $count; ++$i ) { 1648 BP_Messages_Thread::mark_as_read( (int) $thread_ids[$i] ); 1649 } 1650 } 1651 1652 exit; 1642 die( '-1' ); 1653 1643 } 1654 1644 … … 1656 1646 * Delete a private message(s) in your inbox via a POST request. 1657 1647 * 1648 * No longer used. 1649 * 1658 1650 * @since 1.2.0 1651 * @deprecated 2.2.0 1659 1652 * 1660 1653 * @return string|null HTML 1661 1654 */ 1662 1655 function bp_legacy_theme_ajax_messages_delete() { 1663 // Bail if not a POST action. 1664 if ( 'POST' !== strtoupper( $_SERVER['REQUEST_METHOD'] ) ) 1665 return; 1666 1667 if ( ! isset($_POST['thread_ids']) ) { 1668 echo "-1<div id='message' class='error'><p>" . __( 'There was a problem deleting messages.', 'buddypress' ) . '</p></div>'; 1669 1670 } else { 1671 $thread_ids = wp_parse_id_list( $_POST['thread_ids'] ); 1672 messages_delete_thread( $thread_ids ); 1673 1674 _e( 'Messages deleted.', 'buddypress' ); 1675 } 1676 1677 exit; 1656 die( '-1' ); 1678 1657 } 1679 1658 -
trunk/src/bp-templates/bp-legacy/js/buddypress.js
r11198 r11449 317 317 parent = target.closest('.activity-item'); 318 318 parent_id = parent.attr('id').substr( 9, parent.attr('id').length ); 319 nonce = bp_get_query_var( '_wpnonce', target.attr( 'href' ) ); 319 320 320 321 target.addClass('loading'); … … 323 324 action: 'activity_mark_' + type, 324 325 'cookie': bp_get_cookies(), 325 'id': parent_id 326 'id': parent_id, 327 nonce: nonce 326 328 }, 327 329 function(response) { … … 1490 1492 ); 1491 1493 1492 /* Marking private messages as read and unread */1493 jq('#mark_as_read, #mark_as_unread').click(function() {1494 var checkboxes_tosend = '',1495 checkboxes = jq('#message-threads tr td input[type="checkbox"]'),1496 currentClass, newClass, unreadCount, inboxCount, unreadCountDisplay, action,1497 inboxcount, thread_count;1498 1499 if ( 'mark_as_unread' === jq(this).attr('id') ) {1500 currentClass = 'read';1501 newClass = 'unread';1502 unreadCount = 1;1503 inboxCount = 0;1504 unreadCountDisplay = 'inline';1505 action = 'messages_markunread';1506 } else {1507 currentClass = 'unread';1508 newClass = 'read';1509 unreadCount = 0;1510 inboxCount = 1;1511 unreadCountDisplay = 'none';1512 action = 'messages_markread';1513 }1514 1515 checkboxes.each( function(i) {1516 if(jq(this).is(':checked')) {1517 if ( jq('#m-' + jq(this).attr('value')).hasClass(currentClass) ) {1518 checkboxes_tosend += jq(this).attr('value');1519 jq('#m-' + jq(this).attr('value')).removeClass(currentClass);1520 jq('#m-' + jq(this).attr('value')).addClass(newClass);1521 thread_count = jq('#m-' + jq(this).attr('value') + ' td span.unread-count').html();1522 1523 jq('#m-' + jq(this).attr('value') + ' td span.unread-count').html(unreadCount);1524 jq('#m-' + jq(this).attr('value') + ' td span.unread-count').css('display', unreadCountDisplay);1525 1526 inboxcount = jq('tr.unread').length;1527 1528 jq('#user-messages span').html( inboxcount );1529 1530 if ( i !== checkboxes.length - 1 ) {1531 checkboxes_tosend += ',';1532 }1533 }1534 }1535 });1536 jq.post( ajaxurl, {1537 action: action,1538 'thread_ids': checkboxes_tosend1539 });1540 return false;1541 });1542 1543 1494 /* Selecting unread and read messages in inbox */ 1544 1495 jq( 'body.messages #item-body div.messages' ).on( 'change', '#message-type-select', function() { … … 1566 1517 checkboxes[i].checked = checked_value; 1567 1518 }); 1568 });1569 1570 /* Bulk delete messages */1571 jq( 'body.messages #item-body div.messages' ).on( 'click', '.messages-options-nav a', function() {1572 if ( -1 === jq.inArray( this.id, Array( 'delete_sentbox_messages', 'delete_inbox_messages' ) ) ) {1573 return;1574 }1575 1576 checkboxes_tosend = '';1577 checkboxes = jq('#message-threads tr td input[type="checkbox"]');1578 1579 jq('#message').remove();1580 jq(this).addClass('loading');1581 1582 jq(checkboxes).each( function(i) {1583 if( jq(this).is(':checked') ) {1584 checkboxes_tosend += jq(this).attr('value') + ',';1585 }1586 });1587 1588 if ( '' === checkboxes_tosend ) {1589 jq(this).removeClass('loading');1590 return false;1591 }1592 1593 jq.post( ajaxurl, {1594 action: 'messages_delete',1595 'thread_ids': checkboxes_tosend1596 }, function(response) {1597 if ( response[0] + response[1] === '-1' ) {1598 jq('#message-threads').prepend( response.substr( 2, response.length ) );1599 } else {1600 jq('#message-threads').before( '<div id="message" class="updated"><p>' + response + '</p></div>' );1601 1602 jq(checkboxes).each( function(i) {1603 if( jq(this).is(':checked') ) {1604 // We need to uncheck because message is only hidden1605 // Otherwise, AJAX will be fired again with same data1606 jq(this).attr( 'checked', false );1607 jq(this).parent().parent().fadeOut(150);1608 }1609 });1610 }1611 1612 jq('#message').hide().slideDown(150);1613 jq('#delete_inbox_messages, #delete_sentbox_messages').removeClass('loading');1614 });1615 1616 return false;1617 1519 }); 1618 1520 … … 1744 1646 jq.post( ajaxurl, { 1745 1647 action: 'messages_close_notice', 1746 'notice_id': jq('.notice').attr('rel').substr( 2, jq('.notice').attr('rel').length ) 1648 'notice_id': jq('.notice').attr('rel').substr( 2, jq('.notice').attr('rel').length ), 1649 nonce: jq( '#close-notice-nonce' ).val() 1747 1650 }, 1748 1651 function(response) { … … 2151 2054 return encodeURIComponent( jq.param(bpCookies) ); 2152 2055 } 2056 2057 /** 2058 * Get a querystring parameter from a URL. 2059 * 2060 * @param {String} Query string parameter name. 2061 * @param {String} URL to parse. Defaults to current URL. 2062 */ 2063 function bp_get_query_var( param, url ) { 2064 var qs = {}; 2065 2066 // Use current URL if no URL passed. 2067 if ( typeof url === 'undefined' ) { 2068 url = location.search.substr(1).split('&'); 2069 } else { 2070 url = url.split('?')[1].split('&'); 2071 } 2072 2073 // Parse querystring into object props. 2074 // http://stackoverflow.com/a/21152762 2075 url.forEach(function(item) { 2076 qs[item.split("=")[0]] = item.split("=")[1] && decodeURIComponent( item.split("=")[1] ); 2077 }); 2078 2079 if ( qs.hasOwnProperty( param ) && qs[param] != null ) { 2080 return qs[param]; 2081 } else { 2082 return false; 2083 } 2084 }
Note: See TracChangeset
for help on using the changeset viewer.