Skip to:
Content

Changeset 11537


Ignore:
Timestamp:
04/27/2017 03:28:36 AM (14 months ago)
Author:
r-a-y
Message:

Messages: Fix redirection issue when attempting to view a valid private message thread.

Previously, attempting to go to a valid private message thread URL when
logged out would throw a 404.

This commit properly redirects non-authenticated users attempting to view
a private message thread to the login screen. If a user is authenticated,
but is attempting to view a private message thread without access rights,
we redirect the user back to their own "Messages" page with a notice.

See #7349.

Location:
trunk/src/bp-messages
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-messages/bp-messages-actions.php

    r11447 r11537  
    223223
    224224    if ( ! messages_is_valid_thread( $thread_id ) || ( ! messages_check_thread_access( $thread_id ) && ! bp_current_user_can( 'bp_moderate' ) ) ) {
    225         bp_core_redirect( trailingslashit( bp_displayed_user_domain() . bp_get_messages_slug() ) );
     225        return;
    226226    }
    227227
  • trunk/src/bp-messages/bp-messages-screens.php

    r11447 r11537  
    121121    $thread_id = (int) bp_action_variable( 0 );
    122122
    123     if ( empty( $thread_id ) || ! messages_is_valid_thread( $thread_id ) || ( ! messages_check_thread_access( $thread_id ) && ! bp_current_user_can( 'bp_moderate' ) ) ) {
     123    if ( empty( $thread_id ) || ! messages_is_valid_thread( $thread_id ) ) {
    124124        bp_core_redirect( trailingslashit( bp_displayed_user_domain() . bp_get_messages_slug() ) );
     125    }
     126
     127    // No access.
     128    if ( ! messages_check_thread_access( $thread_id ) && ! bp_current_user_can( 'bp_moderate' ) ) {
     129        // If not logged in, prompt for login.
     130        if ( ! is_user_logged_in() ) {
     131            bp_core_no_access();
     132            return;
     133
     134        // Redirect away.
     135        } else {
     136            bp_core_add_message( __( 'You do not have access to that message thread.', 'buddypress' ), 'error' );
     137            bp_core_redirect( trailingslashit( bp_loggedin_user_domain() . bp_get_messages_slug() ) );
     138        }
    125139    }
    126140
Note: See TracChangeset for help on using the changeset viewer.