Skip to:
Content

Changeset 11537


Ignore:
Timestamp:
04/27/17 03:28:36 (9 months ago)
Author:
r-a-y
Message:

Messages: Fix redirection issue when attempting to view a valid private message thread.

Previously, attempting to go to a valid private message thread URL when
logged out would throw a 404.

This commit properly redirects non-authenticated users attempting to view
a private message thread to the login screen. If a user is authenticated,
but is attempting to view a private message thread without access rights,
we redirect the user back to their own "Messages" page with a notice.

See #7349.

Location:
trunk/src/bp-messages
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-messages/bp-messages-actions.php

    r11447 r11537  
    223223 
    224224    if ( ! messages_is_valid_thread( $thread_id ) || ( ! messages_check_thread_access( $thread_id ) && ! bp_current_user_can( 'bp_moderate' ) ) ) { 
    225         bp_core_redirect( trailingslashit( bp_displayed_user_domain() . bp_get_messages_slug() ) ); 
     225        return; 
    226226    } 
    227227 
  • trunk/src/bp-messages/bp-messages-screens.php

    r11447 r11537  
    121121    $thread_id = (int) bp_action_variable( 0 ); 
    122122 
    123     if ( empty( $thread_id ) || ! messages_is_valid_thread( $thread_id ) || ( ! messages_check_thread_access( $thread_id ) && ! bp_current_user_can( 'bp_moderate' ) ) ) { 
     123    if ( empty( $thread_id ) || ! messages_is_valid_thread( $thread_id ) ) { 
    124124        bp_core_redirect( trailingslashit( bp_displayed_user_domain() . bp_get_messages_slug() ) ); 
     125    } 
     126 
     127    // No access. 
     128    if ( ! messages_check_thread_access( $thread_id ) && ! bp_current_user_can( 'bp_moderate' ) ) { 
     129        // If not logged in, prompt for login. 
     130        if ( ! is_user_logged_in() ) { 
     131            bp_core_no_access(); 
     132            return; 
     133 
     134        // Redirect away. 
     135        } else { 
     136            bp_core_add_message( __( 'You do not have access to that message thread.', 'buddypress' ), 'error' ); 
     137            bp_core_redirect( trailingslashit( bp_loggedin_user_domain() . bp_get_messages_slug() ) ); 
     138        } 
    125139    } 
    126140 
Note: See TracChangeset for help on using the changeset viewer.